Compare commits

...

2001 commits

Author SHA1 Message Date
Firepup650
519d9bc0f4 Fix small typo
authdd -> authd
2024-04-13 15:42:39 -05:00
Doug Freed
dd3355732b m_starttls: advertise tls cap only if SSL is possible 2024-03-12 04:39:52 -05:00
Aaron Jones
1ccc642277 doc/reference.conf: document the auth::umodes configuration option
Fixes: 4d8088c386 ("Allow auth{} to apply extra umodes")
2024-01-16 15:54:29 +00:00
Aaron Jones
a9505057c5 MODRESTART/MODRELOAD: Defer reloading more quickly
Commit 41390bfe5f fixed a bug whereby the processing
of a MODRESTART command could result in a crash. The approach
taken in this fix was to defer the reloading of all modules
so that the call stack does not contain functions located in
modules that are being reloaded. It did this by scheduling a
one-shot timer event for 1 second in the future, in the absense
of any better deferral mechanism at the time. Timers are
processed by the event loop, which is core to IRCd and cannot
be reloaded.

Commit 59ea3c6753 introduced a mechanism to defer the
execution of a function until all events have been processed by
the event loop, in order to fix a REHASH bug that could result
in a crash due to closing and reopening listener sockets with a
pending socket connection event to process after the REHASH was
completed.

Rework commit 41390bfe5f to use the new deferral
mechanism introduced by commit 59ea3c6753 and do the
same for module reloads.
2023-11-20 14:01:33 +00:00
Aaron Jones
eaf922d427 doc/reference.conf: document connect::flags sctp 2023-11-20 13:55:21 +00:00
Aaron Jones
4d12e65469 extensions/invite_notify: make the NOTICE optional, configurable
This adds a configuration option that determines whether the NOTICE is
sent to clients that do not support the IRCv3 invite-notify capability.

Requested by LiberaChat MGM.
2023-11-08 13:12:49 +00:00
Aaron Jones
642c73dddb ircd/listener: return a fatal TLS alert for early rejected TLS clients
This is in furtherance of commit 3fdf26aa19 which added
functionality to reply with a TLS record layer alert for D-Lined TLS
clients. It turns out that there are other plaintext error messages
in this same function that should receive the same treatment.

Also move another error string to a variable and use a compile-time
optimised-out strlen for it too, to use the same approach as an
existing error string.

Finally, use a different alert (internal_error) for the case where
IRCd is simply unable to accept more connections.
2023-11-07 23:52:41 +00:00
Doug Freed
c1b01bf5ec client: refactor del_all_accepts to allow skipping own accept list
This allows reusing this function for other uses that just need to
remove this client from others' accept lists on nick change and not have
duplicates of this code everywhere
2023-11-06 17:31:44 +00:00
Aaron Jones
fd241b5fc8 modules/m_oper.c: give a better error message for failure to find o:line
The snotice sent to other opers can be misleading. For example, it will say
host mismatch even if the host is correct but the username is wrong, or if
the oper name given does not exist in the configuration.
2023-11-06 14:47:16 +00:00
Aaron Jones
3b24363e91 modules/m_challenge.c: give a better error message for failure to find o:line
The snotice sent to other opers can be misleading. For example, it will say
host mismatch even if the host is correct but the username is wrong, or if
the oper name given does not exist in the configuration.
2023-11-06 14:47:16 +00:00
Aaron Jones
c790520218 modules/m_challenge.c: log correct mechanism
I suspect this is a copy/paste omission when duplicating the code from
modules/m_oper.c when it was created.
2023-11-06 14:47:16 +00:00
Eric Mertens
f718aed2ae Replace free with rb_free 2023-11-06 14:22:55 +00:00
Ed Kellett
59ea3c6753 Delay rehashing until we're not processing events
Fixes crash introduced by 0ab6dbbc65. It's
probably a regression since it defeats a system designed to stop this
from happening, but I didn't dig through the history.

rehash() closes listeners. If we happen to get a single epoll() result
that wants to first rehash and then accept a connection, the epoll info
will point to a freed rb_fde_t. Other selectors should have similar
problems, but we didn't investigate that.

rb_fde_ts are normally batched up and freed outside the event
processing, but as of the above commit close_listeners() screws that up
by closing pending FDs immediately in order to create new listeners.

I think it might be a bit better to revert this behaviour and simply not
close listeners if we are going to open new ones over them, but have
opted for the smallest reasonable change I can think of.

Helped-by: Eric Mertens <emertens@gmail.com>
2023-11-06 14:22:55 +00:00
Eric Mertens
460e793274
Replace RPL_WHOISTEXT(337) with RPL_WHOISSPECIAL(320) (#419)
Reasons:
* 337 conflicts with other IRCds use as RPL_ENDOFINVITELIST
* 320 is commonly used for extra human-readable information
2023-10-03 16:35:52 -07:00
Svetlana T
2a0f0393d2
document +M cmode (#417) 2023-08-29 09:12:01 -07:00
Mike Quin
1b4957f617 Terminate last line in setfilter help 2023-08-07 16:48:50 +01:00
Mike Quin
7a7aa92f8a Fix typo 2023-08-07 16:48:50 +01:00
Mike Quin
a4db1d4784 Correct order of chunking and encoding steps. 2023-08-07 16:48:50 +01:00
Mike Quin
21dbde201c Describe database loading. 2023-08-07 16:48:50 +01:00
Mike Quin
28bcd75330 Add documentation for extensions/filter 2023-08-07 16:48:50 +01:00
TheDaemoness
0ca18d072a extensions/extb_extgecos: Fix breakage
This commit returns $x's old behavior as long as the mask does not
contain a #, otherwise it uses the new behavior that supports
CIDR notation.

This fixes `$x:*badword*` not matching realnames containing "badword".
2023-07-04 05:00:51 -05:00
Stephen Bennett
309e1e624e Clarify messages when auspex users have hidden their own idle times
Co-authored-by: Doug Freed <dwfreed@mtu.edu>
2023-07-01 22:39:11 +01:00
jesopo
fa33bdd14d prioritise telling opers that a auspexed target is +I 2023-07-01 22:39:11 +01:00
jesopo
c5a067165c show opers a reasonable message when auspex allows them to see idle time 2023-07-01 22:39:11 +01:00
Valentin Lorentz
83f7888d72 Add ACCOUNTEXTBAN ISUPPORT token
To support the draft IRCv3 spec: https://github.com/ircv3/ircv3-specifications/pull/464
2023-07-01 19:24:32 +01:00
Doug Freed
cc95a6722e modules: quietly succeed at loading a module if already loaded
This allows explicitly loading a module in the config so it's available
for later config items that might need it, and skips the double load
when main loads all modules, which would cause errors
2023-07-01 19:23:56 +01:00
Doug Freed
7a2ccb077f modules: clear module list and mod paths in init
If main is called more than once (like in tests), everything is
reinitialized except the loaded module list and module paths, so clear
them too so that modules are loaded again and the path list is correct.
2023-07-01 19:23:56 +01:00
Jess Porter
c33da0d24e
support RSFNC indicating type of FNC (e.g. FORCE vs REGAIN) (#406) 2023-07-01 19:22:40 +01:00
Aaron Jones
5ca20c098a
extensions/extb_extgecos: support CIDR masks in $x extbans (#414)
This allows a channel operator to set a channel ban such as
"$x:*!*@192.0.2.0/24#*web.libera.chat*" and have it function
as intended.

Closes solanum-ircd/solanum#26
2023-07-01 19:16:27 +01:00
TheDaemoness
a6ad35e5d8
Add extban type for unidentified connections (#411)
* Add extension extb_guest

This module provides an extban type that acts as a normal ban but
only matches unidentified users.

* Document extban g in help/opers/extban

* extensions/extb_guest: support CIDR masks in $g extbans

This allows a channel operator to set a channel ban such as
"$g:*!*@192.0.2.0/24#*web.libera.chat*" and have it function
as intended.

---------

Co-authored-by: Aaron Jones <me@aaronmdjones.net>
2023-07-01 19:09:41 +01:00
David Schultz
d1c028f212
Warn opers about unresponsive servers 2023-06-13 09:13:42 -05:00
Tom Wesley
fe83a33526 Sort reps in CREDITS case insensitive alphabetically 2023-06-05 19:08:57 +01:00
Tom Wesley
2b0410bc2c Replace libera reps with amdj and spb 2023-06-03 18:48:08 +01:00
David Schultz
f5e8ad65c1 reference.conf: document hide_opers 2023-05-18 22:45:24 -05:00
David Schultz
1608b0e70e
m_shedding: user shedding module based on oftc-hybrid 2023-05-18 14:44:23 -05:00
David Schultz
a445c2ed63 doc/connecting-servers: update example atheme protocol module
Atheme has had a protocol module designed specifically for Solanum for some time now that includes proper support for new IRCd features.
2023-05-15 17:50:58 -05:00
jonesman
e593329945 Add "automake" and "libtool" to the list of packages required for building 2023-02-21 15:45:16 -05:00
Doug Freed
4a47689a35 chmode: convert bants to a proper serial
This way it increments for every change. It need not be a timestamp, as
its actual value is not important.

This fixes an issue where a ban could be set, hit, and cleared all in
the same second, and the affected client would still be cached as banned
because the bants hadn't actually changed.
2023-01-23 04:27:25 -06:00
Doug Freed
2a64b1e5b9
um_callerid: increase hook priority to restore +Rg behavior
Before splitting things out into hooks, umode +Rg would only notify the
recipient if the sender satisfied +R. This restores that behavior by
making the +g hook happen after +R.
2023-01-18 17:21:30 -05:00
Aaron Jones
e02cc991bb ircd/authproc.c: avoid crash on lack of any configured DNSBLs
Fixes fbc97166a6
Closes #396
2023-01-11 21:31:50 +00:00
Aaron Jones
7285e5febf help/opers/: add HELP entry for DEHELPER 2023-01-11 05:37:11 +00:00
Aaron Jones
fbc97166a6
authd: fix crash/restart breaking DNSBL lookups (#394)
authd child processes are only told about configured DNSBLs when the
configuration is being parsed.

This is bad, because when authd crashes or is killed, IRCd will restart
it, but will not tell it about any configured DNSBLs until IRCd is next
rehashed.

We already have a dictionary that stores configured DNSBLs (for hit
statistics for `STATS n'), so store the additional needed fields in
that structure, and loop over that dictionary's entries when authd is
restarted, sending the fields just as if the configuration were being
reloaded.

Reported-By: @Unit193
2023-01-11 01:28:32 +00:00
Tobias Geerinckx-Rice
32d37a1660 strip_colour: Strip '\x11' (monospace) and '\x1e' (strikethrough)
Also clarify the comment: this function strips more than just colours.
2023-01-03 05:08:29 -06:00
Jess Porter
8e3239be2e
send RPL_LOGGEDIN to target_p upon ENCAP SU (#308) 2022-12-23 16:27:30 +00:00
JailBird
6f4dfd9c78 Remove the unused COMPRESSED flag and stats handler
- Null "compress" handler left as-is in newconf.c
2022-12-22 16:23:00 -06:00
Stephen Bennett
f26681c735 Don't crash on receiving GRANT from a server 2022-11-22 03:33:35 -06:00
JailBird
ab9f279a1d ssld: Remove unused zlib_ok variable 2022-11-09 18:14:41 -06:00
JailBird
21cc31f4e5 SET SPANNUM: Fix incorrect > 0 check to be >= 0 2022-11-09 17:56:15 -06:00
Jess Porter
3a4efe9081
CHGHOST when only case changes (#384) 2022-11-09 23:33:07 +00:00
Aaron Jones
63ee10379c
timeout_dead_authd_clients(): fix memory leak and order of operations (#385)
Ensure we deallocate the nodes created by the first loop, and zero out
the authd data after removing them from the authd clients dict.

The authd_abort_client() function already does the latter, so just call
that instead of authd_free_client().
2022-11-06 08:14:15 +00:00
Stephen Bennett
ed775e9bb4
Make auto-accept on message conditional on oper:always_message, not oper:general. This updates the test to match current behaviour of +g 2022-11-03 14:43:59 +00:00
Tobias Geerinckx-Rice
d03347cbb6 Note that messages caught in +g/+G are discarded 2022-10-26 14:08:07 -04:00
Doug Freed
7cd188a91f ircd.conf.example: reference.conf: fix invalid line wrapping 2022-10-26 12:45:49 -04:00
Aaron Jones
1548c14021
extensions/umode_hide_idle_time: mask times for hidden sources (#373)
If the user performing a WHOIS has hidden their idle time (is umode +I),
also prevent them from seeing other user's idle times, even if said users
are not themselves umode +I.

Suggested-by: @Unit193
2022-10-21 08:01:41 +00:00
Doug Freed
33822550e5 librb/helper: pass our fd limit to the child
Instead of arbitrarily limiting it to 256.  This avoids an issue with 
busy authds "running out" of fds because librb says no more.
2022-10-21 03:04:09 -04:00
Unit 193
f085388a74 Unify helper snotes and make netwide. 2022-10-21 03:00:22 -04:00
Ed Kellett
06c5309534 m_sasl: Remove implicit abort on registration
This doesn't make sense in a world where post-registration SASL is
allowed, and should fix one case of an annoying login desync that's seen
in the real world.

Specifically, when a client sends its final AUTHENTICATE and Atheme
receives it, it sends an SVSLOGIN for that client. If the client sends
us its CAP END *before* we see the SVSLOGIN, the implicit abort will try
to abort the SASL session that's already succeeded.

Atheme interprets this as an instruction to forget about the successful
SASL session; you'll connect unidentified. But it's already sent
SVSLOGIN, which will log the client in ircd-side, causing ircd and
services views to differ until the user authenticates again manually.

I think allowing a SASL session to be aborted when it has already
succeeded is an Atheme bug, and it can still be triggered without this
change. But our behaviour here seems silly anyway.
2022-10-06 17:06:28 -04:00
Jess Porter
687f290a6c
make some authd warnings L_NETWIDE 2022-10-03 20:00:21 +01:00
Doug Freed
cd219040a7
help/cmode: correct chm_regmsg help 2022-10-02 19:34:42 -04:00
David Schultz
0ea108fcee chm_regmsg: fix typo in description 2022-10-02 19:00:16 -04:00
David Schultz
6a0074bfaa add help for chm_regmsg 2022-10-02 19:00:16 -04:00
Stephen Bennett
8d67f0605c Make +R play nicely with +z 2022-10-01 17:04:25 -04:00
hello-smile6
5206a066f2
Add semicolon to fix a compile error in librb/src/arc4random.c 2022-09-30 18:27:26 +01:00
Jess Porter
00ba30c175
Add oper:free_target (#374)
Co-authored-by: Ed Kellett <e@kellett.im>
2022-09-26 19:50:11 +01:00
vulpine
1f8c7ce5ca remove old reference to the unsupported directory
the unsupported directory was removed by charybdis a while ago
2022-09-26 00:47:33 -04:00
David Schultz
01fb744c40
Add umode +I to allow users to hide their idle time (#220) 2022-08-30 16:49:43 -04:00
jailbird777
1e7fd14296 Remove missed Winsock2 check 2022-08-26 18:58:49 -04:00
jailbird777
3c586ccf3e
Remove ancient portability code (#361)
Remove portability code for systems that don't follow at least SUSv3.
This fairly closely aligns with ISO C99, which solanum already requires.
2022-08-24 20:53:52 -04:00
jailbird777
8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
Doug Freed
689afc7c51 m_stats: z: remove unnecessary casting and fix format strings 2022-08-24 20:31:08 -04:00
Doug Freed
7c5b4dbba7 m_stats: z: restore total memory display 2022-08-24 20:31:08 -04:00
Aaron Jones
ae510cce12 librb/src/crypt.c: rb_sha*_crypt_r: avoid UB pointer math
This code is doing (foo - (char*)0) to convert foo from a pointer
value into a numeric value. Unfortunately, this is undefined
behaviour, which clang-14 is now warning about [1].

Cast to uintptr_t instead. Same result, but well-defined.

[1] cf. commit 0302f1532b
2022-08-24 20:03:22 -04:00
Doug Freed
0302f1532b CI: Modernize 2022-08-24 19:38:32 -04:00
jailbird777
c8025927ae Fix assert = hard assignments
The spaces surrounding the = is bad syntax, which causes the shell to try to
execute 'assert'.

Granted, all of this is just cosmetic, as the only use of $assert seems to be
in the echo at the end of the configure run.
2022-08-24 18:15:43 -04:00
jailbird777
1b64bfa05e Fix SCTP support on FreeBSD & NetBSD
Unlike Linux, Solaris, and Illumos (and probably others), the 2 BSDs that still
support SCTP didn't put SCTP into its own library, they put it into libc.

They, unlike Linux, don't set SOL_SCTP for us. The official method appears to
be calling getprotobyname("sctp") & endprotoent(), with getprotobyname()
returning a struct that has a p_proto entry. This all reads from
/etc/protocols. However, SCTP is assigned 132 by IANA, so it's 132 everywhere,
so I just set SOL_SCTP to 132 if it's not already set.
2022-08-24 18:02:12 -04:00
Doug Freed
b951e21b5d um_regonlymsg: prevent unregistered users from NOTICEing +R users too 2022-08-24 17:16:39 -04:00
Jess Porter
fdd8cad93f
EBMASK capab, to burst BMASK metadata (#354) 2022-08-20 01:35:54 +01:00
Jess Porter
a5192806a9
send "End of burst" snote to L_NETWIDE (#356) 2022-08-19 03:17:05 +01:00
Doug Freed
860187d028 chm_regmsg: don't duplicate nick in 415
sendto_one_numeric already includes the nick, so there's no need to 
duplicate it. OFTC does not.
2022-07-11 23:35:25 -04:00
Aaron Jones
a6b99c07d1
serv_connect(): ensure both sa_bind[]/sa_connect[] are always populated (#352)
Due to [1], linking with SCTP sometimes does not multi-home correctly.
This is triggered by the rand() on the lines immediately above these.

The connect{} blocks already support an `aftype` parameter to instruct
IRCd to prefer IPv4 or IPv6. This commit additionally ensures that the
other structure is always populated with the other address (if any) if
this parameter is specified.

This will allow SCTP server-linking users to work around the bug and
ensure that it always multi-homes by setting `connect::aftype` to IPv4.
Without this commit, that would cause Solanum to not include the IPv6
addresses (if any) in the connect block in its SCTP setup.

If there isn't a valid IP address in the other sockaddr, this should be
of no consequence, because it will not be used by rb_connect_tcp(), and
both rb_connect_sctp() and rb_sctp_bindx_only() already verify that
there is a valid IP address in the sockaddr before making use of it.

[1] https://marc.info/?l=linux-sctp&m=165684809726472&w=2
2022-07-05 06:01:26 +00:00
Matthew Martin
5c01fc8bd7 Cast time_t to long long when printing 2022-07-01 03:43:36 -04:00
Jess Porter
12cee8ab78
global masktrace doesn't need to be an operspy action 2022-07-01 00:07:02 +01:00
Jess Porter
9d2e66c08d
ERROR instead of NOTICE for failed WEBIRC 2022-07-01 00:02:53 +01:00
Jess Porter
5a3e99829a
refuse opers setting an invalidly long k-line reason 2022-06-30 23:59:17 +01:00
Aaron Jones
3fdf26aa19 ircd/listener: return a TLS record layer alert to D-Lined TLS clients 2022-06-30 18:55:41 -04:00
Matthew Martin
c0d93064a6 chmode: Use original string when removing a mask 2022-06-30 21:00:46 +01:00
JailBird
62f6351d90 Illumos fixes
- getexecname(3) returns const char *
- pid_t is long
2022-06-29 20:28:11 -04:00
Matthew Martin
57aa79acb8 Normalize snprintf size to use sizeof where possible 2022-06-24 01:42:08 -04:00
Matthew Martin
e239ac8785 chmode: Fix snprintf size 2022-06-24 01:42:08 -04:00
Doug Freed
fae8f2517c valid_temp_time: more simplification and test fixes 2022-06-20 16:35:03 +01:00
Ed Kellett
4f46809305 valid_temp_time: simplify/correct overflow check
the logic for trying to detect the maximum value of time_t was broken;
since we target a lower maximum time anyway, just use that for the
overflow check
2022-06-20 16:35:03 +01:00
Jess Porter
8e239de831
don't truncate operspy WHO 2022-06-10 18:15:56 +01:00
jailbird777
e73eade529
Remove stray semicolons (#339) 2022-06-10 18:07:25 +01:00
Bernhard M. Wiedemann
2681c7d2e4 Normalize generation for reproducible builds
While working on reproducible builds for openSUSE, I found that
our package varied even when building in clean VMs
with as little non-determinism as possible.
This was because of

+++ solanum-0~ch560/ircd/version.c.last
@@ -25,7 +25,7 @@
 #include "serno.h"
 #include "stdinc.h"

-const char *generation = "6";
+const char *generation = "5";
 const char *creation = "1653004800";
 const char *ircd_version = PATCHLEVEL;
 const char *serno = SERNO;
2022-05-29 10:16:00 +01:00
Eric Mertens
48a06ae3d7
Add description parameter to auth blocks (#327) 2022-04-14 14:39:45 -07:00
Eric Mertens
b2fa28dd95
Apply cmode C to replies (#328) 2022-04-14 13:14:12 -07:00
Ed Kellett
ba95896969 Make valid_temp_time overflow-resistant 2022-04-13 01:09:27 +01:00
Ed Kellett
1fcdacb424 Test some edge cases of valid_temp_time 2022-04-13 01:09:27 +01:00
Stephen Bennett
2f596395fa
Make opers talking through +g controllable by user mode +M (#275)
Times out after 30 minutes, and adds oper:always_message privilege for
bots and services to always talk through +g
2022-04-12 17:54:58 -04:00
Jess Porter
099d470763
show IPs in remote /stats i (#312)
Co-authored-by: Eric Mertens <emertens@galois.com>
2022-04-08 10:06:43 -07:00
Aaron Jones
80d71456cf
authd/providers/opm.c: include <netinet/tcp.h> (#318)
This header defines the TCP_NODELAY flag, which this compilation
unit uses.

Other C libraries implicitly include this header from some other
header we are using (I have not investigated which), but musl's
system headers do not, which breaks building on musl.

Reported-by: 0x5c <dev@0x5c.io>
2022-04-08 09:47:18 -07:00
David Schultz
9dd98618d0
whowas.c: store account name in whowas (#323)
Co-authored-by: Eric Mertens <emertens@galois.com>
2022-04-01 14:58:43 -07:00
Ed Kellett
c2fdb023a9 Remove the subset ban restriction
I think this was always pretty questionable. You can set redundant bans
in various ways anyway, and preventing all of them would only make the
situation worse, as wide temporary bans would destroy narrow permanent
ones, for example.
2022-04-01 22:49:54 +01:00
Ed Kellett
492d560ee1 valid_temp_time: style fixes 2022-03-06 22:51:19 +00:00
Ed Kellett
2644dcd166 Add tests for valid_temp_time 2022-03-06 22:51:19 +00:00
Ed Kellett
7a246575e5 remove some header dependencies on client.h 2022-03-06 22:51:19 +00:00
David Schultz
93035e75d9 Support more human friendly k/d/x-line duration format 2022-03-06 22:51:19 +00:00
Eric Mertens
22ebfd257e Fix comment in example configuration 2022-02-03 09:23:42 -08:00
Valentin Lorentz
18ac52f017 Remove ambiguity in descriptions +u
The old descriptions might be interpreted as meaning that +u enables
server-side filtering.
2022-01-31 00:02:07 +00:00
Jess Porter
042218080e
don't subject remote users to chm_nonotice 2022-01-16 18:06:53 +00:00
Ed Kellett
5a1b54fddc channel: always send chm_hidden modes to servers 2021-12-04 20:27:59 +00:00
Aaron Jones
284649441f
ircd/packet.c: make function definition consistent with declaration (#301)
This function has a static forward-declaration, and is not used outside
this compilation unit. However, the definition was non-static. Fix this.
2021-11-30 11:50:30 -08:00
jess
bd38559fed
better standardised SNO_FULL. always show host AND ip 2021-11-14 17:59:58 +00:00
Ed Kellett
19f0ae8429
check_one_kline: fix kline_spoof_ip handling 2021-11-07 23:30:22 +00:00
Eric Mertens
85d5888f69
Fix link to doc/readme.txt 2021-11-02 08:52:41 -07:00
Valerie Pond
08b7b6bd7e just a stray colon where it wasn't meant to have :) 2021-10-26 20:32:15 -05:00
Ed Kellett
b5bf350512 m_list: fail on invalid parameters
Loose port of 6ea60b2297948211925e22bd1f284179d680b4ae. I've chosen to
reduce indentation where it's convenient, and I'm allowing >-[0-9] as a
way of specifying a minimum of 0 because... I don't know, it just seems
neater to me.
2021-10-20 11:35:53 +01:00
Ed Kellett
e7f0aea682 m_list: Treat valid names with wildcards as masks
* and ? are valid characters for channel names on IRC, and ELIST M gives
no way to distinguish between `LIST #foo-*` that's meant to search for
channels beginning `#foo-` and `LIST #foo-*` that's meant to list one
channel named literally `#foo-*`.

In order to deal with this, we will always assume a name with wildcards
is a mask. If it's also a channel name, that will be listed first.
2021-10-19 23:33:48 +01:00
Ed Kellett
cbb9d48fa2 Add mask modifiers to LIST help 2021-10-19 23:33:48 +01:00
Ed Kellett
1788e55713 Support *mask* and !*mask* in LIST 2021-10-19 23:33:48 +01:00
Doug Freed
08e57732b6
CREDITS: add mcintosh 2021-10-18 19:33:18 -04:00
Ed Kellett
31db8f0094
m_names: use ITER_COMM_CHANNELS 2021-10-17 17:36:53 +01:00
Ed Kellett
54f05581ab
helpops: show opernames to opers 2021-10-17 01:56:49 +01:00
jess
430833dca2
"KLINE active for ..." -> "Disconnecting K-Lined user ..." 2021-10-09 23:44:36 +01:00
jess
78825899cd
explicitly show IP in SNO_BANNED snotes 2021-10-09 22:45:22 +01:00
Seth Arnold
e7ab04fc74 add sqlite3 to build instructions
Quite often people new to Solanum run into trouble in the configure step: the error message if they are lacking either the pkg-config or libsqlite3 packages are identical and discovering the pkg-config dependency is not trivial:

checking for SQLITE... no
configure: error: sqlite3 is required

I can't promise this apt install line is complete, but I know that I've suggested the pkg-config and libsqlite3-dev packages many times in the #solanum channel and they've been very helpful.
2021-10-09 15:09:12 +01:00
David Schultz
c57762ed50 doc/features/extban.txt: document $j, $x, and $z 2021-10-02 17:20:38 +01:00
Eric Mertens
1d107bae93 Add 3 more of the delegates to CREDITS 2021-09-24 19:21:02 -07:00
Ryan Schmidt
cb317c5e4a
Send RPL_ENDOFTRACE on local /etrace 2021-09-23 20:49:30 +01:00
Ed Kellett
7b4a1198c5 extb_canjoin: Ignore exemptions 2021-09-22 15:28:36 +01:00
David Schultz
202674a822
fix typo in sasl_only_client_message (#279) 2021-09-15 11:57:48 -07:00
Eric Mertens
981a94c3c9
chm_regmsg: actually check channel mode (#271) 2021-08-23 19:52:18 -07:00
Eric Mertens
2ef034d111
Avoid show_iline_prefix showing leftovers (#266) 2021-08-21 08:54:16 -07:00
Aaron Jones
e9e4192e10
Remove sno_whois from reference.conf (#270)
This was missed in commit 26c3681f7c
2021-08-21 11:33:48 +00:00
jesopo
a8457d98e5
switch sasl_usercloak.c to use SNO_BANNED 2021-08-20 18:38:05 +01:00
Eric Mertens
82436efb60
hook_fn casts were hiding UB (#265) 2021-08-19 20:09:40 -07:00
Ed Kellett
b6b40dda24 Make new_local_user hooks handle dead clients 2021-08-19 20:58:36 +01:00
Eric Mertens
e83449d5be
Stop announcing SASL cap changes on services split/join (#263) 2021-08-15 16:25:46 -07:00
jesopo
540c3a8a05
ERR_USERONCHANNEL when following a forward is missing a param 2021-08-15 05:15:27 +01:00
Aaron Jones
95898abbb1
ircd/newconf: ignore invalid connect block passwords (#261)
Also, ignore a connect block that requests certfp authentication
without setting the ssl flag, as it will then go on to fail anyway.

Finally, correct an erroneous error message about class blocks.
2021-08-14 23:14:39 +00:00
owen
f6b73103d6
add SNO_FARCONNECT to the help text (#260)
* add SNO_FARCONNECT to the helptext
2021-08-14 11:15:39 +00:00
jesopo
be52c4c062
add SNO_BANNED, snote for it on client k/x-line rejection (#242)
* add SNO_BANNED, snote for it on client k/x-line rejection

* add snomask help file line for SNO_BANNED
2021-08-11 17:08:31 +01:00
jesopo
0fd3040caf add show_iline_prefix for IsNeedSasl 2021-08-04 11:33:04 -04:00
Valentin Lorentz
667c106118 Rename doc/index.txt to doc/readme.txt and mention reference.conf
The new name will make it appear in GitHub's web view.
2021-07-31 00:48:23 -04:00
Valentin Lorentz
6e2baa6661 reference.conf: Document the common syntax for flags
It was only documented as an example in the auth {} block,
not for other blocks.
2021-07-31 00:45:04 -04:00
Val Lorentz
d7964d4585
reference.conf: Make it clearer connect {} blocks are reciprocal 2021-07-31 00:41:46 -04:00
jailbird777
3175172d52 The rb_heap_block struct doesn't appear to be used anywhere 2021-07-31 00:09:08 -04:00
Ariadne Conill
40ae4dee6c tests: chase listener refactor changes 2021-07-31 00:05:59 -04:00
Ariadne Conill
9a7b4a4521 librb: appease libtool by adding rb_close_pending_fds() to the export list 2021-07-31 00:05:59 -04:00
Ariadne Conill
e2ade30437 listener: refactor to use rb_dlink like the other lists in ircd 2021-07-31 00:05:59 -04:00
Ariadne Conill
0ab6dbbc65 listener: use rb_close_pending_fds() in close_listeners() 2021-07-31 00:05:59 -04:00
Ariadne Conill
ad2421c74e librb: make free_fds() public as rb_close_pending_fds() 2021-07-31 00:05:59 -04:00
jailbird777
8f0c3422e7 Remove Windows support 2021-07-30 14:17:47 -04:00
Melissa Draper
e4a62bbc85 Create configurations for user-facing messages within registration (#238) 2021-07-29 21:44:23 -04:00
Melissa Draper
05bc814d83 Create configurable client rejection message for SASL only (#236) 2021-07-29 21:44:23 -04:00
Melissa Draper
875fed0168
Update NUMERIC_STR_435 to be more human-readable and mention quiets 2021-07-29 21:40:16 -04:00
Aaron Jones
1854aa25a7
modules/core/m_message.c: align comments about idle time (#252) 2021-07-18 20:56:24 -07:00
Doug Freed
52f1947f56
m_services: delete nick delay on RSFNC 2021-07-16 12:24:33 -04:00
Ed Kellett
883ac66b20 kick,remove: don't confuse source and target membership 2021-07-13 23:50:03 +01:00
Ed Kellett
b9a7173ab5 chmode: stop processing when too many modes 2021-07-13 23:43:28 +01:00
Ed Kellett
c7496b6fb7 m_dline: make the private reason private 2021-07-13 23:38:59 +01:00
David Schultz
1c78029cd4 reference.conf: add drain_reason 2021-07-11 22:54:16 +00:00
Ed Kellett
c5d7c5ed44 um_regonlymsg: copy auto-accept logic from +g 2021-07-10 21:27:13 +01:00
jesopo
d24434edb7 add override /invite 2021-07-06 22:52:53 +01:00
Valentin Lorentz
0c43af77fc reference.conf: Fix inconsistent use of tabulations and spaces 2021-07-06 19:08:21 +01:00
Valentin Lorentz
5c914e40fa Add a tutorial for connecting servers and services. 2021-07-06 17:07:39 +01:00
jailbird777
e370888264 (Mostly) exorcise select()
Sadly, this just sends it to purgatory. It's still around for the
socketpair() emulation and the nanosleep() emulation.

socketpair() obviously only selects() on 2 FDs, so not a huge deal.
nanosleep() only uses it for the timeout, so also not a huge deal.

socketpair() is SUSv3 (2001) and nanosleep() is SUSv2 (1997), so maybe
it's OK to remove those emulations.  If so, then we can also remove the
sys/select.h check in configure.ac
2021-06-26 17:56:40 +01:00
Ariadne Conill
81531536aa
Remove ziplinks (#218) 2021-06-26 17:45:52 +01:00
David Schultz
ef7a99cdb0
Add solanum.chat/oper capablity (#217) 2021-06-26 16:30:30 +01:00
jailbird777
365feb397b Remove unneeded ugly hack for 32-bit Solaris
- The official Sun/Oracle solution is to use the extendedFILE(5)
  mechanism, which works around the limitation.
  https://docs.oracle.com/cd/E18752_01/html/816-5175/extendedfile-5.html
- Add a quick HOWTO to the README.md
2021-06-26 16:22:08 +01:00
bakerst-221b
2f42f7c045
remove trailing space from umode help file (#222)
currently, this breaks rendering in at least one client
2021-06-24 17:32:19 -07:00
Ed Kellett
ad0bbd9b3d um_callerid: Only people can have common channels 2021-06-24 18:30:59 +01:00
Doug Freed
4da55c14c0 CREDITS: update 2021-06-14 14:42:41 -05:00
Doug Freed
fcd7f2da0a
README: updated notes about portability
Co-authored-by: Ed Kellett <e@kellett.im>
2021-06-14 14:22:17 -04:00
Ed Kellett
f1d265d177 m_userhost: hide user's own IP if iline spoofed 2021-06-13 18:26:49 +01:00
Ed Kellett
d5e424bcff msgbuf: use only relevant caps for the cache key 2021-06-13 00:47:01 +01:00
David Schultz
e62ec6f17c
Show account name in cliconn snotes when SASL is used (#135)
Show account name in cliconn snotes when SASL is used
2021-06-12 11:30:50 -07:00
Mike Quin
bb10433ec5
Port m_invex_regonly from ircd-seven (#178)
Port m_invex_regonly from ircd-seven

This module allows +I to be used to bypass +r (registered only) as
well as +i (invite only).

Co-authored-by: Doug Freed <dwfreed@mtu.edu>
Co-authored-by: Ed Kellett <e@kellett.im>
2021-06-12 11:22:42 -07:00
Eric Mertens
4d8088c386
Allow auth{} to apply extra umodes (#202)
Allow auth{} to apply extra umodes

Co-authored-by: Doug Freed <dwfreed@mtu.edu>
Co-authored-by: Ed Kellett <e@kellett.im>
2021-06-12 11:04:33 -07:00
Doug Freed
29a0def020 GH Actions: Fix Oper Guide CI 2021-06-12 12:33:44 -05:00
Ed Kellett
e79f901d68 Add ^ marker to stats l,L 2021-06-10 00:58:33 +01:00
Ed Kellett
20066eae1f Manage IsDynSpoof when effecting a (post-reg) SIGNON 2021-06-08 23:17:18 +01:00
Ed Kellett
848f1a289b matchset_for_client: fix off-by-one error 2021-06-08 22:16:41 +01:00
Ed Kellett
16a2d0c9d3 Use MayHavePrivilege for oper:message 2021-06-08 22:13:10 +01:00
Ed Kellett
396edc6fbd authd: substitute * if rewritten user is empty
We remove characters like ^ and ~ from the ident string after checking
if it's valid. If it consisted entirely of those, we'd try to send an
empty string to ircd, which would break the protocol, so don't let that
happen.
2021-06-08 22:09:47 +01:00
Ed Kellett
888d20da6d msgbuf_cache_get: Don't create cycle when evicting 2021-06-08 22:00:26 +01:00
Ed Kellett
73d8a5aa23 Don't free propagated bans on dereference 2021-06-08 21:57:43 +01:00
Ed Kellett
ce376a21cc Keep propagated bans in a dictionary, not a list 2021-06-08 21:57:43 +01:00
Aaron Jones
8b7110d6ba modules/m_sasl.c: use IsSecure() instead of IsSSL()
Further to our implementation of the concept of "secure origins", we can
indicate to services that the client is connected securely, rather than
just that the client is using TLS. For example, connections from the
local host (from the IRCd's perspective) can be considered secure
against eavesdropping.

Allow this to factor into services' decision on whether to allow an SASL
negotiation or not. Atheme currently assumes this means the client is
using TLS, but I have changed that in atheme/atheme@412d50103c
2021-06-08 04:59:43 +00:00
Ed Kellett
ea51635c01 m_whois: show services even if they lack opernames 2021-06-05 20:21:45 +01:00
Ed Kellett
b5f46fda92 Delete RPL_WHOISSPECIAL 2021-06-05 20:21:45 +01:00
Ed Kellett
96f6804b24 m_whois: put opername/privset in RPL_WHOISOPERATOR
Show just the opername if you're an oper the target is not hidden from
and you don't have oper:privs.

close #100
2021-06-05 20:21:45 +01:00
Ed Kellett
eeaea74616 Allow privset-less OPER bursting 2021-06-05 19:42:18 +01:00
Ed Kellett
53b209c748 m_oper: receive ircd-seven-style opernames 2021-06-05 19:42:18 +01:00
megubyte
cad61c9d1a
m_invite: send message tags (#173) 2021-06-05 15:57:03 +01:00
Aaron Jones
68f3678b46 GitHub CI: Ignore more text file updates 2021-06-03 01:45:12 +00:00
NetSysFire
2a8338475c Improve README.md
Some minor changes, mostly more consistent use of monospace, more convenient links to mentioned files, consistent captialization of Solanum.
2021-06-03 01:19:29 +00:00
jailbird777
b29800911a librb mbedTLS: der_pubkey is used out of scope 2021-06-02 18:38:22 +00:00
Ariadne Conill
3fc0499e77
Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
Doug Freed
6adc24e5b1 CREDITS: update IRC channel for network move 2021-05-31 00:41:20 +00:00
mniip
79a38ce96d Fix time.h in librb autoconf 2021-05-30 16:13:38 -05:00
Ariadne Conill
8dbfb0203e librb: radixtree: fix iteration restarting
STATE_CUR(state) = NULL causes rb_radixtree_foreach_next() to fail,
instead set both state pointers to the same address.
2021-05-30 10:39:34 -05:00
Mike Quin
f47785bca2
Use plain language in +r/+R error messages (#169) 2021-05-29 00:41:25 +01:00
Doug Freed
2450895399
README: change IRC network (#172) 2021-05-27 21:01:24 +01:00
Sadie Powell
cb2af23193
Remove the CLIENTVER 005 token. (#161)
This was introduced in commit bde6442c47 but the rationale for it is
pretty shaky. No other non-Charybdis-derived servers send it and the
features the original commit claims it can be used to detect all have
their own methods of detection. The concept of "core capabilities" and
versioned releases was also dropped by IRCv3 many years ago in favour
of living specifications.
2021-05-25 11:08:59 +01:00
Mike Quin
a07fd84069 Document +u in umode and cmode help 2021-05-22 21:12:04 -05:00
Ed Kellett
3ff5a12e75
Allow temporary K-lines to extend shorter ones (#142)
* Temp K-lines may extend shorter temp K-lines

* /unkline removes multiple matching K-lines

* K-lines remove any temp K-lines they're replacing
2021-04-27 14:45:04 +01:00
Ed Kellett
788e1a98f0 Remove $x's magical powers 2021-04-26 17:51:55 +01:00
Ed Kellett
dfeba65563 Add channel::ip_bans_through_vhost 2021-04-26 17:51:55 +01:00
Ed Kellett
d58de35b83 Remove redundant param to update_session_deadline 2021-04-26 17:45:49 +01:00
Ed Kellett
0abb79b706 Manage override sessions properly 2021-04-26 17:45:49 +01:00
jess
64d5cff464
add separate priv (oper:message) for walking over CALLERID (umode +g) (#152) 2021-04-26 16:24:36 +00:00
Ed Kellett
4cac091255
Add an s2s cap for ECHO (#141) 2021-04-20 12:22:50 +01:00
Ed Kellett
e6e26343c3
Reword ERR_ALREADYREGISTERED (#145) 2021-04-17 18:48:53 +00:00
Ed Kellett
92fa29ce37
channel: flood warnings for privmsg, not notice (#147) 2021-04-17 18:43:59 +00:00
David Schultz
f8838806ef
make VERSION not include sid (#118) 2021-04-10 15:19:27 +01:00
jesopo
5a261597e4 send account-notify messages to subject connection too 2021-04-10 15:15:39 +01:00
jesopo
72b1dbd4bf "KDX-Line active for" is now L_NETWIDE, so remove sno_globalkline 2021-04-10 15:12:40 +01:00
jesopo
36828ff720 switch "KDX-Line active for" snote to L_NETWIDE and include which mask
caused it
2021-04-10 15:12:40 +01:00
Ed Kellett
f89a8deb3e
Make show_ip not care about remoteness (#139) 2021-04-09 20:01:11 +00:00
Eric Mertens
a03871c657
A missing colon to RPL_MAP recently split (#131) 2021-03-16 17:51:42 -07:00
Ed Kellett
df4fead0f2 privilegeset_add_privs: append rather than replace 2021-03-01 15:45:03 +00:00
Ed Kellett
181410f218 Make privilegeset_privs more const 2021-03-01 15:45:03 +00:00
Ed Kellett
9962f62577 privilegeset_diff: return things in a struct 2021-03-01 15:45:03 +00:00
Ed Kellett
8b8320596c privilege: factor out a null check 2021-03-01 15:45:03 +00:00
Ed Kellett
02690ad5b2 Use bsearch to check privset membership
I don't really care if it's faster, I just prefer it
2021-03-01 15:45:03 +00:00
Ed Kellett
ae54b3a735 Add tests for privsets 2021-03-01 15:45:03 +00:00
Ed Kellett
8aadf0ce46 Track and inform modules of privset changes 2021-03-01 15:45:03 +00:00
Aaron Jones
2e8a889fc9 doc/reference.conf: add an example TLSv1.3 ciphersuite name
[ci skip]
2021-02-07 11:52:58 +00:00
Aaron Jones
a90f22c92d OpenSSL: Support configuration of TLSv1.3 ciphersuites
The OpenSSL developers decided, during the OpenSSL 1.1.1 development
phase, to use a different API and different set of lists for TLSv1.3
ciphersuites, than for every TLS version preceeding it.

This is stupid, but we have to work with it.

This commit also improves configuration fault resilience. The reason
is that if you don't pass any valid old-style ciphersuites, OpenSSL
will not negotiate an older protocol at all. However, when they
implemented the new API, they decided that lack of any valid
ciphersuites should result in using the defaults. This means that if
you pass a completely invalid ciphersuite list (like "foo"), OR if
you pass a TLSv1.2-only ciphersuite list, TLSv1.3 continues to work.
This is not mirrored; passing a TLSv1.3-only ciphersuite list will
break TLSv1.2 and below.

Therefore we work around this lack of mirroring by falling back to
the default list for each protocol. This means that if
ssl_cipher_list is complete garbage, the default will be used, and
TLS setup will succeed for both protocols. This is logged, so that
administrators can fix their configuration.

I prefer this approach over explicitly disabling the protocols if
their respective ciphersuite lists are invalid, because it will
result in unusable TLSv1.3 if people run newer solanum with their
older charybdis/solanum configuration files that contain custom
ssl_cipher_list definitions. Hindering TLSv1.3 adoption is not an
option, in my opinion.

The downside of this is that it is no longer possible to disable a
protocol family by not including any of its ciphersuites. This could
be remedied by an ssl_protocol_list configuration directive if it is
decided that this functionality is ultimately necessary.

This work is not required for either of the other TLS backends,
because neither of those libraries yet support TLSv1.3, and in the
event that they eventually do, I expect them to allow configuration
of newer ciphersuites with the existing APIs. This can be revisited
if it turns out not to be the case.

Signed-off-by: Aaron Jones <me@aaronmdjones.net>
Tested-by: Aaron Jones <me@aaronmdjones.net>
2021-02-07 11:52:58 +00:00
Taavi Väänänen
4863b35d1d
doc: Change missed chadybdis name to solanum (#111)
Looks like this was missed in a6f63a8.
2021-01-28 14:14:40 +00:00
Taavi Väänänen
d04ed5c53f
wallops: require new oper:wallops right (#110)
Split oper:wallops right from oper:mass_notice. Update documentation and
examples to grant oper:wallops everywhere oper:mass_notice was granted.

closes #103
2021-01-28 14:09:31 +00:00
Ed Kellett
2e79cebb9e
chmode: centralise + test mode limits (#94) 2021-01-26 11:22:39 +00:00
Doug Freed
12fd6e80c5 wsproc: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
6865484458 sslproc: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
71325a9801 librb/helper: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
1cad0654b7 librb: call rb_set_cloexec in rb_setup_fd 2021-01-26 00:03:48 -05:00
Doug Freed
34a2afbc28 librb: add rb_{set,clear}_cloexec 2021-01-26 00:03:48 -05:00
Doug Freed
4ce7aa6f70 CI: test on gcc-10 too 2021-01-25 23:59:59 -05:00
jess
fdd4857c1d
/accept list should track nick changes when you share channels (#96)
* move has_common_channel to s_user.c

* don't remove clients from /accept on NICK when there's a common channel

Co-authored-by: Ed Kellett <e@kellett.im>
2021-01-24 21:00:34 -08:00
Eric Mertens
0ba1da5910
Add +R channel mode module requiring services account to chat (#102)
* Add +R channel mode module requiring services account to chat

* Use void* in hook argument

* move chm_regmsg from modules to extensions

* generate error message when module fails to load
2021-01-24 05:13:03 -08:00
Doug Freed
551e5a146e README: update build statusbadge to use GH Actions 2020-12-14 05:28:27 -05:00
Doug Freed
cd1f698ec1 Kill appveyor too
[ci skip]
2020-12-14 05:28:27 -05:00
Doug Freed
0af84b132c Oper-guide workflow for Github Actions 2020-12-14 05:28:27 -05:00
Doug Freed
457a6dff1a Kill Travis 2020-12-14 05:28:27 -05:00
Doug Freed
e9edc8edb9 Start CI configuration for Github Actions 2020-12-14 05:28:27 -05:00
Ed Kellett
b860ad5ffa
chmode: end the grace period more intelligently (#84)
We were ending the flood grace period for any channel mode command other
than `MODE #foo [bq]` by means of a hardcoded check. I've moved that to
after we parse the mode string, so we can correctly identify all
requests to change modes and end the grace period on exactly those.

It would have been entirely possible to move the check even further down
and flood_endgrace on only mode commands that *actually* change modes,
but I don't like the idea of making it sensitive to external conditions.
2020-11-30 09:24:32 +00:00
Doug Freed
6638c837cc send: fix infinite recursion in _send_linebuf
A netwide snote eventually calls into this function again with the same 
server as has already been determined is over its sendq.  Mark the link 
dead before sending the snote to avoid infinite recursion.
2020-11-28 20:08:46 -05:00
Doug Freed
31f9d9b2f3 bandb: remove embedded sqlite 2020-11-28 12:53:05 -05:00
jesopo
11f8fd4526 fix broken atheme link in README.md 2020-11-23 15:30:26 -05:00
Doug Freed
41729935d0 extensions: remove m_roleplay 2020-11-22 17:32:43 -05:00
Doug Freed
73520cd1ed m_challenge: various fixes 2020-11-19 16:48:44 -05:00
jess
40ecb85a1d
add ConfigFileEntry.oper_secure_only, to require TLS to oper up (#76) 2020-11-18 14:29:08 +00:00
Ed Kellett
6485005214 Get rid of hub_mask/leaf_mask 2020-11-14 18:22:08 +00:00
Ed Kellett
e5e814b3db Use opernames not servernames for remote opers 2020-11-13 23:30:04 +00:00
Doug Freed
99b8e2feea s_serv: refactor burst_modes_TS6 to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
8783544360 m_findforwards: refactor to use multiline
Fixes #57
2020-11-12 19:18:01 -05:00
Doug Freed
aacd07a2c6 m_monitor: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
fcdc666b42 m_privs: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
d901e969a3 m_whois: refactor channel list to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
e51d9a67be names: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
56c8530469 m_cap: refactor clicap_generate to use multiline 2020-11-12 19:18:01 -05:00
Ed Kellett
6f88bf5c30 Add some tests for multiline 2020-11-12 19:18:01 -05:00
Doug Freed
8efff56fdf send: add sendto_one_multiline_* API
Allows simplifying multiline wrapping for multiple usages, like CAP
LS/LIST, NAMES, and WHOIS channel listing
2020-11-12 19:18:01 -05:00
jesopo
f0356d2a6f iter lists backwards when sending BMASK 2020-11-12 21:34:21 +00:00
Ed Kellett
dab715910d
Update .gitignore for 25d169b649 (#69) 2020-11-11 14:14:12 -08:00
Ed Kellett
8e7cc44919 Remove *.la from install/lib
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00
Ed Kellett
f7d1cc997e Don't reassign logdir
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00
Ed Kellett
0e50ab822d tests: clean *.db, *.log
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00
Ed Kellett
3eab43b680 help: cleanup indexes properly
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00
Ed Kellett
75fd7ead8d readme: add building instructions 2020-11-10 00:02:48 +00:00
Ed Kellett
1596fc8ffd Forget the old drain reason when rehashing 2020-11-09 21:10:55 +00:00
Ed Kellett
2707630451 m_info: Add some missing things 2020-11-09 21:02:41 +00:00
Ed Kellett
828f8ffada Autogenerate tests/runtime/modules 2020-11-09 09:18:36 +00:00
Ed Kellett
4eeaf9473e tests: autogenerate TESTS 2020-11-09 09:18:36 +00:00
Ed Kellett
c4f463c9ad tests: cleanup .gitignore 2020-11-09 09:18:36 +00:00
Ed Kellett
875051669a tests: implicitly link *_util.c into every test 2020-11-09 09:18:36 +00:00
Eric Mertens
25d169b649
Rename bantool to solanum-bantool (#64)
Rename bantool to solanum-bantool
2020-11-08 18:51:27 -08:00
Ed Kellett
7874410742 m_info: string constness 2020-11-09 01:00:04 +00:00
Ed Kellett
dce5f18f6f m_info: remove repetition 2020-11-09 01:00:04 +00:00
Ed Kellett
0ee3f45c89 m_info: be type-safe, somewhat enforced by macros 2020-11-09 01:00:04 +00:00
Ed Kellett
b3701ae2f3 Remove some unnecessary commenty things 2020-11-09 01:00:04 +00:00
Ed Kellett
8f0dd52ce7 Add /stats s to list secure blocks
`s` and `S` were both used for ssld stats, but only `S` was documented,
so I'm taking `s`. You can't stop me!
2020-11-09 00:26:56 +00:00
Ed Kellett
eafe4df92a Document general::stats_l_oper_only 2020-11-08 19:38:19 +00:00
Ed Kellett
63ab1dd609 Add general::stats_l_oper_only 2020-11-08 19:38:19 +00:00
jess
a922755512
make more snotes L_NETWIDE 2020-11-08 14:30:41 -05:00
Eric Mertens
d295a3986d
Stop using chm_nosuch as a sentinel value (#53)
Remove chmode compat modules

This removes the need for chm_nosuch as well. Unknown mode detection happens in mode parsing now.
2020-11-08 09:50:17 -08:00
Ed Kellett
4a8bd0b2fb Document general::hidden_caps 2020-11-08 14:08:38 +00:00
Ed Kellett
6ac21a70e2 Add general::hidden_caps 2020-11-08 14:08:38 +00:00
Eric Mertens
8e1bdeda92
Resolve shfit/reduce conflict in timespec production (#54)
Resolve shfit/reduce conflict in timespec production (no operational change)
2020-11-07 19:54:25 -08:00
Eric Mertens
92c6e47b4a
Clean up duplication in ChannelModeFunc prototypes (#52) 2020-11-07 16:45:12 -08:00
Ed Kellett
7393690255 Test chmode parsing 2020-11-08 00:26:27 +00:00
Ed Kellett
047b56e70e chmode: Generate a canonical mode string
Primarily because I want to use it in tests, but it also means people
reading override snotes don't have as much mental overhead. I hope.
2020-11-08 00:26:27 +00:00
Ed Kellett
ea41b24fd4 chmode: Get elevated access for op-only queries 2020-11-08 00:26:27 +00:00
Ed Kellett
04952c32ad Rework channel mode handling
Incoming MODE processing is split into a parsing step and an execution
step, instead of a mode's effector function being involved in its own
parsing. Modes can no longer use custom logic to control their parsing,
and instead supply a combination of CHM_* flags to the parser. As a
result, we know before we try to effect any mode changes what all of
them will be.

The reauthorize hack for override is no longer necessary. A side effect
of its introduction was that `MODE #foo b x!y@z` no longer worked; in
removing it we restore that behaviour.

We gain the ability to reject various invalid inputs that:
- mutate or query unknown modes
- supply excess mode arguments
- query modes that can't be queried

In each case, whether we *should* reject it is an open question; for now
I'm rejecting the first one.
2020-11-08 00:26:27 +00:00
Ed Kellett
b5c8d52d82 chmode: Make mode table manageable 2020-11-08 00:26:27 +00:00
Doug Freed
5d7273614b m_cap: simplify cap_req, remove multiline
Spec doesn't really allow multiline here, so don't use it
2020-11-07 16:27:24 -05:00
Ed Kellett
cbc31cce4d Document s2s ECHO 2020-11-06 19:42:55 +00:00
Ed Kellett
7fd01f9f0c m_message: Initiate message echo on target server 2020-11-06 19:42:55 +00:00
Eric Mertens
0bece97692
Remove sno_whois mention in example configuration (#48) 2020-11-06 09:04:14 -08:00
Ed Kellett
faf98b8e20 Update news 2020-11-04 18:08:56 +00:00
Ed Kellett
861a544541 m_webirc: Blow away ident if we've got it
Previously, anyone on the WEBIRC gateway would get its ident if it
advertised one, which seems wrong to me.

This allows ident to be used with WEBIRC while still letting users send
their own ~username in band.
2020-11-02 19:59:29 +00:00
Ed Kellett
05e3afc87e Explanatory comment for LFLAGS_FAKE 2020-11-01 04:33:30 +00:00
Ed Kellett
5409fbc0f7 Mark fake test clients, don't assert they're real 2020-11-01 04:33:30 +00:00
Ed Kellett
d0a8ae2cf2 travis: Enable assertions correctly 2020-11-01 04:33:30 +00:00
Ed Kellett
017e37530e Multiply out handle_remote_unresv 2020-11-01 04:20:44 +00:00
Ed Kellett
f57d88bc71 Remove shared blocks 2020-11-01 04:20:44 +00:00
Ed Kellett
c07751a50d Remove hardcoded TLSv1 disables 2020-11-01 04:07:24 +00:00
Ed Kellett
c1f9603bba Add a comment explaining match_arrange_stars 2020-10-31 17:00:25 +00:00
Ed Kellett
7741039058 match: assert mask_match mask is not too long 2020-10-31 17:00:25 +00:00
Ed Kellett
57fbf05388 Fix a corner case of superset matching
The algorithm we're using gets stuck if it has a ? and can only see a *
to feed to it, even if it could skip over that * and consume a character
following it. Remedy this by rearranging the input so * always precedes
? in runs of wildcards, so when we're matching ? we know we can skip
things.
2020-10-31 17:00:25 +00:00
Ed Kellett
bc6e29e3b0 Update gitignore
(shhhh)
2020-10-31 17:00:25 +00:00
Ed Kellett
83e9a49847 Add (some failing) tests for mask matching 2020-10-31 17:00:25 +00:00
Ed Kellett
625cbb195b Refactor clear_out_address_conf* 2020-10-31 16:00:02 +00:00
Ed Kellett
35eccf4930 Rename UMODE_SSLCLIENT, IsSSLClient 2020-10-31 16:00:02 +00:00
Ed Kellett
d1239f613f Document secure blocks 2020-10-31 16:00:02 +00:00
Ed Kellett
1cf798beb1 Add secure{} blocks 2020-10-31 16:00:02 +00:00
Ed Kellett
bbdc439aa3 Replace IsInsecure with IsSecure 2020-10-31 16:00:02 +00:00
Ed Kellett
1a16d47edb authproc: Don't try to notice dead clients 2020-10-28 21:34:56 +00:00
Ed Kellett
26c3681f7c Delete extensions/spy_*,sno_whois 2020-10-28 21:19:36 +00:00
Ed Kellett
6ec9c49fc3 Update news 2020-10-28 15:32:35 +00:00
Ed Kellett
f4b4216a9f m_message: global snote when massnotice is used 2020-10-27 23:52:24 +00:00
Eric Mertens
67ab06dd8a
Combine stats A output parameters (#35)
Every other use of RPL_STATSDEBUG follows the format: <letter> :<text>

This case appeared to slip through because it's two-word argument is encoded
in a single `->data` buffer.
2020-10-27 16:39:38 -07:00
Ed Kellett
0f8ec93849 helpops: change umode char to h 2020-10-27 13:53:01 +00:00
Ed Kellett
7d84719d68 Unify oper:{global,local}_kill 2020-10-25 20:02:03 +00:00
Ed Kellett
8a776ce65c cap_realhost: neaten oper IP tag check 2020-10-24 16:19:52 +01:00
Ed Kellett
272e4a7d33 cap_realhost: Don't send realhost to non-opers
If they can see it it's already in the message source
2020-10-24 16:19:52 +01:00
Ed Kellett
3b4731951f Implement oper realhost view via a hidden cap 2020-10-24 16:19:52 +01:00
Ed Kellett
0862875dd8 Add extensions/cap_realhost 2020-10-24 16:19:52 +01:00
Ed Kellett
71f10f833f Add a cap_change hook 2020-10-24 16:19:52 +01:00
Ed Kellett
d0dc83b60a Manage help indexes properly in makefile 2020-10-23 14:25:38 +01:00
Ed Kellett
63cad9d882 Untrack help indexes 2020-10-23 14:25:38 +01:00
Ed Kellett
6ee7c05cfc
Undo overzealous seddery 2020-10-23 12:57:02 +01:00
Ed Kellett
3dcaa851f4 m_testline: Complain on formerly-silent failures 2020-10-23 10:28:55 +01:00
Ed Kellett
f6b5e5382e Document /testkline 2020-10-23 10:28:55 +01:00
Ed Kellett
4dc6ff3dd9 Add /testkline 2020-10-23 10:28:55 +01:00
Ed Kellett
6b3ae7e7b7 Add a comment explaining ITER_COMM_CHANNELS 2020-10-21 20:42:02 +01:00
Ed Kellett
25f673bfde um_callerid: Use newer common channel iteration 2020-10-21 20:24:40 +01:00
jesopo
b9b28600d7 "server-side ignore" is an incorrect description of umode +g 2020-10-21 13:21:58 +01:00
Ed Kellett
f3439650c0 m_cap: Try to append caps even if one is too long 2020-10-19 19:30:43 -04:00
Ed Kellett
738b5d291e Mint CLICAP_FLAGS_PRIORITY 2020-10-19 19:30:43 -04:00
Ed Kellett
9f9e21dfbe Kill CLICAP_FLAGS_REQACK 2020-10-19 19:30:43 -04:00
Ed Kellett
e8a8d7a440 Refactor common channel iteration 2020-10-19 20:15:26 +01:00
Ed Kellett
5e413b1372 Use linear channel list comparisons 2020-10-19 20:15:26 +01:00
Ed Kellett
25365ce716 Keep client channel lists sorted 2020-10-19 20:15:26 +01:00
Ed Kellett
54c7ead605 m_names: honour userhost-in-names for global NAMES 2020-10-19 11:47:08 +01:00
Doug Freed
507bdac642
README: fix Travis badge, drop Appveyor badge
[ci skip]
2020-10-19 03:20:34 -04:00
Ed Kellett
255233fce9 channel: tell extbans in +e they're exceptions 2020-10-19 01:07:16 +01:00
Ed Kellett
d6b9005892 extb_canjoin: disable inside +e 2020-10-19 01:07:16 +01:00
Ed Kellett
a77ebe1ed7 m_dline: don't fail on /dline <time> 2020-10-18 20:14:34 +01:00
Ed Kellett
19dc147459 Document max_number in reference.conf 2020-10-18 20:03:05 +01:00
Ed Kellett
7c7065b07e Add class::max_autoconn configuration 2020-10-18 20:03:05 +01:00
Ed Kellett
a7bd528f61 extb_hostmask: handle banstr == NULL 2020-10-18 19:45:51 +01:00
Ed Kellett
a860e8f6fe
Don't run travis on random branches 2020-10-17 14:40:25 +01:00
Ed Kellett
0c25e4b611
Disable Travis notifications 2020-10-17 01:59:33 +01:00
Ed Kellett
fd461d96cf
Update credits 2020-10-16 21:57:22 +01:00
Ed Kellett
94613c78b6 Implement the solanum.chat/identify-msg vendor cap 2020-10-16 21:47:38 +01:00
Ed Kellett
a6f63a829e
Innovation by sed 2020-10-15 15:52:41 +01:00
Ed Kellett
a9b8506b34
Update credits 2020-10-13 22:38:42 +01:00
Simon Arlott
f679aa459f
Remove me
Edit by @aaronmdjones: Merged from [1] at Simon's request.

[1] <https://github.com/nomis/charybdis/commit/e5073623d07e1a62>
2020-09-10 08:35:19 +00:00
Aaron Jones
e81795cd21
Merge pull request #364 from ophion-project/upstream/fix-chmode-propagation
chmode: use NULL for priv argument when auspex:cmodes priv is not needed
2020-09-10 07:49:27 +00:00
Ariadne Conill
f5d60bb5cd chmode: use NULL for priv argument when auspex:cmodes priv is not needed
Otherwise, sendto_channel_local_priv() will only distribute mode changes
to opers only.  This is because HasPrivilege(target_p, "") will evaluate
as false due to the target not being opered.

Thanks to Devin Brown for bisecting this issue.
2020-09-09 12:10:11 -06:00
Aaron Jones
59cfd72e68
Merge pull request #355 from edk0/kline-cidr
Improve [kd]line handling of invalid IP-like masks
2020-08-06 09:17:00 +00:00
Aaron Jones
9dd128b4da
Merge pull request #288 from edk0/umode-o-split
Split oper privs up a bit
2020-08-06 09:07:50 +00:00
Ed Kellett
7f7a433218
m_stats: Remove outdated comment 2020-08-04 22:58:31 +01:00
Ed Kellett
f590bc6cec
Align reference.conf and ircd.conf.example 2020-08-04 22:58:31 +01:00
Ed Kellett
e206f185c5
ircd.conf.example: Fix duplicate priv 2020-08-04 22:58:31 +01:00
Ed Kellett
e06b75d23c
Document extension-only oper privs 2020-08-04 22:58:31 +01:00
Ed Kellett
64c9f5093f
Make opers with no known privset pass IsOperGeneral 2020-08-04 22:58:31 +01:00
Ed Kellett
734e774713
Document usermode:servnotice 2020-08-04 22:58:31 +01:00
Ed Kellett
848df803df
Add usermode:servnotice priv 2020-08-04 22:58:31 +01:00
Ed Kellett
4af85fed0a
Test sendto_channel_local_priv not ONLY_OPERS 2020-08-04 22:58:31 +01:00
Ed Kellett
2f68b6e203
Document the remaining new privs 2020-08-04 22:58:31 +01:00
Ed Kellett
d3fd88a406
Send hidden mode changes to auspex:cmodes 2020-08-04 22:58:30 +01:00
Ed Kellett
076973363a
chmode: priv checks only for local clients 2020-08-04 22:58:30 +01:00
Ed Kellett
b549e8e80d
m_stats: use oper:privs for /stats O 2020-08-04 22:58:30 +01:00
Ed Kellett
326ecd968b
m_stats: Rework privilege requirements
.need_oper is replaced with a generic mechanism for requiring any
privilege. need_admin remains because I think it's the least horrible
way to deal with oper:hidden_admin.

All need_oper requirements have been changed to oper:general
requirements.
2020-08-04 22:58:30 +01:00
Ed Kellett
9039ac0178
m_stats: use designated initializers 2020-08-04 22:58:30 +01:00
Ed Kellett
4a4b20955f
Add oper:dehelper 2020-08-04 22:58:30 +01:00
Ed Kellett
f510983eeb
Add oper:receive_immunity 2020-08-04 22:58:30 +01:00
Ed Kellett
458c853869
Add auspex:hostname 2020-08-04 22:58:30 +01:00
Ed Kellett
74434cf81e
Add auspex:umodes 2020-08-04 22:58:30 +01:00
Ed Kellett
cc61cadade
Add auspex:cmodes 2020-08-04 22:58:30 +01:00
Ed Kellett
58a490f9a4
Add oper:testline 2020-08-04 22:58:30 +01:00
Ed Kellett
6d5be11fb1
Add oper:privs 2020-08-04 22:58:30 +01:00
Ed Kellett
1cd6639a35
Add auspex:oper 2020-08-04 22:58:30 +01:00
Ed Kellett
80303ab70e
chm_staff: use oper:cmodes, don't check op status 2020-08-04 22:58:30 +01:00
Ed Kellett
d4f7eb4ce6
Replace most checks for +o with oper:general
I'm preparing to PR a succession of privs changes with the ultimate goal
of severely limiting the scope of the binary oper/user dichotomy and
move conceptually distinct oper functions into their own privs.

Accomplishing this is a non-trivial task, and can wait, but it's
inconvenient now to have such functions enabled by the same mechanism
that grants any privs at all--so I'm moving all of them to a
transitional priv with the intention of eroding that later.
2020-08-04 22:58:30 +01:00
Aaron Jones
27c6ddbd56
Merge pull request #359 from edk0/stats-l-operhide
m_stats: Make /stats l respect oper hiding
2020-08-04 10:00:41 +00:00
Ed Kellett
24652f2b95
m_stats: Make /stats l respect oper hiding
found by @jesopo
2020-08-03 01:23:54 +01:00
Aaron Jones
ad7ecd5cbb
Merge pull request #352 from edk0/grant-oper-data
m_grant: zero-initialize struct oper_conf
2020-07-27 17:13:33 +00:00
Ed Kellett
cf0aa42180
m_dline: make apply_undline permissive
Trying to find invalid bans won't do anything unless they already exist,
in which case it's legitimate to try to remove them.
2020-07-26 22:50:42 +01:00
Ed Kellett
72464c6abd
m_dline: Make error notices more verbose 2020-07-26 22:50:42 +01:00
Ed Kellett
bf493a3410
m_dline: Abort early if host isn't an IP address 2020-07-26 22:03:20 +01:00
Ed Kellett
9ea60637cd
Add tests for parse_netmask 2020-07-26 22:03:20 +01:00
Ed Kellett
7d9e8e9d77
Add error handling to parse_netmask() 2020-07-26 22:03:06 +01:00
Aaron Jones
687641237a
Merge pull request #353 from edk0/privs-strtok
m_privs: don't leave a damaged privset behind
2020-07-25 23:55:57 +00:00
Ed Kellett
bd8b9a37be
m_privs: don't leave a damaged privset behind 2020-07-25 23:49:52 +01:00
Ed Kellett
687ec8f766
m_grant: zero-initialize struct oper_conf
bug noticed by @xnrand
2020-07-16 17:59:27 +01:00
Simon Arlott
373ba193b8
Merge pull request #351 from ophion-project/upstream/sasl
sasl: use mapi_cap_list_v2 correctly
2020-07-12 10:28:02 +01:00
Unit 193
7372db99f2
Fix a couple typos.
automaticlly → automatically
completly → completely
permissable → permissible
redunant → redundant
threshhold → threshold
2020-07-11 04:51:22 +00:00
Aaron Jones
0df422f5b0
help/*/umode: update help text for +g/+G
cf. https://github.com/charybdis-ircd/charybdis/pull/342

[ci skip]
2020-07-11 03:43:31 +00:00
Aaron Jones
077bedc4dd
Merge pull request #342 from ophion-project/upstream/modularize-callerid
modularize callerid
2020-07-11 03:39:25 +00:00
Ariadne Conill
8ad8fd34f5 callerid: fix a missed instance of hardcoded +g 2020-07-10 21:25:25 -06:00
Ariadne Conill
c6e584dd1b callerid: fix invite case 2020-07-10 18:43:31 -06:00
Ariadne Conill
ace0c8655b callerid: align soft caller-id behavior with ircd-hybrid implementation 2020-07-10 18:18:28 -06:00
Ariadne Conill
b07445c6d9 extensions/umode_noctcp: skip privmsg_user hook except on recipient server 2020-07-10 18:08:33 -06:00
Ariadne Conill
3792c63dc0 sasl: use mapi_cap_list_v2 correctly 2020-07-09 17:47:28 -06:00
Ariadne Conill
92f5320e1d message: run privmsg_user hook on both source and target 2020-07-09 16:06:56 -06:00
Ariadne Conill
4abf8eb2e6 callerid: actually the guard should be for source_p 2020-07-09 16:06:33 -06:00
Ariadne Conill
4841ad6197 callerid: only check the target's accept list on their own local server 2020-07-09 16:06:33 -06:00
Ariadne Conill
3ed61fba8c callerid: use public isupport_umode 2020-07-09 16:06:33 -06:00
Ariadne Conill
8906ffd1b7 supported: make isupport_umode() public 2020-07-09 16:06:33 -06:00
Ariadne Conill
5d4cce6cc0 callerid: has_common_channels(): fix return value 2020-07-09 16:06:33 -06:00
Ariadne Conill
4d07382c2d callerid: fix module description 2020-07-09 16:06:33 -06:00
Ariadne Conill
915bb5614b callerid: unregister usermode +g if usermode +G cannot be allocated 2020-07-09 16:06:33 -06:00
Ariadne Conill
5419d3c286 help: document soft callerid mode 2020-07-09 16:06:33 -06:00
Ariadne Conill
c6edf65411 callerid: use hdata.error where available 2020-07-09 16:06:33 -06:00
Ariadne Conill
fdff78f891 callerid: catch find_umode_slot() failures 2020-07-09 16:06:33 -06:00
Ariadne Conill
db80763427 callerid: use invite instead of can_invite hook 2020-07-09 16:06:33 -06:00
Ariadne Conill
7b60cca0f1 callerid: implement relaxed caller id mode (+G) 2020-07-09 16:06:33 -06:00
Ariadne Conill
7106e36ed3 callerid: fix up isupport 2020-07-09 16:06:33 -06:00
Ariadne Conill
6558648dc3 callerid: don't clobber other modules 2020-07-09 16:06:33 -06:00
Ariadne Conill
921b508b1b add callerid module 2020-07-09 16:06:33 -06:00
Ariadne Conill
303e85c59e remove callerid definitions 2020-07-09 16:06:33 -06:00
Ariadne Conill
4a9cf86981 message: remove hardcoded +G logic 2020-07-09 16:06:33 -06:00
Ariadne Conill
98ac35197b invite: remove hardcoded callerid logic 2020-07-09 16:06:33 -06:00
Simon Arlott
ac09f70838
Merge remote-tracking branch 'ophion/upstream/dnsbl-rename' 2020-07-09 20:53:38 +01:00
Simon Arlott
bc89b788fa
authd: Don't reveal to users how many DNSBLs are configured 2020-07-09 20:53:00 +01:00
Simon Arlott
e658268b22
authd: Fix DNSBL messages 2020-07-09 20:52:24 +01:00
Aaron Jones
860d2381cf
Merge pull request #345 from edk0/alias
m_alias: Preserve protocol framing characters
2020-07-07 09:16:38 +00:00
Aaron Jones
e241d7979c
Merge pull request #346 from edk0/opmod-as-statusmsg
Port opmod_send_cprivmsg from ircd-seven, sans naming mistake
2020-07-06 10:52:15 +00:00
Ed Kellett
f42959a205
Add tests for opmod_send_statusmsg 2020-07-06 10:36:35 +01:00
Janik Kleinhoff
04e5ed6c57
Make 5614c9e6f0b (opmod as fake statusmsg) optional
This adds a channel { ... } option, opmod_send_statusmsg, disabled by
default for compatibility reasons.
2020-07-06 10:36:35 +01:00
Aaron Jones
eb2103bb0e
Merge pull request #347 from edk0/hide-tls-info
Add general::tls_ciphers_oper_only
2020-07-06 08:31:47 +00:00
Ariadne Conill
a389de2a25 authd: rename blacklist_provider to dnsbl_provider, change auth notices accordingly 2020-07-05 21:20:34 -06:00
Ariadne Conill
043f2c9063 example config: dnsbl{} block change, update explanation comment a bit 2020-07-05 21:20:33 -06:00
Ariadne Conill
7f24f506e0 newconf: deprecate blacklist{} blocks, replace with dnsbl{} blocks. 2020-07-05 21:20:32 -06:00
Ariadne Conill
3321eef45a ircd: rename DNSBL entries from blacklist to dnsbl_entry. 2020-07-05 21:20:31 -06:00
Ariadne Conill
d07feac7b2 client: drop no longer existent 'struct blacklist' definition.
This went away when authd was implemented.
2020-07-05 21:20:30 -06:00
Ed Kellett
fff4f76353
Add general::tls_ciphers_oper_only 2020-07-05 23:06:51 +01:00
Mike Quin
09bb659680
add @ prefix to op-moderated (+z) messages to distinguish them from regular channel traffic 2020-07-05 19:09:47 +01:00
Ed Kellett
4e14f9a413
m_alias: Preserve protocol framing characters 2020-07-05 01:15:03 +01:00
Aaron Jones
f598ba3857
ircd/modules.c: complain to foreground if unable to locate module
Without this a conftest user has no idea whether the module path
is correct or not.

[ci skip]
2020-07-04 02:14:33 +00:00
Aaron Jones
8abed91ce1
Merge pull request #344 from dwfreed/use-module-hook-priorities
Actually use modules' declared hook priorities
2020-07-02 12:41:18 +00:00
Doug Freed
eed4099e07 Actually use modules' declared hook priorities 2020-07-01 19:43:48 +00:00
Aaron Jones
e2ceb48c3e
Merge pull request #343 from xnrand/patch-ison-unreg-conn
m_ison: Do not report unregistered connections
2020-06-29 17:36:30 +00:00
Aaron Jones
b41d97e9ab
m_invite: remove redundant block of code missed by review
I missed this due to refactoring in #341. This function is already
called by the same function we're already in, just further down.

[ci skip]
2020-06-27 14:45:02 +00:00
Aaron Jones
3e95f943de
Merge pull request #341 from ophion-project/upstream/modularize-regonlymsg
modularize regonlymsg
2020-06-27 10:46:36 +00:00
Ariadne Conill
402b21d47a regonlymsg: use hdata.error where available 2020-06-26 15:36:12 -06:00
xnrand
c345d844e6 m_ison: Do not report unregistered connections
Prior to this, m_ison would report a nick as being online if a client
that was not yet registered had chosen this nickname on the same server.
This change adds a check to make sure the struct Client has a
struct User associated with it, i.e. registration has occurred.
2020-06-26 20:36:43 +00:00
Ariadne Conill
2bbfce681f regonlymsg: catch find_umode_slot() failure 2020-06-26 14:32:46 -06:00
Ariadne Conill
daaf127d84 regonlymsg: use invite instead of can_invite hook 2020-06-26 14:24:34 -06:00
Ariadne Conill
27590ae0b4 invite: revert the ERR_CHANOPRIVSNEEDED change too 2020-06-26 14:24:26 -06:00
Ariadne Conill
e3c27d7dbd Revert "invite: rework the way can_invite hook is called"
This reverts commit ed06fed70a67b0cdd4e53aad575fca7b9d046061.
2020-06-26 14:24:21 -06:00
Ariadne Conill
ddb063e2f9 invite: remove redundant parenthesis 2020-06-26 13:58:00 -06:00
Ariadne Conill
4371dcbd55 invite: rework the way can_invite hook is called 2020-06-26 13:57:22 -06:00
Ariadne Conill
4436a7ca73 regonlymsg: allow messages through if target is not a local client 2020-06-26 13:56:05 -06:00
Ariadne Conill
90e99760a0 regonlymsg: do not clobber the work of other modules 2020-06-26 13:05:50 -06:00
Ariadne Conill
dc5d1d012a regonlymsg: fix allow_message() return values 2020-06-26 12:03:43 -06:00
Ariadne Conill
968dee680f modularize usermode +R (registered users only) 2020-06-26 11:56:42 -06:00
Ariadne Conill
ed3b56f965 message: remove hardcoded +R logic 2020-06-26 11:56:41 -06:00
Ariadne Conill
0b8910e40b invite: remove hardcoded UMODE_REGONLYMSG code 2020-06-26 11:56:40 -06:00
Aaron Jones
01ef07c1c8
Merge pull request #333 from edk0/privs-multiline
m_privs: break long responses into multiple lines
2020-06-26 16:55:56 +00:00
Aaron Jones
b804829aa4
Merge pull request #340 from ophion-project/upstream/hook-channel-lowerts
join: add channel_lowerts hook
2020-06-26 16:51:52 +00:00
Ariadne Conill
13a16b28cb join: add channel_lowerts hook 2020-06-26 10:29:29 -06:00
Aaron Jones
6d58b1d38e
Merge pull request #334 from edk0/massnotice
Remove the massnotice wildcard restriction
2020-06-25 17:42:43 +00:00
Aaron Jones
9d65d599c4
Merge pull request #322 from edk0/invite-umode-g
m_invite: Don't punch through +g
2020-06-25 17:37:04 +00:00
Aaron Jones
54a7996604
Merge pull request #328 from edk0/capability-put-ownerdata
capability: accept new ownerdata for existing caps
2020-06-25 17:35:44 +00:00
Aaron Jones
17dc265c9d
Merge pull request #329 from edk0/reload-by-path
Reload modules by path
2020-06-25 17:32:58 +00:00
Aaron Jones
17698ba0d1
Merge pull request #338 from edk0/kline-zero
m_kline: insert a safety zero early
2020-06-25 11:49:40 +00:00
Ed Kellett
8e1e48e114
m_kline: insert a safety zero early 2020-06-25 12:43:57 +01:00
Ed Kellett
f0e4d607c9
m_invite: Don't punch through +g 2020-06-21 14:08:24 +01:00
Aaron Jones
3ef1213be4
Merge pull request #335 from edk0/post-registration-delay
Import post_registration_delay from ircd-seven
2020-06-21 12:56:56 +00:00
Aaron Jones
03c167e03b
Merge pull request #330 from edk0/caps-before-init
modules: create caps before mapi_register()
2020-06-10 15:03:57 +00:00
Aaron Jones
4682079dd9
Merge pull request #327 from edk0/filter-quit
filter quit messages
2020-06-10 14:55:02 +00:00
Aaron Jones
64e6d3b9cd
Merge pull request #321 from edk0/hook-priorities
Simple hook priority system
2020-06-10 14:49:59 +00:00
Aaron Jones
976b9c9614
Merge pull request #336 from edk0/range-leak
ircd_parser: free the ends of ranges after use
2020-06-10 14:38:53 +00:00
Ed Kellett
4a8df5edc5
ircd_parser: free the ends of ranges after use 2020-06-07 23:33:59 +01:00
Stephen Bennett
b3a0099139
Rename connect_delay to post_registration_delay. This matches the ircd-ratbox feature, and better describes what it actually is. Also make sure to set localClient->firsttime on registration, so that the delay counts from the right time. 2020-06-07 19:22:36 +01:00
Stephen Bennett
1bb7964378
Add connect_delay to example and reference configs 2020-06-07 19:22:36 +01:00
Stephen Bennett
2d6562846f
Initial attempt at the conndelay hack 2020-06-07 19:22:36 +01:00
Ed Kellett
d819df92b8
Remove the massnotice wildcard restriction 2020-06-07 18:10:51 +01:00
Ed Kellett
7e1a68eaf8
m_privs: break long responses into multiple lines 2020-06-07 00:43:06 +01:00
Ed Kellett
33c0142671
modules: create caps before mapi_register() 2020-06-02 18:35:50 +01:00
Ed Kellett
df7e3dabce
Reload modules by path 2020-06-02 16:17:26 +01:00
Ed Kellett
1e221ac32e
capability: accept new ownerdata for existing caps 2020-06-02 16:14:27 +01:00
Aaron Jones
ef62a62f62
Merge pull request #326 from edk0/filter-part
Handle PARTs properly in extensions/filter
2020-05-24 23:08:02 +00:00
Ed Kellett
211c25b17d
extensions/filter: filter quit messages 2020-05-23 19:10:31 +01:00
Ed Kellett
260fc2cc34
Add client_quit hook 2020-05-23 19:10:07 +01:00
Aaron Jones
458b5d1f89
Merge pull request #324 from mas90/patch-1
Skip any unhandled DNS record type
2020-05-11 07:32:41 +00:00
Malcolm Scott
1f9bc066df
Skip any unhandled DNS record type
Currently the DNS resolver handles CNAME by skipping that record in the answer and looking for the subsequent A/AAAA/PTR record.  There are other record types which could be handled in the same way, e.g. DNAME, but their presence currently causes the answer parsing to be abandoned.  A better approach would be to skip *any* other record and just use the first A, AAAA or PTR in the answer, regardless of what comes before it.
2020-05-10 21:00:43 +01:00
Ed Kellett
e9408bc4fc
filter: fix part handling
previously we would have formatted a null pointer into %s for the
command, which is theoretically bad but handled by glibc
2020-05-02 02:52:21 +01:00
Ed Kellett
c6b2dacad4
hook: Use old insertion order for equal priority 2020-05-01 22:22:32 +01:00
Ed Kellett
c500b0bdb5
Add priorities to some hooks 2020-05-01 17:47:14 +01:00
Ed Kellett
91b1278224
Implement hook priorities 2020-05-01 17:44:15 +01:00
Aaron Jones
c7561f03ef
Merge pull request #319 from edk0/invite-notify
Fix invite-notify and move it to an extension
2020-05-01 16:22:44 +00:00
Ed Kellett
d691b63be2
Document invite hooks 2020-04-30 18:17:00 +01:00
Ed Kellett
0934799fb9
Use a different cap for send tests 2020-04-30 18:17:00 +01:00
Ed Kellett
91ccda4f8c
Fix invite-notify and move it to an extension
The existing approach to invite-notify is deeply flawed--it currently
notifies only the target user's server, and that can't be fixed without
sending notifies for invites that end up not happening.

I'm resolving this by broadcasting a second message, INVITED, from the
target user's server. I'm also pulling it out into an extension while
I'm at it--invite notifies reveal new information, so I don't think
they should be mandatory.
2020-04-30 18:17:00 +01:00
Ed Kellett
e0622d7519
m_invite: Add hooks
can_invite is called on the source server, can override channel access
invite is called on the target
2020-04-30 18:16:59 +01:00
Aaron Jones
297f3d01e1
Merge pull request #320 from edk0/runtests
Run tests with ASan leak detection off
2020-04-29 10:00:39 +00:00
Ed Kellett
30725c434b
Run tests with ASan leak detection off
The test environment is sufficiently weird that I don't think fixing
these would be a good use of anyone's time
2020-04-26 16:05:05 +01:00
Aaron Jones
1c99c4a4b8
Merge pull request #316 from edk0/kline-spoof-flag
Add an iline flag to match klines by spoof only
2020-04-24 09:13:19 +00:00
Ed Kellett
57657a33a3
Document kline_spoof_ip 2020-04-20 11:10:39 +01:00
Ed Kellett
40e76ac76c
Handle kline_spoof_ip in check_one_kline 2020-04-20 11:10:39 +01:00
Ed Kellett
67e05d5b67
Add an iline flag to match klines by spoof only 2020-04-20 11:10:39 +01:00
Aaron Jones
30193794a1
Merge pull request #317 from edk0/leak
librb/event: Don't leak event names on completion
2020-04-19 14:25:14 +00:00
Ed Kellett
ad516b7d47
librb/event: Don't leak event names on completion 2020-04-19 14:22:18 +01:00
Aaron Jones
2c11ccb99e
Merge pull request #313 from edk0/spoof-chban
Don't match iline-spoofed IPs for channel bans
2020-04-19 12:11:19 +00:00
Aaron Jones
dd9796d65d
Merge pull request #314 from jesopo/message-handler-comment
rectify comment for Message handler indexes
2020-04-19 12:06:16 +00:00
jesopo
b2ee72e448 remove LAST in comment too; it's a bit pointless 2020-04-19 13:05:01 +01:00
Aaron Jones
60445f51d0
Merge pull request #315 from edk0/check-kline
Make K-line checking more consistent
2020-04-19 11:57:08 +00:00
Ed Kellett
485d245ec0
Add ipv4-in-ipv6 logic to check_one_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
9274c0f3f4
Align check_one_kline better with find_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
de0673d7ad
Move ipv4-in-ipv6 handling to find_conf_by_address
This removes some inconsistencies: first of all it applies to both
CONF_KILL searches by IP in find_address_conf, and secondly it applies
to find_kline, which would have been an edge case before.
2020-04-19 11:53:38 +01:00
Ed Kellett
f53d2f45de
Refactor check_one_kline a tiny bit 2020-04-19 01:45:33 +01:00
jesopo
310f88cfb1 rectify comment for Message handler indexes 2020-04-19 00:01:29 +01:00
Ed Kellett
55ed78dab1
Don't match iline-spoofed IPs for channel bans 2020-04-12 12:35:18 +01:00
Ed Kellett
a7d4a0ab81
Centralise banmask matching logic 2020-04-12 12:35:18 +01:00
Aaron Jones
baef55657e
Merge pull request #311 from qaisjp/patch-2
readme: fix macOS instructions
2020-03-15 22:14:26 +00:00
Qais Patankar
c0d82abefc
readme: fix macOS instructions 2020-03-15 22:06:42 +00:00
Aaron Jones
6cfb19943a
extensions/extb_ssl.c: make certfp parameter case-insensitive
I had the idea that maybe these should be case-sensitive because some
encodings (like Base-64) are. But it turns out it's better to
prioritise not breaking existing configurations / channel mode lists,
and just revisit this in future maybe.

[ci skip]
2020-01-28 20:48:23 +00:00
Aaron Jones
e0a8d121fa
extensions/extb_ssl.c: port e0f1c3b5bc & 5572f43834
Reported-by: Opal Hart <opal@wowana.me>
2020-01-28 20:37:39 +00:00
Simon Arlott
155ecb7a7a
tests: Check sendto_wallops_flags works with format strings 2020-01-11 16:26:10 +00:00
Aaron Jones
b50e5b28d4
Merge pull request #308 from edk0/with-asan
Add --with-asan to build with asan
2020-01-10 15:36:06 +00:00
Ed Kellett
30a14c5884
Link asan in a clang-friendly way 2020-01-10 15:32:35 +00:00
Ed Kellett
6d17463554
Add --with-asan to build with asan 2020-01-06 23:46:44 +00:00
Aaron Jones
673fd77dd1
Merge pull request #304 from edk0/reject-expired
reject: Don't reject for expired K-lines
2020-01-03 17:33:10 +00:00
Ed Kellett
6cd12661af
reject: reorder to avoid leaks 2020-01-03 17:07:25 +00:00
Ed Kellett
b9c43bc08a
reject: Don't reject for expired K-lines 2020-01-03 16:24:36 +00:00
Aaron Jones
6cac5cce0f
Merge pull request #302 from edk0/sasl-usercloak
Import extensions/sasl_usercloak from ircd-seven
2020-01-02 20:31:06 +00:00
Aaron Jones
28e12fad3c
Merge pull request #297 from bmwiedemann/date
Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
2020-01-02 20:29:13 +00:00
Aaron Jones
1a7927bb87
Merge pull request #303 from edk0/modreload-uaf
modules: fix use-after-free when reloading
2020-01-02 17:24:44 +00:00
Aaron Jones
cd39eef71e
Merge pull request #301 from edk0/reject-free-fix-fix
Remove from the list of propagated bans on expiry
2020-01-02 17:24:25 +00:00
Ed Kellett
6aa5c725ff
modules: fix use-after-free when reloading 2020-01-02 16:45:15 +00:00
Ed Kellett
b44f6669d8
sasl_usercloak: fix typo in format string
thanks @ProgVal
2020-01-02 16:29:23 +00:00
Ed Kellett
cdeca37ec3
sasl_usercloak: make the magic string more specific
Require '/account' at the end of the spoof, rather than
'account' anywhere.
2020-01-02 16:15:51 +00:00
Ed Kellett
5d5603b6ef
sasl_usercloak: modernize 2020-01-02 16:15:50 +00:00
Ed Kellett
11ae52095f
Remove duplicated notify_banned_client 2020-01-02 03:36:34 +00:00
Ed Kellett
5958d6b99b
sasl_usercloak: check K-lines after host change 2020-01-02 03:36:34 +00:00
Ed Kellett
40c4d9d85b
Revert "recheck users after applying SASL account cloaks"
This reverts commit 4d401d3c60019cf96b07a012106cab9678b7a79d.
2020-01-02 03:36:34 +00:00
Ed Kellett
5aeeea187e
recheck users after applying SASL account cloaks
(so K-lines on them will take effect properly)
2020-01-02 03:36:34 +00:00
Stephen Bennett
dae6f5dbee
Make sasl_usercloak.so update the original host, as well as the visible host if it hasn't already changed. Allows for the sasl spoof to be used to override services ones in some circumstances. 2020-01-02 03:36:34 +00:00
Stephen Bennett
271ddd99d7
Be sure to zero out host buffer before using it 2020-01-02 03:36:34 +00:00
Stephen Bennett
721410d575
Add sasl_usercloak module, to allow injecting SASL account name into a user's host on connection 2020-01-02 03:36:24 +00:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
Fixes a use-after-free introduced in 548e31d3b, which fixed a related
use-after-free introduced in a9536f755.
2020-01-02 00:03:06 +00:00
Aaron Jones
b21c1403c6
Merge pull request #300 from edk0/reject-free-fix
Fix a use-after-free introduced in #298
2020-01-01 08:57:52 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
(not a bug until a9536f755 since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Aaron Jones
008a1b9d8d
Merge pull request #298 from edk0/rejectcache
Remember and send reasons for rejectcache rejections
2019-12-31 07:59:56 +00:00
Ed Kellett
6292d72bbf
Add hide_tkdline_duration to documentation .confs 2019-12-31 01:56:05 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Bernhard M. Wiedemann
1b0319448c Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
to make the package build reproducible by default without
everyone having to discover the custom variable.

See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This code assigns the plain integer to keep the code simple.
Otherwise we would have to deal with differences between GNU date
and BSD date or include extra build deps like perl or python.
2019-12-06 18:32:46 +01:00
Aaron Jones
7b8e4c0967
Merge pull request #296 from edk0/modreload
m_modules: make modreload work like restart
2019-11-17 19:12:03 +00:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.

Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
58a7048006
Merge pull request #287 from edk0/filter
Add extensions/filter (port from ircd-seven)
2019-10-22 18:33:51 +00:00
Ed Kellett
09784400f2
filter: avoid a memory leak per @amdj 2019-10-22 18:44:19 +01:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Aaron Jones
9e6c36d571
Merge pull request #294 from edk0/deny-webirc-auth
m_webirc: deny using webirc. as a real auth block
2019-10-22 16:16:36 +00:00
Ed Kellett
8ffc517321
m_webirc: deny using webirc. as a real auth block 2019-10-20 18:41:39 +01:00
Ed Kellett
cccda2ff2f
m_webirc: it's "TLS" to you 2019-10-20 18:18:32 +01:00
Ed Kellett
11ef0e2b98
m_webirc: don't bail out when denying 'secure' 2019-10-20 18:18:32 +01:00
Ed Kellett
a6b97b7d88
m_webirc: const-correctness 2019-10-20 18:18:27 +01:00
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure option 2019-10-20 18:17:34 +01:00
Ed Kellett
ab4420cbbe
m_webirc: enforce need_ssl 2019-10-20 18:17:33 +01:00
Aaron Jones
ac0ae805d7
tests/Makefile.am: check-local: don't depend on extensions/*
This breaks if a file in extensions/ doesn't get built due to
conditional compilation, and the tests don't need anything
under extensions/ anyway.
2019-10-07 03:49:00 +00:00
Aaron Jones
2357449084
Merge pull request #286 from edk0/strip-unprintable
strip_unprintable: Don't strip all bytes with the MSB set
2019-10-06 22:23:59 +00:00
Janik Kleinhoff
12b3a184bc
strip_unprintable: clarify type conversion
This type conversion is more easily shown to work as intended than the
conversion introduced in 9dcb9e169.
2019-10-06 23:16:43 +01:00
Ed Kellett
9dcb9e1696
Fix strip_unprintable on high bit bytes 2019-10-06 23:14:28 +01:00
Aaron Jones
3aab744e13
Merge pull request #290 from edk0/quiet-override
override: don't spam about (un)setting the mode
2019-10-06 21:57:42 +00:00
Aaron Jones
1aff5a5647
Merge pull request #289 from edk0/rehash-privileged-modes
Recheck umodes for opers after rehash
2019-10-06 21:51:20 +00:00
Ed Kellett
e5742a172b
override: don't spam about (un)setting the mode
We will spam about any uses of it, so this just seems like extra noise.
2019-10-06 22:28:19 +01:00
Ed Kellett
c4e6888ef7
Recheck umodes for opers after rehash 2019-10-06 21:56:13 +01:00
Ed Kellett
0cbb1ba9f0
filter: explicit type conversion 2019-10-06 19:41:06 +01:00
Ed Kellett
aecdd8237c
Add hyperscan to CI deps 2019-10-06 19:35:17 +01:00
Ed Kellett
eb06afc3fa
filter: correct type for modinit 2019-10-06 19:24:35 +01:00
Ed Kellett
9fe8bccba0
Fix build when hyperscan is missing 2019-10-06 19:24:34 +01:00
Ed Kellett
a8f402e909
filter: use AV2 2019-10-06 19:24:34 +01:00
Ed Kellett
344af24c2f
filter: add DROP and ABORT 2019-10-06 19:24:34 +01:00
Ed Kellett
dc141aad45
filter: require an extra "+" before data
This disambiguates it from control commands
2019-10-06 19:24:33 +01:00
Ed Kellett
8692240f51
filter: add modes to disable incoming filters 2019-10-06 19:24:33 +01:00
Ed Kellett
649bda6d5d
filter: make the kill reason more honest 2019-10-06 19:24:32 +01:00
Ed Kellett
d928bc7af3
filter: send the failure response only on PRIVMSG 2019-10-06 19:24:32 +01:00
Ed Kellett
744ac30804
filter: match in two passes, before and after stripping 2019-10-06 19:24:32 +01:00
Ed Kellett
fccc6d5669
filter: move to extensions 2019-10-06 19:24:31 +01:00
Ed Kellett
4950a9436c
filter: bump version 2019-10-06 19:24:31 +01:00
Ed Kellett
f982238e91
filter: use a static buffer instead of strdup 2019-10-06 19:24:31 +01:00
Ed Kellett
fc7fbe6d20
filter: add version number 2019-10-06 19:24:30 +01:00
Ed Kellett
7bb7f89911
filter: send a numeric error for ACT_DROP 2019-10-06 19:24:30 +01:00
Ed Kellett
81e41406f4
filter: add #defines for nick,user,host 2019-10-06 19:24:30 +01:00
Ed Kellett
11c11f30e7
filter: don't give the target of PMs to filters 2019-10-06 19:24:29 +01:00
Ed Kellett
3fbb1d7aeb
filter: include identified marker 2019-10-06 19:24:29 +01:00
Ed Kellett
d09c55338f
filter: drop messages if we're ACT_KILLing them 2019-10-06 19:24:29 +01:00
Ed Kellett
86ee00db91
filter: Filter only locally-sourced messages
(Assume the remote server filtered remote ones.)
2019-10-06 19:24:28 +01:00
Ed Kellett
6a14bf789b
filter: kill last or we can't send the snote 2019-10-06 19:24:28 +01:00
Ed Kellett
a2d9c49410
Add filter.c 2019-10-06 19:24:28 +01:00
Ed Kellett
1905ab5f7d
Depend on hyperscan 2019-10-06 19:24:25 +01:00
Aaron Jones
a5c6d66ac8
Travis CI: Bump to Ubuntu Bionic 18.04 LTS
Also bump Linux compilers from (GCC 4.8, GCC 4.9, GCC 5, GCC 7,
GCC 8, Clang 3.9, Clang 4.0, Clang 5.0, Clang 6.0) to (GCC 7,
GCC 8, Clang 7, Clang 8). There's no need to test against every
ancient compiler under the sun. Furthermore, we no longer need
an apt sources list for Bionic.

[ci skip] (Tested already <https://travis-ci.org/charybdis-ircd/charybdis/builds/594225622>)
2019-10-06 14:55:52 +00:00
Aaron Jones
52fae04da0
Merge pull request #285 from edk0/ratelimits
Remove ratelimits on /stats and /motd when they don't have a server parameter
2019-09-15 19:27:39 +00:00
Ed Kellett
20276d4011
m_motd: don't ratelimit with no server argument 2019-09-15 20:05:51 +01:00
Ed Kellett
e902e16974
m_stats: don't ratelimit with no server argument 2019-09-15 20:05:51 +01:00
Simon Arlott
f47ac7081b
Don't enable warnings on osx 2019-09-15 12:56:55 +01:00
Simon Arlott
400e650809
librb: Fix nossl 2019-09-15 12:33:56 +01:00
Simon Arlott
b7660ea49d
librb: Fix nossl 2019-09-15 11:43:52 +01:00
Simon Arlott
ce960aa5f0
travis: Use newer versions of Clang 2019-09-15 11:41:41 +01:00
Simon Arlott
8679c0fe3c
Fix Clang 6 compiler warnings 2019-09-15 11:28:48 +01:00
Simon Arlott
a4fe4b8191
travis: Remove -Wno-unused-variable 2019-09-15 11:14:38 +01:00
Simon Arlott
4b7abcfb7d
librb: Avoid unused variable warning 2019-09-15 11:13:54 +01:00
Simon Arlott
53aeb0305a
librb: Specify -Wno-unused-parameter 2019-09-15 11:12:44 +01:00
Simon Arlott
5889d67dea
travis: Don't use -Werror on clang 2019-09-15 11:04:28 +01:00
Simon Arlott
a52e946303
travis: Notify on IRC 2019-09-15 11:00:50 +01:00
Simon Arlott
e52893db93
Fix GCC 8 compiler warnings 2019-09-15 10:57:53 +01:00
Simon Arlott
b55caab91e
travis: Ignore more unused warnings 2019-09-15 10:44:05 +01:00
Simon Arlott
b3a987ed15
ircd: Use a larger buffer for ilog() buf2 2019-09-15 10:41:33 +01:00
Simon Arlott
6769ac13a2
travis: Ignore unused-parameter warnings 2019-09-15 10:26:35 +01:00
Simon Arlott
c4c1bf3b79
librb: Fix GCC 8 warning; 640 bytes should be enough 2019-09-15 10:25:25 +01:00
Simon Arlott
e89a399f94
ircd: Zero out the global_client_list
Otherwise we unconditionally add "me" to it twice in some unit tests,
which results in a loop in the list.
2019-09-15 10:22:26 +01:00
Simon Arlott
0e5b57c40b
travis: Build with GCC 7 and GCC 8 2019-09-15 10:02:11 +01:00
Simon Arlott
bcd241da68
Fix compiler warning for SeesOper 2019-09-15 10:00:56 +01:00
Simon Arlott
004007982a
travis: Compile with warnings as errors 2019-09-15 09:57:45 +01:00
Aaron Jones
2f2a26fe9d
Merge pull request #283 from edk0/grant
m_grant improvements
2019-09-14 23:39:40 +00:00
Ed Kellett
f7cc54c1ba
Add help for GRANT 2019-09-15 00:35:55 +01:00
Ed Kellett
b143f5e3bd
m_grant: match "deoper" case-insensitively 2019-09-15 00:35:55 +01:00
Ed Kellett
ebd0f4db7a
m_grant: remove a confusing line 2019-09-15 00:35:55 +01:00
Ed Kellett
7f373431d0
m_grant: use AV2 2019-09-15 00:35:55 +01:00
Ed Kellett
910f883959
m_grant: propagate privset changes 2019-09-15 00:35:55 +01:00
Ed Kellett
bdc87b5f37
m_grant: maintain privilegeset refcounts 2019-09-15 00:35:55 +01:00
Ed Kellett
6119faa9a0
charybdise m_grant 2019-09-15 00:35:55 +01:00
Ed Kellett
c1649fd04d
Use the m_grant from ircd-seven
Charybdis' rewritten m_grant introduces at least one serious bug without
providing any apparent benefit. I think the best solution here is the
easiest one.

The bug in question is that an empty mode change is triggered after
seven's grant has done its work, and this is necessary in order to
give umodes granted by oper privileges a chance to update. The rewrite
removes this, generating a mode change only if it wants to change the
state of +o, which means the grant victim can keep privileged modes they
no longer have access to, or fail to gain new ones.
2019-09-15 00:35:55 +01:00
Aaron Jones
8b7503c89a
Merge pull request #284 from edk0/drain
Add extensions/drain (port from ircd-seven)
2019-09-14 21:21:38 +00:00
Janik Kleinhoff
a0d1df9f38
extensions/drain: remove superfluous includes 2019-09-14 21:13:11 +01:00
Ed Kellett
b674a619eb
Add extensions/drain
This takes the simplest possible approach: load the module and you're in
drain mode.
2019-09-14 21:13:11 +01:00
Aaron Jones
b9da417b4e
Merge pull request #282 from edk0/propagate-oper
Propagate OPER
2019-09-13 12:15:06 +00:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Aaron Jones
742ddc8fac
Merge pull request #279 from edk0/operhide
Rework oper hiding
2019-09-12 22:17:26 +00:00
Ed Kellett
1123eefcb0
Rework oper hiding
As it stands, oper hiding is rather messy and inconsistent. Add
SeesOper(target, source), which is true iff target should appear as an
oper to source. If I haven't missed something, all commands that reveal
oper status now use the same logic.

general::hide_opers_in_whois is a special case, and affects /whois only.

general::hide_opers is introduced, and has the same effect as giving
everyone oper:hidden. All commands that reveal oper status respect both.
2019-09-12 23:14:15 +01:00
Aaron Jones
f7f1c50494
Support ECDH X25519 for TLSv1.3 (OpenSSL 1.1.1) 2019-09-08 14:00:24 +00:00
Aaron Jones
95c84a44fd
Merge pull request #277 from edk0/helpops
Fix various bugs in extensions/helpops
2019-09-07 14:57:30 +00:00
Aaron Jones
a9118e5b81
Merge pull request #278 from edk0/override
Fix various bugs in extensions/override
2019-09-07 14:26:01 +00:00
Aaron Jones
d6c8286e3e
Merge pull request #275 from edk0/override-immunity
override: move kick immunity to its own module
2019-09-07 14:10:22 +00:00
Aaron Jones
84a969d686
Merge pull request #276 from edk0/deferred-cap-notify
Deferred capability notifications from modules
2019-09-07 14:08:19 +00:00
Ed Kellett
dbeda234e6
override: always check oper:override
It's possible to have the oper:override privilege removed by /grant.
/grant triggers an empty umode change event to allow privileged umodes
to be set or removed, so checking for oper:override on all umode changes
(and not just ones where +o or +p is changed) allows us to remove +p
when necessary.
2019-09-07 15:06:39 +01:00
Ed Kellett
6637a54728
override: don't leak the old expiry timer list 2019-09-07 15:06:39 +01:00
Ed Kellett
cc75db3f3f
override: start timers for +p clients on modinit
Reloading override previously would have the effect of cancelling +p
expiry. With this change, reloading the module just refreshes the
timers, so expiry is delayed a bit rather than forgotten entirely.
2019-09-07 15:06:39 +01:00
Ed Kellett
5339043003
helpops: remove +H if usermode:helpops is lost 2019-09-07 15:04:05 +01:00
Ed Kellett
0c5dd86cfc
helpops: handle the helper list properly on reload
Free the whole list on unload rather than leaking it, and initialise it
to the list of people with +H on load.
2019-09-07 15:04:05 +01:00
Ed Kellett
6c639159b0
helpops: fix umode handling
construct_umodebuf() can change the char->flag mapping (to restore an
orphaned mode). I don't love the use of a fake constant, so I think the
cleanest solution here is just to index user_modes with a macro for the
umode letter.
2019-09-07 15:04:05 +01:00
Ed Kellett
28cc8bb924
Deferred capability notifications from modules
Reloading modules sends CAP DEL followed by an immediate CAP NEW:

    :staberinde.local CAP * DEL :account-tag
    :staberinde.local CAP * NEW :account-tag

This isn't very nice. /modrestart is particularly bad. In order to avoid
doing this, we remember the capability set at the beginning of module
operations, compare that with the set afterwards, and report only the
differences with CAP {DEL,NEW}.
2019-09-07 14:59:33 +01:00
Aaron Jones
515b54ddf9
Merge pull request #274 from edk0/event-deletion
librb/event: delete indirectly via a dead flag
2019-09-07 13:56:17 +00:00
Ed Kellett
ead77e93aa
override: move kick immunity to its own module 2019-09-07 14:53:21 +01:00
Ed Kellett
3576d1b482
librb/event: delete indirectly via a dead flag
This avoids an issue where deleting an event inside the handler of a
different event puts the event iteration in an invalid state.
2019-09-07 14:50:42 +01:00
Simon Arlott
9ac0390734
Version 4.1.3-dev 2019-08-31 21:14:27 +01:00
Simon Arlott
efe1f312b5
Version 4.1.2 2019-08-31 21:12:44 +01:00
Simon Arlott
728c3ed5cb
travis: don't run the tests on macosx
overriding rb_gettimeofday and "me" doesn't work
2019-08-31 16:41:18 +01:00
Simon Arlott
ac4365f5a4
ircd: remove debug 2019-08-31 16:36:41 +01:00
Simon Arlott
eeeb228664
cap_server_time: Fix strftime return value check 2019-08-31 16:35:19 +01:00
Simon Arlott
493f729efc
tests: Fix use-after-free bug 2019-08-31 16:32:55 +01:00
Simon Arlott
17809d2db7
librb: Fix type of dst for rb_inet_pton_sock() 2019-08-31 16:10:50 +01:00
Simon Arlott
8b96670079
tests: Remove modules that don't exist 2019-08-31 15:38:48 +01:00
Simon Arlott
a006add93c
check_one_kline: Fix compiler warning 2019-08-31 15:31:45 +01:00
Simon Arlott
c6e707ae76
Merge branch 'edk0-check-one-kline' 2019-08-31 15:05:29 +01:00
Simon Arlott
b18dba6da8
Document the process shared by check_one_kline() and find_kline() 2019-08-31 15:05:20 +01:00
Simon Arlott
912d118fa2
Merge branch 'check-one-kline' of https://github.com/edk0/charybdis into edk0-check-one-kline 2019-08-31 15:05:11 +01:00
Simon Arlott
5a15b97696
Revert "ircd: Fix umode orphan scheme."
This reverts commit c1fc044c35.
2019-08-31 14:43:34 +01:00
Aaron Jones
e2a0687835
Correct OPM port configuration variables
[ci skip]
2019-07-07 19:35:58 +01:00
Simon Arlott
11b122dfd3
travis: run the tests 2019-07-07 19:35:13 +01:00
Ed Kellett
6ca9ff0ea1
Remove unused kline_delay config option 2019-04-27 14:53:04 +01:00
Ed Kellett
9834d3d5ba
Remove unused kline delay machinery 2019-04-27 14:51:27 +01:00
Ed Kellett
43037e1af3
m_ban: check only the added K-line 2019-04-27 14:51:17 +01:00
Ed Kellett
b068a4b518
m_kline: check only the added K-line 2019-04-27 14:47:33 +01:00
Ed Kellett
10df26d08f
Add check_one_kline, expose notify_banned_client 2019-04-27 14:47:28 +01:00
Aaron Jones
c87c8e5bfe
newconf: remove plaintext listeners warning
Closes #270

[ci skip]
2019-03-27 19:29:55 +00:00
Simon Arlott
40a766a0a0
m_sasl: Don't process authentication messages if SASL has been aborted, but track failures 2019-02-23 13:02:15 +00:00
Simon Arlott
958c354cca
tests: Verify behaviour if services authenticates a user after SASL is aborted 2019-02-23 13:02:15 +00:00
Simon Arlott
ac5a5a0cfa
set version back to -dev 2018-08-15 23:12:38 +01:00
Simon Arlott
17776e5274
charybdis 4.1.1 2018-08-15 23:03:50 +01:00
Simon Arlott
d5d52a994d
m_nick/m_sasl/m_user: restore check for mixing of client and server protocol 2018-08-15 22:48:21 +01:00
Simon Arlott
d4b2529a61
m_pass: store unverified SID in preClient for use in m_server 2018-08-15 22:48:20 +01:00
Aaron Jones
8d93dd76ad
MbedTLS: Support ChaCha20-Poly1305 in TLSv1.2+ 2018-08-13 22:35:20 +00:00
Simon Arlott
244f6259de
authd: always use an empty buffer to read ident reply
Otherwise we could read uninitialised data beyond the actual reply
2018-08-12 18:45:05 +01:00
Simon Arlott
15b05f95f0
m_sasl: check if the agent is present after every client_exit
When a server disconnects the client_exit hook will only be called once
but there could be multiple servers and clients behind that server.

After any client exits, check if the agent is still present.
2018-08-12 12:50:43 +01:00
Simon Arlott
bfd95f010b
authd: fix "is provider done" logic in blacklist/opm providers
This fixes #262.
2018-08-12 11:19:44 +01:00
Simon Arlott
258eb31c9c
Merge pull request #260 from FauxFaux/yesno-1
YESNO options are of type bool, not int
2018-08-12 10:17:12 +01:00
Simon Arlott
82546fb7b7
travis: don't build docs on osx 2018-08-12 10:08:00 +01:00
Simon Arlott
3a484c2c9d
doc: build with travis 2018-08-12 09:40:40 +01:00
Simon Arlott
1b81e34a55
doc: there is no _static directory 2018-08-12 09:37:50 +01:00
Simon Arlott
f2fa7bd2ab
Merge pull request #263 from anarcat/extban-doc
point users towards HELP EXTBAN for inline help
2018-08-12 09:26:58 +01:00
Antoine Beaupré
f5bd632497
point to the CMODE help page for more modes 2018-08-12 09:23:12 +01:00
Antoine Beaupré
15e0fce707
fix more headings 2018-08-12 09:23:10 +01:00
Antoine Beaupré
0f04574db1
fix two headings to be toplevel 2018-08-12 09:23:09 +01:00
Antoine Beaupré
3eea7d371e
do not hardcode theme 2018-08-12 09:22:59 +01:00
Antoine Beaupré
9546ba08e1
config.rst review 2018-08-12 09:22:58 +01:00
Antoine Beaupré
1e04a8dd8c
review commands.rst style 2018-08-12 09:22:56 +01:00
Antoine Beaupré
b12af1dbb1
fix style in ucommands.rst 2018-08-12 09:22:55 +01:00
Antoine Beaupré
e48d102ca3
fix syntax warning 2018-08-12 09:22:53 +01:00
Antoine Beaupré
316531aefb
fix ucommands.rst style 2018-08-12 09:22:50 +01:00
Antoine Beaupré
b44a51d470
review umodes.rst 2018-08-12 09:22:48 +01:00
Antoine Beaupré
90a29f9ab4
review oprivs.rst style 2018-08-12 09:22:46 +01:00
Antoine Beaupré
5d963f8352
review cmodes.rst style 2018-08-12 09:22:43 +01:00
Antoine Beaupré
4245facd2e
some styling
turn all +flags into preformatted flags, fix admonitions
2018-08-12 09:22:26 +01:00
Antoine Beaupré
a0bd1cc026
ignore build results 2018-08-12 09:20:34 +01:00
Antoine Beaupré
8a7d33db3e
fix duplicate headings, remove duplicate ToC 2018-08-12 09:20:32 +01:00
Antoine Beaupré
8380f40a78
merge two index pages 2018-08-12 09:20:20 +01:00
Antoine Beaupré
2ae078d87b
convert SGML guide to RST
the rationale behind switching away from SGML/Docbook is the following:

 * SGML is hard to edit for humans
 * the output is not much prettier
 * the toolchain is not well supported and missing from the build
 * the build is not hooked into anywhere, no automation

the reason why RST was chosen:

 * it allows for a strong structure like Docbook
 * the theme from Read The Docs is pretty
 * it also supports mobile devices
 * sphinx can easily output to PDF and ePUB formats
 * RST is plaintext that can be easily edited and diff'd
 * RST can be automatically built by ReadTheDocs and the toolchain is
   readily available
 * the output is also parsed by Github so documentation can be read
   straight from GH

the reason why Markdown was not chosen:

 * the current strong structure would be hard to replicate
 * markdown is not standardized and output varies according to the
   implementation

the docs were converted with Pandoc, using the following commands:

    mkdir oper-guide
    for source in sgml/oper-guide/*.sgml; do
        pandoc --toc -s -f docbook -t rst $source -o oper-guide/$(basename $source .sgml).rst
    done
    cd oper-guide
    sphinx-quickstart
    git add *.rst make.bat conf.py
    git add -f Makefile
    git rm -r ../sgml

[merged from d4214e9445: doc/sgml/oper-guide/config.sgml]
2018-08-12 09:15:13 +01:00
Aaron Jones
6d8a8851df
modules/m_sasl.c: prevent abort_sasl() sending 906 twice 2018-04-06 20:07:08 +00:00
Aaron Jones
631c30890c
modules/m_sasl.c: command functions are void on this branch 2018-04-06 19:58:45 +00:00
Aaron Jones
280ce6a951
modules/m_sasl.c: abort session if we receive '*' as data
Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.

cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287

Reported-By: James Wheare
2018-04-06 19:49:33 +00:00
Chris West (Faux)
26c5df4b1e YESNO options are of type bool, not int 2018-03-23 16:46:38 +00:00
Simon Arlott
fe5fc851aa
gcc7 fixes: NICKLEN -> NAMELEN
Use NAMELEN instead of NICKLEN when accessing Client->name because it
could in theory be a HOSTLEN length string.
2018-01-19 23:26:20 +00:00
Simon Arlott
30053ab982
gcc7 fixes: make fallthrough explicit 2018-01-19 23:26:03 +00:00
Simon Arlott
fd668f9d9e
set version back to -dev 2018-01-18 21:45:32 +00:00
Simon Arlott
8fad942193
charybdis 4.1 2018-01-18 21:42:14 +00:00
Simon Arlott
acd941bfed
ircd: use correct buffer sizes
This fixes an issue with truncated SJOINs.
2018-01-18 21:33:41 +00:00
Aaron Jones
e081bf2988
libratbox/src/mbedtls.c: check public/private keys match 2018-01-06 16:05:48 +00:00
Aaron Jones
3cc262f006
doc/reference.conf: clarify that server link fingerprints aren't optional
[ci skip]
2017-11-04 07:41:54 +00:00
Aaron Jones
efd07994e7
help/Makefile.am: silence construction of indexes, make build depend on index 2017-10-30 17:32:29 +00:00
Simon Arlott
16e66c174f
charybdis 4.1-rc1 2017-10-20 22:47:46 +01:00
Simon Arlott
268044ea40
Add workaround for Linux SCTP_I_WANT_MAPPED_V4_ADDR bug on older kernels 2017-08-24 20:08:22 +01:00
Simon Arlott
6003ce763c
Add outgoing SCTP connect support 2017-08-24 20:08:21 +01:00
Simon Arlott
c6ad9b0c5f
Add basic SCTP listener support that binds to multiple addresses
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
2017-08-24 20:08:20 +01:00
Simon Arlott
589dbf4d0f
rb_connect: use SO_ERROR 2017-08-24 20:08:19 +01:00
Simon Arlott
9caecc9348
rb_inet_pton_sock: initialise sockaddr to zero 2017-08-24 20:08:19 +01:00
Simon Arlott
365e13662e
exit_unknown_client: don't delete servers from the client hash
Outgoing servers are not added to the client hash until they reach
IsServer() status, so if they're unknown when they exit then don't
attempt to delete them.
2017-08-24 20:08:18 +01:00
Simon Arlott
e701026837
tests: add serv_connect1 (exit_unknown_client)
Test serv_connect followed by exit_unknown_client.

An outgoing connection should not delete an incoming connection that
occurs during the connection attempt.
2017-08-24 20:08:17 +01:00
Simon Arlott
4ce1cac4b9
s_serv: connect using both IPv4 and IPv6 if unspecified 2017-08-22 21:55:12 +01:00
Simon Arlott
de2934965c
remove RB_IPV6 2017-08-20 12:54:46 +01:00
Simon Arlott
f21ef0cebc
authd: assume all providers are running
Otherwise ident returns without setting itself running causing problems.

Move opm/blacklist before ident/rdns so that they can receive completion
notifications.
2017-08-20 12:54:45 +01:00
Aaron Jones
ffd0a904d9 Merge pull request #246 from grawity/patch-1
CREDITS: update to match reality
2017-08-17 23:02:52 +00:00
Mantas Mikulėnas
b25a10e23d CREDITS: update to match reality 2017-08-17 08:37:10 +03:00
Simon Arlott
9844105c3c
charybdis 4.1-dev 2017-08-13 21:57:23 +01:00
Simon Arlott
0ee833da4a
m_sasl: indicate client connection type for SASL 2017-08-09 22:04:11 +01:00
Simon Arlott
fa2367e3f3
librb: remove zstring
rb_zstring_serialized leaks memory while doing nothing with its
arguments... nothing is using zstring so remove it
2017-08-06 18:40:24 +01:00
Simon Arlott
959dffde9b
tests: add rb_dictionary1
This doesn't do much because replacing existing elements isn't allowed.
2017-08-06 18:38:43 +01:00
Simon Arlott
1272b289e6
librb: dictionary_add mishandles replacing elements
This can only happen with soft asserts otherwise it will crash instead.

Nothing currently uses the return value of rb_dictionary_add.
2017-08-06 18:38:35 +01:00
Simon Arlott
f06b5e9c53
charybdis 4-rc6 2017-08-06 16:43:49 +01:00
Simon Arlott
cb53fd6a83
tests: send1: add tag tests to all functions 2017-08-06 16:21:30 +01:00
Simon Arlott
4b1cce65ed
ircd: send tags on every message
Simplify linebuf by introducing fsnprint to manage a list of printfs.
Add a msgbuf unparse cache for send functions that loop.
2017-08-06 16:21:29 +01:00
Simon Arlott
8f43ad3f72
tests: send1: fix sendto_channel_opmod (remote) to cover all scenarios 2017-08-06 13:30:47 +01:00
Simon Arlott
a53032dd70
tests: send1: fix sendto_channel_opmod (remote) to call the right function 2017-08-06 13:14:12 +01:00
Simon Arlott
dd3a17a0c2
tests: send1: add missing CAP_SERVER_TIME test to sendto_channel_flags from remote users 2017-08-06 13:00:49 +01:00
Simon Arlott
762adec9f6
tests: send1: test MODE_MODERATED with sendto_channel_opmod 2017-08-06 12:53:39 +01:00
Simon Arlott
692fbac66d
tests: send1: load modules in a predictable order
So that tags are added in the same order every time.

# wanted: @time=2017-07-14T02:40:00.000Z;account=test :LChanPeon!username@example.test TEST #placeholder :Hello World!
#   seen: @account=test;time=2017-07-14T02:40:00.000Z :LChanPeon!username@example.test TEST #placeholder :Hello World!
2017-08-06 11:05:03 +01:00
Simon Arlott
4e9035f2f1
tests: add missing modules symlinks 2017-08-06 01:42:51 +01:00
Simon Arlott
54f75d36e3
tests: add remaining sendto_* tests 2017-08-06 01:12:59 +01:00
Simon Arlott
42ae8ab21f
ircd: check caps for user in sendto_common_channels_local 2017-08-05 22:34:17 +01:00
Simon Arlott
60f1d711e6
tests: add remote server message tests
Test sendto_one, sendto_one_prefix, sendto_one_notice and complete
sendto_one_numeric (for unregistered clients).
2017-08-05 16:54:44 +01:00
Simon Arlott
6af47466a8
tests: add client util make_local_person_oper() 2017-08-05 14:14:53 +01:00
Simon Arlott
d2b5f4111b
tests: add sendto_* test framework 2017-08-05 14:09:01 +01:00
Simon Arlott
84a3275b7a
ircd: log command in mod_add_cmd/mod_del_cmd error scenarios 2017-08-05 12:29:52 +01:00
Simon Arlott
4212494106
ircd: substitution: fix buffer overrun if variable name is too long
Also fix the "ptr = ptr + (pptr - ptr)" aka "ptr = pptr" mess by
removing pptr.
2017-08-05 11:27:02 +01:00
Simon Arlott
6b80043eca
remove unused variables 2017-08-04 21:01:29 +01:00
Simon Arlott
4f8866f680
ssld: avoid clang static analysis warning
Edit by @aaronmdjones: fix for loop initialisation and inner condition
2017-08-04 20:51:53 +01:00
Simon Arlott
b582b00585
tests: fix warnings 2017-08-04 20:02:27 +01:00
Simon Arlott
de36941445
remove unused variables 2017-08-04 20:02:20 +01:00
Simon Arlott
2355be38a3
m_webirc: set sockhost before potentially using it to set host
Remove extra IP check, it's not necessary.
2017-08-01 22:42:56 +01:00
Simon Arlott
a2a670824c
cap_server_time: check return values of string functions 2017-07-31 07:58:06 +01:00
Simon Arlott
2d5f4d8e7f
cap_server_time: provide time with millisecond resolution 2017-07-30 22:03:23 +01:00
Simon Arlott
30275c67c5
charybdis 4-rc5 2017-07-30 18:43:52 +01:00
Aaron Jones
515467e527
mbedtls.c: minor fixups
- Add (void) casts for unused function parameters
- Rearrange member in `struct rb_mbedtls_cfg_context' for data alignment
- Document a `clang-4.0 -Weverything' (-Wcast-qual) diagnostic
- Avoid pointless conversions between positive/negative error codes
- Use capital hexadecimals in error codes and properly cast to
  (unsigned int) for %x/%X
2017-07-30 18:41:32 +01:00
Simon Arlott
3fb264ef49
m_cap: use rn_snprintf_try_append 2017-07-30 18:30:28 +01:00
Simon Arlott
0e6b8d0af9
tests: add rb_snprintf_append, rb_snprintf_try_append tests 2017-07-30 17:05:26 +01:00
Simon Arlott
e5c434a2df
librb: add rb_snprintf_try_append
For when it might fit, or it might not.
2017-07-30 17:04:06 +01:00
Simon Arlott
8573c3409e
librb: rb_snprinf_append: handle error return value from vsnprintf() 2017-07-30 17:03:30 +01:00
Simon Arlott
2cc7be9977
tests: add rb_linebuf_put tests 2017-07-30 15:56:29 +01:00
Simon Arlott
7a06833fb4
librb: linebuf: reduce the number of "put" implementations from 4 to 1 2017-07-30 15:51:45 +01:00
Simon Arlott
a7fed8715b
Revert "Core modules cannot be unloaded, otherwise bad things happen."
This reverts commit b5cfad0319.
2017-07-29 23:52:06 +01:00
Simon Arlott
2f0b6f83bd
m_join: remove global variable parabuf 2017-07-29 23:48:55 +01:00
Simon Arlott
95fff33cf6
m_join: remove global variable modebuf 2017-07-29 23:48:54 +01:00
Simon Arlott
b051b0efd9
m_join: remove global variable para 2017-07-29 23:48:53 +01:00
Simon Arlott
7fce9c6d1b
m_join: remove global variable pargs 2017-07-29 23:48:53 +01:00
Simon Arlott
2077757f2a
m_join: remove global variable mbuf 2017-07-29 23:48:52 +01:00
Simon Arlott
4c7d1de8f3
librb: linebuf needs to use the buffer limit from msgbuf_unparse_prefix 2017-07-29 23:32:27 +01:00
Simon Arlott
5ce6360b72
ircd: send: these buffers can be static 2017-07-29 23:24:23 +01:00
Simon Arlott
b6f271b2aa
m_cap: Fix CAP LS generation
The `caplen` variable was unused, so the cap to be output wasn't considered
when determining whether or not it would fit.
2017-07-29 22:46:11 +01:00
Simon Arlott
2100c58d09
librb: rb_rawbuf_length: do something if soft assert fails
correct the value of rb->len
2017-07-29 22:46:10 +01:00
Simon Arlott
108699df3c
tests: add msgbuf_unparse tests 2017-07-29 22:46:09 +01:00
Simon Arlott
17ea888046
tests: add substitution_parse tests 2017-07-29 22:46:09 +01:00
Simon Arlott
05a16d98e1
tests: add msgbuf_parse tests 2017-07-29 22:46:08 +01:00
Simon Arlott
f3564f47f4
msgbuf: correctly split buffers into IRCv3 tags and RFC1459 message data 2017-07-29 22:46:07 +01:00
Simon Arlott
9f46eae691
linebuf: increase buffer size to accommodate IRCv3 tags 2017-07-29 22:46:06 +01:00
Simon Arlott
8fe5ef5a23
tests: add C TAP harness 2017-07-29 22:46:05 +01:00
Simon Arlott
33ded5fc57
librb: remove unnecessary NULL from the end of rb_string_to_array output 2017-07-29 22:46:04 +01:00
Simon Arlott
86432f8f86
ircd: attach_conf: avoid clang static analysis warning
In the impossible scenario where ClassPtr(aconf) is NULL, reject the
client instead of dereferencing the NULL pointer.
2017-07-29 22:45:58 +01:00
Simon Arlott
b5ad4cdfde
make soft asserts better by allowing them to be used in expressions 2017-07-29 22:39:53 +01:00
Simon Arlott
3ec3b44c7e
wsockd: avoid clang static analysis warning
Don't set `x = 0` twice.
2017-07-29 22:39:53 +01:00
Simon Arlott
26acc0c4fd
authd: opm: avoid clang static analysis warning
Remove unused `c` variable.
2017-07-29 22:39:52 +01:00
Simon Arlott
07807ce8b0
ircd: send_to_channel_flags: avoid clang static analysis warning
Set current_capmask and then use it, instead of referencing target_p->localClient->caps again.

This makes the purpose of current_capmask a bit clearer.
2017-07-29 22:39:50 +01:00
Simon Arlott
d856535edd
ircd: sendto_one_notice: avoid clang static analysis warning
target_p->from can't be NULL, and if it is then get_id(..., target_p)
dereferences it later in the function anyway
2017-07-29 22:39:49 +01:00
Simon Arlott
45285c4a73
librb: rb_lib_loop: avoid clang static analysis warning 2017-07-29 22:39:49 +01:00
Simon Arlott
209c57fbbf
ssld: avoid clang static analysis warning
Don't set `x = 0` twice.
2017-07-29 22:39:48 +01:00
Simon Arlott
0d6da1a9c1
ircd: sendto_one_numeric: avoid clang static analysis warning
target_p->from can't be NULL, and if it is then get_id(..., target_p)
dereferences it later in the function anyway
2017-07-29 22:28:53 +01:00
Simon Arlott
4a9f4dccb8
authd: opm: avoid clang static analysis warning
Remove unused `lookup` variables.
2017-07-29 22:28:52 +01:00
Simon Arlott
b9a6f1e5a1
ircd: get_or_create_channel: avoid clang static analysis warning
Use `len` after setting it.
2017-07-29 22:28:51 +01:00
Simon Arlott
f660af2155
ssld: avoid clang static analysis warning 2017-07-29 22:28:50 +01:00
Simon Arlott
0ded533dbc
ircd: sendto_one_prefix: avoid clang static analysis warning
target_p->from can't be NULL, and if it is then get_id(..., target_p)
dereferences it later in the function anyway
2017-07-29 22:28:49 +01:00
Simon Arlott
6c1e15a432
exit_remote_server: avoid clang static analysis warning
if IsServer(source_p) then the following must be all non-NULL:
 ->serv
 ->servptr
 ->servptr->serv

Remove unnecessary and inconsistent pointer checks.
2017-07-29 22:28:48 +01:00
Simon Arlott
630c15211d
librb: rb_linebuf_copy_raw: remove unused assignment 2017-07-29 22:28:47 +01:00
Simon Arlott
ab5fc9c032
ircd: hostmask: avoid clang static analysis warning
arec->Mask.ipa.bits is unused if arec->masktype == HM_HOST
2017-07-29 22:27:23 +01:00
Simon Arlott
b0adc7bf97
librb: commio: Must set addrlen before every call to accept()
If an IPv4 connection is dropped by the pre-callback, and there is a
pending IPv6 connection on the same listening socket then the retried
accept() will be unable to populate `st` because `addrlen` will be too
small. Also initialise `st` each time to avoid a clang static analysis
warning.
2017-07-29 22:20:05 +01:00
Simon Arlott
8467fd9caf
ircd: listener: Document check_reject() behaviour 2017-07-29 22:20:04 +01:00
Simon Arlott
23e722ea21
wsockd: Initialise ws_frame_hdr_t before using it
Outgoing messages have uninitialised data from the stack in the 3 reserved
bits of the opcode_rsv_fin value.
2017-07-29 22:20:03 +01:00
Simon Arlott
a940f54623
sslproc: check number of arguments to zipstats command 2017-07-29 13:32:21 +01:00
Aaron Jones
ed9f6a6565
src/channel.c: don't use the bancache in is_banned()/is_quieted()
The bancache will be re-architected onto clients in future for easier
invalidation, but this is a good-enough temporary fix for issue #243

Fixes #243
2017-07-29 13:32:20 +01:00
Simon Arlott
be9fb5ac00
Revert "no really, it's dead people"
This reverts commit 40ac82e878.
2017-07-27 18:51:24 +01:00
Simon Arlott
4efe9cf25d
charybdis 4-rc4 2017-07-27 18:47:18 +01:00
Simon Arlott
e9f0d740e3
msgbuf: remove unused field parselen 2017-07-27 18:31:08 +01:00
Simon Arlott
fb81421fc7
ircd: substitution: fix NULL termination buffer overrun when the output is too large for the buffer 2017-07-27 18:31:07 +01:00
Simon Arlott
1dfb080874
ircd: substitution: fix overrun with unterminated '}' in format string
handle a variable following an unterminated variable better
2017-07-27 18:31:05 +01:00
Simon Arlott
169a1c3535
msgbuf: s_assert is not a substitute for proper code
(dns, m_alias, m_stats updated as msgbuf no longer includes s_assert.h)
2017-07-26 19:30:41 +01:00
Simon Arlott
d2b3a2a474
ircd: check_server: don't allow a connection if that would exceed the class limit 2017-07-23 17:38:11 +01:00
Simon Arlott
e3cea4d811
ircd: serv_connect: don't try to connect if that would exceed the class limit 2017-07-23 15:40:00 +01:00
Simon Arlott
fdfe62e7cc
m_webirc: use rb_inet_ntop_sock to populate sockhost 2017-06-27 21:13:25 +01:00
Simon Arlott
89bb7d65fb
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:48:49 +01:00
William Pitcock
40ac82e878 no really, it's dead people 2017-02-27 23:31:49 -06:00
Simon Arlott
fe45fd6105
CREDITS: fix my nickname and update my email address 2017-01-06 21:52:44 +00:00
Aaron Jones
c3abf98286
MbedTLS: Disable TLSv1.0 2016-12-30 17:59:48 +00:00
Aaron Jones
35cd299395
OpenSSL: Disable TLSv1.0
Also some misc other cleanups/additions to bring it in line with the
release/3.5 backend
2016-12-30 17:59:46 +00:00
Aaron Jones
5bcd4c7c60
GNUTLS: Provide a default priority string, disable TLSv1.0 in it
The user can still override this choice with the ssl_cipher_list option
in ircd.conf -- this is the only backend that will allow you to do so.
2016-12-30 17:59:35 +00:00
Keith Buck
1175ff837d extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret
channels, which prevents trivial ban evasion by setting the target
channel +s. Information leak due to this change is unlikely since the
attacker would have to know that the target channel exists, the name of
the channel (or guess it), have a specific user they wanted to know
whether was in the channel (and not know already), and the target user
would need to have something like autojoin-on-invite enabled (or any of
the other various ways hostname cloaking is attacked).
2016-12-29 06:21:58 +00:00
Aaron Jones
28f877462d
Documentation: Comment-out the OPM block and its options by default
The feature is not yet stable and is causing several issues.
2016-12-28 23:41:32 +00:00
Aaron Jones
41390bfe5f
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.

However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.

Also, in this version of the IRCd, the module restarting functionality
was located in a function that is itself located in a module, so things
will also go badly if that module is reloaded to a different address,
too.

Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.

c.f. release/3.5 commit db05a36210

Reported-by: mniip (Freenode)
2016-12-28 22:08:14 +00:00
Aaron Jones
6002ccec6b
mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails 2016-12-20 17:29:37 +00:00
Aaron Jones
d1f8acb0da
authd: don't exit() on OPM duplicate scanner errors, just ignore it
I run into this code even with a single kind of scanner with a single
port, so I'm not even sure how it thinks it already exists.

Perhaps it's being parsed twice, or something similar.

c.f. issue #229
2016-12-19 04:57:58 +00:00
Keith Buck
df0c70dd1f mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:08:47 +00:00
Jason Volk
d57ff45c68 .gitignore: ignore .exe extension.
Utilized when building on windows, but shouldn't require any iff
windows case when on unix, so it can be simply ignored.

[ci skip]
2016-12-05 14:36:36 -05:00
Keith Buck
fbd3e77eac m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:15:29 +00:00
Simon Arlott
ab6a27d184
Fix cross compile for Windows 2016-12-04 20:21:07 +00:00
Simon Arlott
57dd2c6a89
msgbuf: don't append a ';' unless there are existing tags
When both account-tag and server-time are present but the client
doesn't have the first (i == 0) of these enabled. They will get
an erroneous ';' after the '@'.

Track whether or not there are tags present, and use this to
determine whether to add the ';' or not. Also remove the extra
function that loops over all of the tags by using this flag to
handle the case where there are no tags being written.
2016-12-04 19:41:08 +00:00
Simon Arlott
6396c5da07
fix privmsg/notice send functions to use variable argument lists properly 2016-12-04 19:41:07 +00:00
Aaron Jones
a49b954f98
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:51:06 +00:00
Simon Arlott
e2d5ffd5dd
echo-message should work for privmsg/notice to another user
Build the same message but send it to the local client first,
so that the echo-message capability works. But don't do it when
sending a message to yourself.
2016-11-23 21:59:43 +00:00
Simon Arlott
2d8d5b058b
echo-message should work for clients that aren't in the target channel
Move the echo part to the end of the channel membership loop so that it
works even if the user isn't on the channel.
2016-11-23 21:14:44 +00:00
Simon Arlott
f41f79971c
server_estab: don't try to send to a dead client
If the zlib setup fails the client will be exited, so don't send
to it before checking this.
2016-11-20 21:41:18 +00:00
Simon Arlott
50b1e5987c
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:09:07 +00:00
Aaron Jones
4381284e72
reference.conf: document that SPKI is supported in version 3.5 now 2016-11-15 12:36:01 +00:00
Aaron Jones
05281d7a0d
TLS backends: Move some library-dependent functions to the proper location
The comment incorrectly stated these were library-agnostic; infact, they
use library-dependent data types or macro names.
2016-11-15 12:16:03 +00:00
Aaron Jones
19ec5fb1f9
README: Document glibtoolize use on Mac systems
Fixes #224
2016-10-31 09:08:46 +00:00
Simon Arlott
5bc95eaf4a
Use const hook data where possible
core/m_nick.c: In function `change_remote_nick':
core/m_nick.c:745: warning: assignment discards qualifiers from pointer target type
2016-10-30 12:36:50 +00:00
Simon Arlott
4ce7eaefd4
free cache emptyline rb_dlink_node, allocated automatically but never freed
==00:00:01:09.081 1762== 48 bytes in 2 blocks are definitely lost in loss record 545 of 991
==00:00:01:09.081 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.081 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.081 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.081 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.081 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.081 1762==    by 0x4E52AC3: init_cache (cache.c:67)
==00:00:01:09.081 1762==    by 0x4E69530: charybdis_main (ircd.c:762)
==00:00:01:09.081 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 2,808 bytes in 117 blocks are definitely lost in loss record 960 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E5337A: load_help (cache.c:301)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 5,328 (5,304 direct, 24 indirect) bytes in 221 blocks are definitely lost in loss record 971 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E53278: load_help (cache.c:266)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)
2016-10-30 12:05:45 +00:00
Simon Arlott
1c4f9748d7
free server_p->certfp, allocated in newconf.c
==01:17:20:36.920 5966== 429 bytes in 3 blocks are possibly lost in loss record 899 of 1,020
==01:17:20:36.920 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.920 5966==    by 0x4E73867: rb_strdup (rb_memory.h:70)
==01:17:20:36.920 5966==    by 0x4E7674C: conf_set_connect_fingerprint (newconf.c:1421)
==01:17:20:36.920 5966==    by 0x4E78D55: conf_call_set (newconf.c:2562)
==01:17:20:36.920 5966==    by 0x4E6A33D: yyparse (ircd_parser.y:215)
==01:17:20:36.920 5966==    by 0x4E7FFC7: read_conf (s_conf.c:834)
==01:17:20:36.920 5966==    by 0x4E81718: read_conf_files (s_conf.c:1419)
==01:17:20:36.920 5966==    by 0x4E69567: charybdis_main (ircd.c:775)
==01:17:20:36.920 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:45:56 +00:00
Simon Arlott
c8641a273f
free localClient->cipher_string, allocated in sslproc.c
==01:17:20:36.919 5966== 280 bytes in 8 blocks are definitely lost in loss record 876 of 1,020
==01:17:20:36.919 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.919 5966==    by 0x4E93F4F: rb_strdup (rb_memory.h:70)
==01:17:20:36.919 5966==    by 0x4E95280: ssl_process_cipher_string (sslproc.c:476)
==01:17:20:36.919 5966==    by 0x4E95540: ssl_process_cmd_recv (sslproc.c:561)
==01:17:20:36.919 5966==    by 0x4E9582A: ssl_read_ctl (sslproc.c:632)
==01:17:20:36.919 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.919 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
==01:17:20:36.919 5966==    by 0x56C7FD6: rb_lib_loop (rb_lib.c:228)
==01:17:20:36.919 5966==    by 0x4E69987: charybdis_main (ircd.c:872)
==01:17:20:36.919 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:21:45 +00:00
Simon Arlott
76f3591a2d
free localClient->zipstats, allocated in sslproc.c
==01:17:20:36.906 5966== 48 bytes in 1 blocks are definitely lost in loss record 544 of 1,020
==01:17:20:36.906 5966==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.906 5966==    by 0x4E93F0C: rb_malloc (rb_memory.h:41)
==01:17:20:36.906 5966==    by 0x4E961E8: start_zlib_session (sslproc.c:901)
==01:17:20:36.906 5966==    by 0x4E86FAC: server_estab (s_serv.c:877)
==01:17:20:36.906 5966==    by 0x13B2921A: mr_server (m_server.c:304)
==01:17:20:36.906 5966==    by 0x4E7AF03: handle_command (parse.c:241)
==01:17:20:36.906 5966==    by 0x4E7A96A: parse (parse.c:157)
==01:17:20:36.906 5966==    by 0x4E7A3DC: client_dopacket (packet.c:354)
==01:17:20:36.906 5966==    by 0x4E798D6: parse_client_queued (packet.c:98)
==01:17:20:36.906 5966==    by 0x4E79FAC: read_packet (packet.c:282)
==01:17:20:36.906 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.906 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
2016-10-30 11:20:31 +00:00
Simon Arlott
d8f0b5d763
cppcheck: fix various warnings/errors
[ircd/match.c:316]: (error) Shifting a negative value is undefined behaviour
[librb/src/patricia.c:55]: (error) Shifting a negative value is undefined behaviour
[modules/m_alias.c:64]: (portability) '(void*)message' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[modules/m_time.c:111]: (warning) %u in format string (no. 9) requires 'unsigned int' but the argument type is 'signed int'.
[modules/m_time.c:111]: (warning) %u in format string (no. 10) requires 'unsigned int' but the argument type is 'signed int'.
[librb/src/dictionary.c:819]: (warning) %d in format string (no. 3) requires 'int' but the argument type is 'unsigned int'.
[librb/src/radixtree.c:1080]: (warning) %d in format string (no. 3) requires 'int' but the argument type is 'unsigned int'.
[ircd/s_user.c:351] -> [ircd/s_user.c:357]: (warning) Either the condition '0!=source_p' is redundant or there is possible null pointer dereference: source_p.
[extensions/ip_cloaking_3.0.c:109]: (warning, inconclusive) The buffer 'buf' may not be null-terminated after the call to strncpy().
[ircd/chmode.c:256]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_help.c:100]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_knock.c:169]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_stats.c:628]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_stats.c:727]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:601]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:704]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:739]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:763]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:768]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:774]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:781]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:786]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:791]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:804]: (style) Clarify calculation precedence for '&' and '?'.
[ircd/wsproc.c:372]: (style) Unused variable: len
[modules/core/m_modules.c:382]: (style) Unused variable: i
[modules/m_stats.c:741]: (style) Unused variable: amsg
[ircd/authproc.c:390]: (style) Unused variable: iter
[ircd/authproc.c:391]: (style) Unused variable: client_p
2016-10-28 20:13:36 +01:00
Simon Arlott
3608f31d39
authproc: don't allow authd to write too many parameters to parv array 2016-10-22 22:42:22 +01:00
Simon Arlott
3656fa83a9
msgbuf_parse: rb_string_to_array outputs to a MAXPARA+1 size array 2016-10-22 22:38:07 +01:00
Simon Arlott
01dd3da541
rb_string_to_array: document parv array size 2016-10-22 22:36:47 +01:00
Aaron Jones
42e6fbaa8c
OpenSSL: Adjust ciphersuite order and update documentation 2016-10-18 11:17:41 +00:00
Aaron Jones
98c4aaeaff
MbedTLS: Adjust ciphersuite order and update documentation 2016-10-18 11:16:38 +00:00
Aaron Jones
d7f66fc3bf
README: Fix location of channel 2016-10-15 12:57:26 +00:00
Aaron Jones
23f5c31719
SASL: Relax rate limiting for failures a little
Begin at 8 seconds after 2 failures and up to ~4 minutes
2016-10-02 14:13:02 +00:00
Aaron Jones
8e3d0668a4 Merge pull request #221 from Xenthys/release/4
Added kick immunity to umode +p (oper-override)
2016-10-02 10:02:02 +00:00
Aaron Jones
c4a51af37c Merge pull request #222 from Xenthys/release/4+sasl
SASL: rate-limit after the 2nd failed attempt (m_sasl.c)
2016-10-02 09:50:57 +00:00
Xenthys
46ef49c390
SASL: rate-limit after the 2nd failed attempt (m_sasl.c) 2016-10-02 03:57:11 +02:00
Xenthys
bd2c29f738
Added kick immunity to umode +p (oper-override) 2016-09-29 00:34:53 +02:00
Aaron Jones
c6d884e877
whois: check target is an oper before assuming they have a privset
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.

Related to ircd-seven commit d7b05f7583babf6
2016-09-20 13:47:55 +00:00
William Pitcock
b1c32af98e helpops: add duplication guards on helper/dehelper state changes 2016-09-18 17:11:32 -05:00
Aaron Jones
56fbe141a1
GNUTLS: Forward-port release/3.5 improvements
The changes made in this file are detailed in release/3.5 commits
4d89c83c32 through ecfdcb08e8 inclusive.

Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the gnutls.c between release/3.5 and release/4.
2016-09-17 17:53:01 +00:00
Aaron Jones
dd066596dc
MbedTLS: Forward-port release/3.5 improvements
The changes made in this file are detailed in release/3.5 commits
295c8f7d37 through 265dc4e53c inclusive.

Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the mbedtls.c between release/3.5 and release/4.
2016-09-17 17:19:31 +00:00
Aaron Jones
73470f0b3c
OpenSSL: Forward-port release/3.5 improvements
The changes made in this file are detailed in release/3.5 commits
1f30c8943b through 92c04c6b9d inclusive.

Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the openssl.c between release/3.5 and release/4.
2016-09-17 17:03:21 +00:00
William Pitcock
087555a00f ircd: introduce 'no-export' links
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
2016-09-16 17:18:55 -05:00
William Pitcock
4d3f8ead19 helpops: fix up graph cleanup for helpers_list 2016-09-16 17:02:50 -05:00
William Pitcock
5a12d0b1e8 extensions/chantype_dummy: ^ is a valid nickchar, but > isn't 2016-09-16 14:12:29 -05:00
William Pitcock
1e706d5ae2 NEWS: document new CHANTYPES api 2016-09-16 14:08:04 -05:00
William Pitcock
1cfc0cd9f2 extensions/chantype_dummy: cleanups 2016-09-16 14:07:54 -05:00
William Pitcock
1af4eff6f6 channels: fix IsChannelName() to actually use IsChanPrefix(). 2016-09-16 14:02:41 -05:00
William Pitcock
6e86cdd6d6 supported: fix up CHANTYPES 2016-09-16 14:00:00 -05:00
William Pitcock
75980a5e2f extensions: add new module adding ^channels (which are just like #channels) 2016-09-16 13:55:44 -05:00
William Pitcock
01978a2c8c supported: add chantypes_update() 2016-09-16 13:49:02 -05:00
William Pitcock
f3b84221d0 match: allow the CharAttrs table to be modified at runtime 2016-09-16 13:09:44 -05:00
William Pitcock
e47c4be18c helpops: MyClient() check is wrong, we only care if it is a Person or a Server 2016-09-16 12:57:34 -05:00
William Pitcock
8093dc5fb7 helpops: handle cleaning up remote opers from the helpops list 2016-09-16 12:56:18 -05:00
William Pitcock
a4840ff1d8 Merge pull request #217 from Xenthys/release/4
m_grant.c - fixed remote grant support
2016-09-15 22:06:40 -07:00
Stephen Bennett
f32b9ebd63 Add hooks for local and remote nick changes 2016-09-16 00:04:16 -05:00
Aaron Jones
6d16f66be6
msgbuf: Fix remote crash vulnerability due to malformed message tag.
Fixes #218

Reported-by: ManiacTwister <github@s7t.de>
2016-09-11 10:35:13 +00:00
Xenthys
89aef424e9 m_grant.c - fixed remote grant support 2016-09-10 17:54:13 +02:00
Aaron Jones
c4acd427ac
MbedTLS: Misc backend cleanups
This is a forward-port of release/3.5 commit 566f4678

* Add generic direction enum for negotiation setup.

* Rename a rather long wrapper function to a shorter one consistent with
  what it does.

* Rework context setup function.

* Don't check for handshake state before beginning handshaking.

  The old backend began a handshake and then stepped into the callback
  function if it was interrupted; the current one just jumps right into
  it, so there is no need to check if it has previously succeeded,
  because it hasn't been attempted yet.

* Add missing errno assignment to one of the handshake wrappers.

* Don't bother checking if SSL_P(F) is NULL when we already checked if
  F->ssl is NULL -- this should be impossible.

* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.

* Change the socket send and recv functions to not peer into a foreign
  ratbox structure -- use the correct function to get the socket fd.

* Rewrap some lines and function arguments.

Other backends will be brought into line with this backend soon.

This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
2016-09-10 08:51:09 +00:00
Aaron Jones
73c486c7a5
MbedTLS: Treat 0 bytes read/written to socket properly
At the moment, if a link quits in just the right (wrong [1]) way,
the quit reason will resemble:

    <-- foo (~bar@baz) has quit (Read error: (-0x0) )

This should resolve that.

[1] Peers should send a close_notify alert before abruptly shutting
    down their socket. This will result in a sane quit message:

    <-- foo (~bar@baz) has quit (Read error: (-0x7880) SSL -
    The peer notified us that the connection is going to be closed)

[ci skip]
2016-09-09 01:47:18 +00:00
Aaron Jones
7272518795
MbedTLS: Initial attempt to port release/3.5 commit 89d4c468 to this branch 2016-09-04 03:50:29 +00:00
Aaron Jones
ac88154f94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:29:53 +00:00
Simon Arlott
86e1de17f3
ircd: serv_connect: initialise sa_connect/sa_bind to AF_UNSPEC
These are read to check if they're AF_UNSPEC (unset) but they aren't
initialised.
2016-09-03 14:52:48 +01:00
Simon Arlott
1315fd5920
librb: set sockaddr port to 0 in success path
Instead of only in the failure path, which causes
all sorts of annoying server connection failures
when we try to repeatedly reuse the same port.
2016-09-03 14:36:17 +01:00
Aaron Jones
94f114641c
OpenSSL: Initialise if LibreSSL
LibreSSL's definition of OPENSSL_VERSION_NUMBER bites us in the ass,
*again*.
2016-09-01 19:29:47 +00:00
Aaron Jones
572c2d4b05
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.

This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
2016-08-30 10:30:17 +00:00
Aaron Jones
0942c1fc26
Print initialisation notice before forking 2016-08-24 16:44:04 +00:00
Jason Volk
c1fc044c35
ircd: Fix umode orphan scheme.
Cherry-picked from jevolk/charybdis f5e7f335
Reformatted slightly.
2016-08-24 16:12:05 +00:00
Aaron Jones
f4e9d91580
startup: fork before initialising the event subsystem
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).

Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.

So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
2016-08-21 22:29:16 +00:00
Aaron Jones
0c23c0b1c5
Attempt to open /dev/null before forking incase it would fail 2016-08-21 00:32:34 +00:00
Aaron Jones
0c433865d3
Attempt #2 at fixing the file descriptor mess.
This commit defers daemonisation to the end of initialisation
as that makes it vastly simpler to get this right.
2016-08-21 00:15:17 +00:00
Aaron Jones
ef24ede3e2
Revert "ircd startup: avoid black magic with file descriptors"
This reverts commit 27c0f6d8f4.

A more extensive investigation and refactoring of the code is
necessary.
2016-08-20 22:22:37 +00:00
Aaron Jones
27c0f6d8f4
ircd startup: avoid black magic with file descriptors
This *should* fix a reported but as yet unreproducable
ircd abort on restart.
2016-08-20 21:14:53 +00:00
Jason Volk
ffedad8dfb ircd: Allow non-default CAP_MASK during server estab. 2016-08-20 04:10:28 -07:00
Aaron Jones
31145ea0b3
TLS Backends: Harmomise the rb_ssl_get_cipher() function
The GNUTLS backend reports the version in use for the client as well
as its ciphersuite -- do the same for the other 2 backends.
2016-08-20 04:16:33 +01:00
Aaron Jones
4906854293
GNUTLS: Avoid null dereference in constructing ciphersuite 2016-08-19 20:26:43 +00:00
Aaron Jones
6971019a09
GNUTLS: Cleanup fingerprint generation
Removes intermediate buffer, properly check return values
2016-08-19 19:14:40 +00:00
Aaron Jones
fd9f652150
README: Clarify that OpenSSL is not required for ECDHE 2016-08-15 10:53:31 +00:00
Aaron Jones
ba1edd7277
mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
2016-08-15 09:50:53 +00:00
Aaron Jones
add3f90b9f
openssl: Avoid use-after-free when rehashing fails to load new files
Commit cf12678 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.

Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.

This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
2016-08-12 13:34:13 +00:00
William Pitcock
e5b5dc997d charybdis 4-rc3. 2016-08-05 23:38:34 -05:00
William Pitcock
f8f5ff705a m_grant: convert jevolk's rewritten version to AV2 2016-08-05 23:37:05 -05:00
William Pitcock
980cf654d0 Merge pull request #207 from charybdis-ircd/jevolk-patch-1
authd: Fix use after reference count decrement.
2016-08-05 23:07:00 -05:00
Jason Volk
7c003d84bc authd: Fix use after reference count decrement. 2016-08-05 13:08:16 -06:00
William Pitcock
5191cd0814 Merge pull request #205 from jevolk/release/4
m_grant: rewrite.
2016-07-27 02:34:38 -05:00
Jason Volk
17f925817e m_grant: rewrite. 2016-07-26 22:40:26 -07:00
Jason Volk
4cc889ae17
ircd: Fix missing operhash reference decrement from b02a913b. 2016-07-19 23:24:33 +00:00
Jason Volk
e4a7cf9f50 Fix erroneous return value. 2016-07-16 11:26:38 -07:00
Aaron Jones
6621472435
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:09 +00:00
Elizabeth Myers
8b0392ca39
Fix stupid compiler errors by my stupidity and tiredness 2016-06-27 19:37:02 -05:00
Elizabeth Myers
cec81c7978
blacklist: add blacklist_cancel_none 2016-06-27 19:36:52 -05:00
Elizabeth Myers
1db45f312a
blacklist: add return statement. d'oh. 2016-06-27 19:36:44 -05:00
Elizabeth Myers
c47e4958e9
blacklist: fix precedence lossage 2016-06-27 19:36:35 -05:00
Elizabeth Myers
02e4674001
blacklist: if no blacklists were checked, properly terminate query. 2016-06-27 19:36:24 -05:00
Elizabeth Myers
d52762b2a9
build_rdns: minor cleanup 2016-06-27 19:36:10 -05:00
Elizabeth Myers
c12d9cd3b2
blacklist: tweak message for timeout 2016-06-27 19:35:51 -05:00
Elizabeth Myers
f16493f468
blacklist: give different messages for cancellation and timeout 2016-06-27 19:35:32 -05:00
William Pitcock
9a71801d08 charybdis 4-rc2. 2016-06-25 22:14:52 -05:00
William Pitcock
74edf6bac0 Merge branch 'master' into release/4 2016-06-25 14:27:44 -05:00
Jason Volk
12de082e2c Fix bug. Note: The second hunk is just an assumption. It's not called from anywhere. 2016-06-25 14:27:32 -05:00
William Pitcock
c642292f25 Merge pull request #196 from jevolk/master
I typed MODRESTART by accident
2016-06-21 20:00:01 -05:00
Jason Volk
b5cfad0319 Core modules cannot be unloaded, otherwise bad things happen.
Additionally some information is logged and passed to the operator
conducting a MODRESTART.
2016-06-21 17:42:36 -07:00
Jason Volk
94afbe9c8e ircd: Fix capability entry name string ownership.
The entry->cap must be copied and exclusive to the entry for the
cap to be orphaned, even if literals are expected. Because modules.
2016-06-21 17:32:28 -07:00
William Pitcock
9ce88407b2 charybdis 4-rc1. 2016-06-19 22:44:47 -05:00
William Pitcock
34ec4fcaeb Merge branch 'master' into release/4 2016-06-19 21:49:52 -05:00
William Pitcock
2e29fd422d librb: remove one more VMS detritius 2016-06-19 21:47:59 -05:00
William Pitcock
0268efc78c librb: we have no plans to support VMS 2016-06-19 21:47:23 -05:00
William Pitcock
16e64bb554 Merge branch 'master' into release/4 2016-06-18 01:06:52 -05:00
William Pitcock
94555087a1 ircd: relocate_paths() back on windows only now 2016-06-18 01:05:38 -05:00
William Pitcock
2185c50aad m_modules: use new module api 2016-06-18 00:59:15 -05:00
William Pitcock
1e37cb443d conf_parser: warning fixes 2016-06-18 00:52:54 -05:00
William Pitcock
e55a9d6abc modules: serious cleanups 2016-06-18 00:52:16 -05:00
William Pitcock
92dad4831d modules: cleanups 2016-06-18 00:38:40 -05:00
William Pitcock
73b70ae846 ircd: fix compile of relocate_paths() 2016-06-18 00:22:02 -05:00
William Pitcock
7145720468 ircd: make relocate_paths() available always 2016-06-18 00:21:39 -05:00
William Pitcock
c51b77a312 ircd: call relocate_paths() in all cases 2016-06-18 00:20:59 -05:00
William Pitcock
8e30e3def4 messages: fix format string warning reported by latest clang 2016-06-17 23:39:19 -05:00
William Pitcock
e0e0c41524 ircd: print runtime path configuration 2016-06-17 23:36:47 -05:00
William Pitcock
cfb1020589 librb: dictionaries which use integer keys may use 0 legitimately 2016-06-17 23:29:11 -05:00
William Pitcock
f88fd40fe9 invite: do not send duplicate invite messages (closes #194) 2016-06-16 20:21:42 -05:00
William Pitcock
397ec4d171 invite: do not send duplicate invite messages (closes #194) 2016-06-16 20:21:18 -05:00
Aaron Jones
499612f19e
mbedtls backend: indicate reason for TLS session termination
[ci skip]
2016-06-12 11:33:41 +00:00
Aaron Jones
2bf9371a07
mbedtls backend: indicate reason for TLS session termination
[ci skip]
2016-06-12 11:33:09 +00:00
William Pitcock
88345c1681 CREDITS: charybdis official channel will now be on irc.charybdis.io. 2016-06-04 23:53:47 -05:00
William Pitcock
00653c77cd CREDITS: charybdis official channel will now be on irc.charybdis.io. 2016-06-04 23:53:21 -05:00
William Pitcock
c8df99af90 CREDITS: adjust to reflect present situation 2016-06-04 23:49:13 -05:00
William Pitcock
7f6882d5f6 CREDITS: adjust to reflect present situation 2016-06-04 23:48:16 -05:00
Aaron Jones
e4196b2feb
Fix regression introduced by commit 2f361bfc 2016-06-01 21:04:45 +00:00
Aaron Jones
0325f5eec8
Fix regression introduced by commit 1863a0f8 2016-06-01 21:03:46 +00:00
Aaron Jones
679a7b614f
Preliminary code tidying complete.
These issues (commits 47a66e15 through 906fd91f inclusive) were
identified with the Clang compiler. Please raise concerns about
them on the issue tracker or in the support channel.
2016-06-01 20:55:32 +00:00
Aaron Jones
906fd91f4b
tools/mkfingerprint: strlen(3) on a raw byte array is wrong -- use its length as indicated by the function that filled it 2016-06-01 20:54:48 +00:00
Aaron Jones
ef9cb1d8de
tools/mkpasswd: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:13 +00:00
Aaron Jones
1e75ec9c7d
bandb/bandb: functions that call exit(3) should be marked noreturn, avoid sign overflow in integer function argument 2016-06-01 20:54:13 +00:00
Aaron Jones
85e31de32c
bandb/bantool: a function that calls exit(3) should be marked noreturn 2016-06-01 20:54:13 +00:00
Aaron Jones
48a0cefe5e
authd/res: make function used only within this unit static, remove unused macros 2016-06-01 20:54:13 +00:00
Aaron Jones
866af85c97
authd/provider: remove shadowed double variable decl 2016-06-01 20:54:13 +00:00
Aaron Jones
75ee370d5f
authd/authd: a function that calls exit(3) should be marked noreturn 2016-06-01 20:54:13 +00:00
Aaron Jones
1863a0f818
wsockd: various fixes
* Use correct sign for comparing data lengths
* Don't return a void statement in a void function
* Remove unused functions and macros
2016-06-01 20:54:12 +00:00
Aaron Jones
759835cf46
ssld: remove unused macros, avoid sign overflow in integer function argument 2016-06-01 20:54:12 +00:00
Aaron Jones
ab9088ad2e
wsproc: compile out dead code
Investigation is required to determine if this function should
actually be used
2016-06-01 20:54:12 +00:00
Aaron Jones
aa7b99eb77
restart: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
Aaron Jones
0b91afb2e1
ircd_signal: a function that tailcalls a noreturn function should be marked noreturn 2016-06-01 20:54:12 +00:00
Aaron Jones
df3db5d99b
ircd: functions that call exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
Aaron Jones
341560ecf2
getopt: a function that calls exit(3) should be marked noreturn 2016-06-01 20:54:12 +00:00
Aaron Jones
b1cfd3922c
dns: make function used only within this unit static 2016-06-01 20:54:12 +00:00
Aaron Jones
4decc628bd
class: remove unused macros 2016-06-01 20:54:12 +00:00
Aaron Jones
ce2c092b49
chmode: remove unreachable break statement 2016-06-01 20:54:12 +00:00
Aaron Jones
bca336720e
chmode: silence harmless uninitialised variable warning 2016-06-01 20:54:12 +00:00
Aaron Jones
ec5522a1ca
channel: silence harmless uninitialised variable warning 2016-06-01 20:54:12 +00:00
Aaron Jones
2ec9f59588
bandbi: a function that calls exit(3) should be marked noreturn 2016-06-01 20:54:11 +00:00
Aaron Jones
5cbd46a893
authproc: don't shadow variable decls, avoid reserved name 2016-06-01 20:54:11 +00:00
Aaron Jones
47a66e154f
librb: silence some fairly harmless compiler warnings
These include warnings about "break" statements that will never be
executed (because they are after "return" statements), unused macros
(lost to code refactoring or never even used in the first place),
functions that call abort() or loop indefinitely but aren't marked with
the "noreturn" attribute, and use of variables possibly uninitialised
(a false positive).
2016-06-01 20:54:11 +00:00
Aaron Jones
4abb0b02c1
Preliminary code tidying complete.
These issues (commits 92706fd5 through 707bc7cd inclusive) were
identified with the Clang compiler. Please raise concerns about
them on the issue tracker or in the support channel.
2016-06-01 20:46:43 +00:00
Aaron Jones
707bc7cd5a
tools/mkfingerprint: strlen(3) on a raw byte array is wrong -- use its length as indicated by the function that filled it 2016-06-01 20:41:03 +00:00
Aaron Jones
2cad541582
tools/mkpasswd: functions that call exit(3) should be marked noreturn 2016-06-01 20:38:54 +00:00
Aaron Jones
e44fe481e3
bandb/bandb: functions that call exit(3) should be marked noreturn, avoid sign overflow in integer function argument 2016-06-01 20:37:51 +00:00
Aaron Jones
2e032bf638
bandb/bantool: a function that calls exit(3) should be marked noreturn 2016-06-01 20:34:51 +00:00
Aaron Jones
856440bcb3
authd/res: make function used only within this unit static, remove unused macros 2016-06-01 20:32:12 +00:00
Aaron Jones
656c85d090
authd/provider: remove shadowed double variable decl 2016-06-01 20:29:35 +00:00
Aaron Jones
2a7e1da947
authd/authd: a function that calls exit(3) should be marked noreturn 2016-06-01 20:27:19 +00:00
Aaron Jones
2f361bfc49
wsockd: various fixes
* Use correct sign for comparing data lengths
* Don't return a void statement in a void function
* Remove unused functions and macros
2016-06-01 20:23:13 +00:00
Aaron Jones
1187d61128
ssld: remove unused macros, avoid sign overflow in integer function argument 2016-06-01 20:17:09 +00:00
Aaron Jones
9a9bc518c1
wsproc: compile out dead code
Investigation is required to determine if this function should
actually be used
2016-06-01 20:15:07 +00:00
Aaron Jones
87a0418643
restart: functions that call exit(3) should be marked noreturn 2016-06-01 20:14:09 +00:00
Aaron Jones
e83991950f
ircd_signal: a function that tailcalls a noreturn function should be marked noreturn 2016-06-01 20:11:46 +00:00
Aaron Jones
6be270b107
ircd: functions that call exit(3) should be marked noreturn 2016-06-01 20:05:56 +00:00
Aaron Jones
47493ba39c
getopt: a function that calls exit(3) should be marked noreturn 2016-06-01 20:03:52 +00:00
Aaron Jones
83adc41d5c
dns: make function used only within this unit static 2016-06-01 20:02:57 +00:00
Aaron Jones
002cc1d04d
class: remove unused macros 2016-06-01 20:01:51 +00:00
Aaron Jones
b2c9df4786
chmode: remove unreachable break statement 2016-06-01 20:00:48 +00:00
Aaron Jones
73d759aeb4
chmode: silence harmless uninitialised variable warning 2016-06-01 20:00:11 +00:00
Aaron Jones
d352ca15aa
channel: silence harmless uninitialised variable warning 2016-06-01 19:58:53 +00:00
Aaron Jones
2ce25d94d9
bandbi: a function that calls exit(3) should be marked noreturn 2016-06-01 19:56:47 +00:00
Aaron Jones
e806f52379
authproc: don't shadow variable decls, avoid reserved name 2016-06-01 19:55:35 +00:00
Aaron Jones
92706fd551
librb: silence some fairly harmless compiler warnings
These include warnings about "break" statements that will never be
executed (because they are after "return" statements), unused macros
(lost to code refactoring or never even used in the first place),
functions that call abort() or loop indefinitely but aren't marked with
the "noreturn" attribute, and use of variables possibly uninitialised
(a false positive).
2016-06-01 19:50:09 +00:00
Aaron Jones
d5ad6015c5
openssl: use snprintf(3) instead of rb_snprintf() 2016-06-01 18:04:43 +00:00
Aaron Jones
1a938496eb
openssl: use snprintf(3) instead of rb_snprintf() 2016-06-01 18:04:23 +00:00
Aaron Jones
1490b52e19
openssl: More LibreSSL compatibility
LibreSSL does not have the new version macros & functions that OpenSSL
1.1.0 implements. This causes a compile-time failure against LibreSSL.

Further, the runtime function for returning the library version returns
the wrong number (the hardcoded constant number SSLEAY_VERSION_NUMBER
aka OPENSSL_VERSION_NUMBER, instead of LIBRESSL_VERSION_NUMBER).

Add more ifdef soup to remedy the situation.
2016-06-01 17:55:53 +00:00
Aaron Jones
5325f9d2d2
openssl: More LibreSSL compatibility
LibreSSL does not have the new version macros & functions that OpenSSL
1.1.0 implements. This causes a compile-time failure against LibreSSL.

Further, the runtime function for returning the library version returns
the wrong number (the hardcoded constant number SSLEAY_VERSION_NUMBER
aka OPENSSL_VERSION_NUMBER, instead of LIBRESSL_VERSION_NUMBER).

Add more ifdef soup to remedy the situation.
2016-06-01 17:54:43 +00:00
Aaron Jones
0763237d5f
openssl: change how we load DH parameters
The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
2016-05-25 21:48:50 +00:00
Aaron Jones
3057f91d98
openssl: change how we load DH parameters
The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
2016-05-25 21:46:34 +00:00
Aaron Jones
0982871a99
strcpy: mass-migrate to strlcpy where appropriate 2016-05-15 03:58:44 +00:00
Aaron Jones
4d5a902f08
strcpy: mass-migrate to strlcpy where appropriate 2016-05-15 03:57:16 +00:00
Aaron Jones
8f961edc50
appveyor: correct version
[ci skip]
2016-05-15 01:14:08 +00:00
Aaron Jones
02ca4405a0
appveyor: correct version
[ci skip]
2016-05-15 01:13:50 +00:00
Aaron Jones
72640a9ddf
ircd_lexer: fix another crash with the same cause 2016-05-15 00:58:19 +00:00
Aaron Jones
d539f22782
ircd_lexer: fix another crash with the same cause 2016-05-15 00:57:16 +00:00
Aaron Jones
401cb2bb17
ircd_lexer: fix crash with very large config option strings 2016-05-15 00:00:23 +00:00
Aaron Jones
b143df9ac4
minor spring cleaning: remove/relocate duplicate/unused includes & macros
[ci skip]
2016-05-14 23:29:33 +00:00
William Pitcock
be7c282296 makerelease: fix DATECODE output 2016-05-14 17:28:49 -05:00
William Pitcock
b28cccb704 NEWS: document websocket availability 2016-05-14 17:24:56 -05:00
William Pitcock
be2447b850 config: document websocket options 2016-05-14 17:24:20 -05:00
William Pitcock
dcf450702b newconf: ensure wsock and defer_accept are default-to-disable for now, for consistency sake on rehashes 2016-05-14 17:23:51 -05:00
Aaron Jones
7de13f7e5e
starttls: Allow command usage with backends other than OpenSSL 2016-05-14 00:26:03 +00:00
Simon Arlott
4ad9738d7a
m_alias: correctly construct string to be sent 2016-05-12 19:45:27 +01:00
Simon Arlott
8dd5d185e8
bandb: sqlite3: use getpagesize() on FreeBSD 2016-05-12 12:43:18 +01:00
Simon Arlott
0e0d823a5d
wsockd: include stdinc.h so that sys/types.h is included on FreeBSD 4.8 2016-05-12 12:43:17 +01:00
Simon Arlott
7c7cf006ca
librb: define UINT32_MAX for FreeBSD 4.8 2016-05-12 12:43:16 +01:00
Simon Arlott
87f7632760
librb: support rb_path_to_self on FreeBSD 4.8 2016-05-12 12:43:15 +01:00
Simon Arlott
d2a4981ab2
client: call authd_abort_client with the client that is exiting, not the originator 2016-05-12 10:06:31 +01:00
William Pitcock
96bcbb5d56 Merge pull request #191 from GLolol/patch-1
doc: add extensions/chm_nonotice to example confs
2016-05-11 23:46:10 -05:00
James Lu
cdc31cc55f doc: add extensions/chm_nonotice to example confs 2016-05-11 21:39:42 -07:00
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.

[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
[ci skip]
2016-05-05 04:20:07 +00:00
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present 2016-05-05 04:10:57 +00:00
Aaron Jones
883f3833ed
Travis CI: Build against sqlite3 library 2016-05-05 03:54:38 +00:00
Aaron Jones
1e7342d0f4
[mbedtls] Various fixes and improvements
* Move certificate, key, DH parameters and configuration to heap
  (Documentation states that setting new configuration, e.g.
   during a rehash, is unsupported while connections using that
   configuration are active)

  This is the same approach as the fix for #186

  Refcount these structures so as to not introduce a memory leak

  On rehash, it will use new structures only if there are no
  errors in constructing them

* Make fingerprint generation work for TLS connections

  See the comments in the newly created file for an explanation

* Fix memory leak when generating a fingerprint from a file

* Add better error-reporting (strings in addition to numbers)
  where possible

* Coalesce several connection memory allocations into one function

* Reduce boilerplate where possible (Charybdis targets C99)

* Support private key being in certificate file, and having no
  DH parameters file

* Correct erroneous closing comment
2016-05-05 03:47:57 +00:00
Aaron Jones
c40eede13b
[TLS Backends] Make version strings more useful and consistent 2016-05-05 03:47:46 +00:00
Aaron Jones
0fe9dd4119
[TLS Backends] Allow absense of private key file
Use the certificate file instead
2016-05-05 03:47:33 +00:00
Aaron Jones
4d83a4d92d
[sslproc] Allow absense of private key file
Backends can then assume that the private key is in the certificate file
2016-05-05 03:47:18 +00:00
Aaron Jones
f831e92603
Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci ckip]
2016-05-03 17:49:00 +00:00
Simon Arlott
da20854e83
random_ping: stop producing negative values that become 16 chars 2016-05-02 21:14:16 +01:00
Simon Arlott
84d0b55e76
authd: fix reference far off the end of the array on shutdown
When authd has no more input it tries to reject all current clients with
an id of UINT32_MAX.
2016-05-01 11:51:07 +01:00
Simon Arlott
2f598dacdd
authd: remove unused variable id from accept_client 2016-05-01 11:51:06 +01:00
Simon Arlott
075d4d569e
authd: allocate the correct size of auth_client_data
If there are holes in the auth_providers ID numbers, the array allocated
based on list length won't be large enough to handle all the IDs.

(auth->data could be converted to a dlink_list)
2016-05-01 11:51:05 +01:00
Simon Arlott
a5f52774bb
authd: Only use refcount for reference counting
Use providers_active for provider activity tracking.
2016-05-01 11:31:05 +01:00
Simon Arlott
2392770f4d
authd: fix auth->cid type sizes
* long is too small on 32-bit systems, use unsigned long long if we want
  to check for out of range values
* UINT32_MAX is a valid cid, and 0 isn't
* make auth->cid a uint32_t not uint16_t
2016-05-01 11:12:34 +01:00
Simon Arlott
a4da4fe574
authd: fix memory leak in start_auth 2016-05-01 10:59:22 +01:00
Simon Arlott
9f928dc532
authd: don't call cancel_providers recursively
Also check that they haven't been cancelled while starting up.
2016-05-01 10:53:34 +01:00
Simon Arlott
d955cd9f97
authd: use a list for auth_providers
We only need to iterate over this small fixed size list, so
dictionary iteration will be less efficient.
2016-05-01 10:49:12 +01:00
Elizabeth Myers
f4d828ef96 m_alias: restore old behaviour of joining all parameters.
There are two important caveats here, however:

1) Aliased commands have more than 8 parameters will be truncated;
there's nothing I can do about this.
2) Parameters with colons will not be handled as you expect. Again,
nothing I can do about this.
2016-05-01 03:48:00 -05:00
William Pitcock
998b6ec513 stage for charybdis 4-beta1. 2016-04-30 19:58:14 -05:00
William Pitcock
9cd0063a2c librb: fix commio build on win32 2016-04-30 19:33:31 -05:00
William Pitcock
b585278b32 authd: provider: make refcounting system less fragile 2016-04-30 19:26:02 -05:00
William Pitcock
a71b65b15c Revert "authd: change to lists instead of dictionaries for various things"
This reverts commit 49fd293f20.
2016-04-30 19:20:12 -05:00
Aaron Jones
92404a1a98
[openssl] Forward-port some more cleanups from fixes to 3.5 2016-04-30 21:45:16 +00:00
Simon Arlott
3b0b4037d0
authd: don't decrement refcount twice when accepting the client 2016-04-30 17:06:21 +01:00
Simon Arlott
896370cc3e
m_stats: don't try to access bl_stats if it doesn't exist 2016-04-30 13:18:48 +01:00
Simon Arlott
3c5f720c6f
authd_check: don't try to update bl_stats if it doesn't exist
This can happen if all the blacklists are removed and then authd
sends a blacklisted response for a client.
2016-04-30 13:18:06 +01:00
Simon Arlott
4573f8f2fb
authproc: don't try to delete bl_stats if it hasn't been created 2016-04-30 13:11:06 +01:00
Simon Arlott
8a29e7cd1e
librb: shutdown() listening sockets pending close() so that listeners can be reopened reliably 2016-04-30 11:36:28 +01:00
Elizabeth Myers
c767c58b2a
opm: use rb_dlinkDelete instead of rb_dlinkFindDelete. 2016-04-30 01:59:05 -05:00
Elizabeth Myers
49fd293f20
authd: change to lists instead of dictionaries for various things
Iteration is the primary thing done on these, so using a dictionary
doesn't help a lot. Furthermore (and most importantly), they are not
safe to delete from.
2016-04-30 01:59:05 -05:00
William Pitcock
d71787ab69 librb: rb_path_to_self(): use sysctl(2) interface on freebsd/dragonfly 2016-04-30 01:19:08 -05:00
Elizabeth Myers
e7c4ecd5b1
authproc: don't delete during iteration, this is not safe. 2016-04-30 01:11:56 -05:00
William Pitcock
a2bfe0f88e librb: linebuf: don't reinvent rb_dlinkAddTailAlloc(). 2016-04-30 00:59:08 -05:00
Elizabeth Myers
9f7f75295c
authd: don't try to do anything on exit, it's too precarious 2016-04-30 00:46:18 -05:00
William Pitcock
5a775221d2 tools: fix stub rb_strcasecmp() build 2016-04-29 19:52:19 -05:00
William Pitcock
b5f3e5e5e8 ircd: Channel.bants is not a serial but a timestamp.
Previously, the IRCd would increment bants instead of resyncing the timestamp, causing the potential of
false negatives from the bancache system.
2016-04-29 18:59:32 -05:00
Simon Arlott
ff0414c856 librb: close FDs when they're freed (outside of select handler) 2016-04-29 16:19:08 -05:00
Aaron Jones
fed4fc59bc
Mention another RFC with regard to deprecating plaintext 2016-04-29 16:28:18 +00:00
Aaron Jones
cf12678be5
[openssl] More improvements to the backend
* Don't manually initialise libssl 1.1.0 -- it does this automatically
* SSL_library_init() should be called first otherwise
* Move SSL_CTX construction to rb_setup_ssl_server()
* Test for all required files (certificate & key) before doing anything
* Free the old CTX before constructing a new one (Fixes #186)
* Don't try to set options / ciphers etc on a NULL CTX
* Clean up ifdef indentation
* Fix DH parameters memory leak
2016-04-29 16:26:52 +00:00
Simon Arlott
f9014791da
openssl: set ciphers on client connections too 2016-04-29 07:42:12 +01:00
Simon Arlott
1cdf323be9
sslproc: don't send updated config to dead/shutdown sslds
They might be running older versions of the SSL library that
doesn't support the key type or ciphers being configured.
2016-04-29 07:35:43 +01:00
Simon Arlott
036cafaaaf
sslproc: reset ssld_wait/spin_count when explicitly requested to restart ssld 2016-04-28 22:25:36 +01:00
Aaron Jones
6a7ea191a7
[mbedtls] correct printf argument count
[ci skip]
2016-04-27 22:11:19 +00:00
Aaron Jones
b28c26d965
Partially revert previous commit
The OpenSSL backend is the only one that assigns a non-constant
value to the length variable. Use the correct type for its
pointer and cast instead.

[ci skip]
2016-04-27 21:49:55 +00:00
Aaron Jones
e3760ba710
[TLS backends] Miscellaneous fixes
* Certificate fingerprint length functions return an "int", so use an
  int when calculating the length
* Clean up the OpenSSL certificate fingerprint if() and indentation mess
2016-04-27 21:45:19 +00:00
Simon Arlott
d6acb43769
openssl: don't allow certificates outside the validity period 2016-04-27 22:03:49 +01:00
Simon Arlott
c53b6ef2cc
epoll: don't try to read from closed FDs 2016-04-27 21:16:29 +01:00
Aaron Jones
b1f0549361
[openssl] support ECDHE on more than one curve when possible 2016-04-27 16:17:33 +00:00
Simon Arlott
f590c59d5c
mkfingerprint: use certfp method names from certfp.h 2016-04-26 20:58:16 +01:00
Simon Arlott
0346918701
add mkfingerprint program 2016-04-26 20:49:03 +01:00
Simon Arlott
f018ed844d
certfp: Move method name/prefix strings to a separate header file 2016-04-26 20:33:18 +01:00
Simon Arlott
31646e89ba
librb: gnutls: check return value of fread() 2016-04-26 20:33:17 +01:00
Simon Arlott
7380ded584
ircd.conf.example: use certfp_method = spki_sha256
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
2016-04-25 23:52:18 +01:00
Simon Arlott
5adde7a4ed
getopt: don't modify argv as it breaks restart() 2016-04-25 23:32:18 +01:00
Simon Arlott
c173a8ad44
modules: use exit(EXIT_FAILURE) on failure
This will allow service process monitoring to recognise the difference
between a shutdown and an error of a -foreground ircd, because only
/DIE (or SIGINT) will exit with return code 0.
2016-04-25 22:27:57 +01:00
Simon Arlott
762468f85d
authd: wait until the ssl connection is "open" before reading
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.

Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
2016-04-25 21:43:21 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
Don't use the librb callback type as we're always passing client_p.

Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
e1f16ce22e
openssl: accept more certificate verify errors as valid 2016-04-25 20:38:39 +01:00
Simon Arlott
f61d096186
conf: require certificate fingerprint for SSL connections 2016-04-25 20:19:48 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
93ad89b232
sslproc: send the certftp method on rehash 2016-04-25 19:25:45 +01:00
Simon Arlott
f7b0c4b3d8
sslproc: use global ServerInfo configuration
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
2016-04-25 19:20:45 +01:00
Simon Arlott
90fd6ede1b
sslproc: include ssl_cipher_list in length check before sending configuration to ssld 2016-04-25 19:12:47 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
8cbd70a8ed
ircd: don't send ERR_NOTREGISTERED to servers
Sending messages after SERVER but before zlib is established breaks
outgoing connections. If the other server is misbehaving then ignore
its messages.
2016-04-24 17:41:44 +01:00
Simon Arlott
5ad62c80ee
librb: remove socklen parameter from rb_connect_tcp 2016-04-24 17:11:20 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
65f43a4fc4
ircd: Don't try to connect to servers that we know have an invalid fingerprint
This just causes an unnecessary link/squit on the other server.
2016-04-24 11:49:21 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
fbbc6aeb00
ssld: send cipher/certfp before proxying any plaintext traffic 2016-04-24 10:39:16 +01:00
Simon Arlott
3085734104
m_stats: display certificate fingerprint in STATS C 2016-04-24 01:06:51 +01:00
Simon Arlott
00039dcddd
m_alias: store a copy of alias->name as it will be freed on a rehash 2016-04-24 00:09:12 +01:00
Simon Arlott
5c317f1313
ircd: parse: add asserts for improper use of mod_add_cmd/mod_del_cmd 2016-04-23 23:56:41 +01:00
Simon Arlott
e8de2bfaf0
modules: add missing break 2016-04-23 23:37:38 +01:00
Simon Arlott
558744e520
ircd: do nothing in client_release_connids if !MyConnect 2016-04-23 23:25:25 +01:00
Simon Arlott
cc02bdf3a6
ircd: fix assert in client_release_connids
The connection may have already been closed and MyConnect cleared.

It's only a bug if the connection somehow has connids but is not
our connection.
2016-04-23 23:22:01 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds 2016-04-23 22:46:25 +01:00
Simon Arlott
7da82465a8
librb: mbedtls: fix rb_get_ssl_certfp()
Add missing break statements.
Return the hash length on success.
2016-04-23 22:45:13 +01:00
Simon Arlott
bf3bcbb5b2
librb: fix mbedtls library order
libmbedtls depends on libmbedx509 and libmbedcrypto
libmbedx509 depends on libmbedcrypto

They have to be specified in the correct order for the GNU linker to work.
2016-04-23 22:13:03 +01:00
Simon Arlott
0ae7a89d78
ircd: sslproc: certfp commands have a 9 byte header, not 5 bytes
SHA512 hashes were being ignored because the message was too large
2016-04-23 20:52:20 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds 2016-04-23 20:46:26 +01:00
William Pitcock
c6098ed357 client: fix up client_release_connids() too, pointed out by lp0 2016-04-23 14:26:01 -05:00
William Pitcock
5c63bfe8b1 client: connid_get() should check MyConnect(), not MyClient(). 2016-04-23 14:17:36 -05:00
Simon Arlott
84e3e445aa
mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-04-23 17:37:05 +01:00
Simon Arlott
b49efe577c
mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-04-23 17:37:04 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip] 2016-04-23 17:57:07 +03:00
Simon Arlott
e7c4cf63bc
authproc: set GOT_ID flag when an ident response is received 2016-04-23 15:41:27 +01:00
staticfox
1729f46eab
authd: Avoid negative array indices 2016-04-22 23:06:42 -04:00
Elizabeth Myers
7445ece1d1
Revert "Implement the netsplit batch type."
This needs more work, see
https://github.com/ircv3/ircv3-specifications/issues/253

This reverts commit 2373891299.
2016-04-16 11:05:00 -05:00
Elizabeth Myers
2373891299
Implement the netsplit batch type.
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...

Compile tested, needs more testing.
2016-04-15 16:50:43 -05:00
Elizabeth Myers
4f2b9a4fd1
Don't use key member of dictionary iter objects after deletion 2016-04-12 09:43:50 -05:00
Elizabeth Myers
9e5c31ea0d
authproc: fix a typo 2016-04-12 09:37:56 -05:00
Elizabeth Myers
5e9a3f8674
Change the way authd configures opm
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
2016-04-12 09:36:09 -05:00
Mantas Mikulėnas
5eb8ce0679 Merge pull request #183 from grawity/sasl-fail-throttle-v3
limit failed SASL authentication attempts
2016-04-11 22:28:33 +03:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage 2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
834579cecd
m_sasl: fix coding style 2016-04-11 20:12:31 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts 2016-04-11 20:02:09 +03:00
Elizabeth Myers
ed5e1d1e41 send: trim a blank line [ci skip] 2016-04-11 11:52:01 -05:00
Elizabeth Myers
a2b7ef92a1 Make directions more clear for disabling OPM 2016-04-11 11:26:15 -05:00
Elizabeth Myers
c9b6f58349 Name the fallback strncasecmp properly [ci skip] 2016-04-10 17:28:20 -05:00
Elizabeth Myers
ea3168fff8 whoops, fix a typo 2016-04-10 17:26:09 -05:00
Elizabeth Myers
8b813d3060 Replace my shitty fallbacks with those from FreeBSD 2016-04-10 17:25:32 -05:00
Elizabeth Myers
3eb5fee4f1 README: put git command in backticks [ci skip] 2016-04-10 17:15:46 -05:00
Elizabeth Myers
efc4b18c78 *sigh* comment these out until travis is fixed. 2016-04-10 17:12:42 -05:00
Elizabeth Myers
c5514ce8ee Add these for now until travis actually gets their shit together. 2016-04-10 17:07:33 -05:00
Elizabeth Myers
571b7239ab travis: install shtool. 2016-04-10 16:53:40 -05:00
Elizabeth Myers
238db37776 Get rid of install-sh and use shtoolize to create them.
Contributed by jackal^
2016-04-10 16:49:42 -05:00
Elizabeth Myers
e34368b1bc modules/m_set: booleanify. 2016-04-10 10:11:03 -05:00
Elizabeth Myers
9af0d38291 librb: minor adjustments to rb_strcasestr fallback to avoid warnings. 2016-04-10 10:10:46 -05:00
Elizabeth Myers
7a21fb5b34 s_user: clean up authd checks 2016-04-10 10:02:33 -05:00
Elizabeth Myers
2a104d6641 s_user: enhancements to proxy reporting messages 2016-04-10 09:35:02 -05:00
Elizabeth Myers
ce58d2dc61 Remove extraneous whitespace [ci skip] 2016-04-10 09:23:14 -05:00
Elizabeth Myers
d19aab3375 Fix stupid linux warning 2016-04-10 09:22:34 -05:00
Elizabeth Myers
154dc91ef0 Wrap up authd preclient stuff in its own struct 2016-04-10 09:20:51 -05:00
staticfox
02fa4362cd version.c.SH: Fix build
We need stddef.h mainly for NULL
2016-04-09 06:05:08 -04:00
Elizabeth Myers
b14d2bd6ea Formatting fixes for credits
Contributed from jackal^, but fixed up a bit.
2016-04-09 04:55:57 -05:00
Elizabeth Myers
b376d0fd46 Properly clean up build artifacts.
Author: jackal^ from freenode
2016-04-09 04:55:57 -05:00
Elizabeth Myers
4eafa9e62f ipv4_from_ipv6: move to librb 2016-04-08 03:49:23 -05:00
Elizabeth Myers
0807c97e69 elide messages about not checking blacklists or scanning for proxies 2016-04-07 09:45:12 -05:00
Elizabeth Myers
5a22e9259b Fix overzealotry in flags fixing.
These flags are for oper confs, not for client flags.
2016-04-07 07:48:50 -05:00
Elizabeth Myers
66f7fe673b Get rid of flags2.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.

This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
Elizabeth Myers
9057170ce8 Cleanup defaults.h config file.
Clean up spaces/tabs mixing mess (bleh), add some defaults for authd
stuff, and get rid of CHARYBDIS_SOMAXCONN (just define SOMAXCONN if it's
available...).
2016-04-07 04:47:48 -05:00
Elizabeth Myers
e791dc6d5e NEWS: add some more relevant items [ci skip] 2016-04-07 04:47:31 -05:00
Elizabeth Myers
7cc09379ac NEWS: move news element down to code changes [ci skip] 2016-04-07 04:21:16 -05:00
Elizabeth Myers
d1478ff205 NEWS: add module changes 2016-04-07 04:19:24 -05:00
Elizabeth Myers
0a87075b86 modules: fix up display names 2016-04-07 04:15:12 -05:00
Elizabeth Myers
78946542bb modules: move module loading/unloading commands to dedicated module.
There's no reason to really have these in the main ircd anymore, static
modules are dead and aren't coming back.

To ensure people don't do something hopelessly retarded, this is a core
module.
2016-04-07 04:00:25 -05:00
Elizabeth Myers
95b0324658 m_stats: use macros to clean up generating the stats table 2016-04-07 03:27:50 -05:00
Elizabeth Myers
999c42bad8 Remove useless alias_entry hits member 2016-04-06 11:47:13 -05:00
Elizabeth Myers
0d7e4d311a m_stats: don't list alias entries twice. 2016-04-06 11:45:55 -05:00
Elizabeth Myers
9620c6d61c m_alias: fix an assert 2016-04-06 11:43:19 -05:00
Elizabeth Myers
4434f37513 authd: clean up refcounting stuff 2016-04-06 11:43:05 -05:00
Elizabeth Myers
45e6c74631 authd: refcounting fixes 2016-04-06 09:52:25 -05:00
Elizabeth Myers
34f65493cd opm: big cleanup
This simplifies the creation of scan types by removing lots of awful
boilerplate code and checks that need to be duplicated everywhere.
2016-04-06 09:22:24 -05:00
Elizabeth Myers
8b886283e0 opm: minor fixes 2016-04-06 08:34:39 -05:00
Elizabeth Myers
cef7dfc56c m_alias: fix build with --enable-assert 2016-04-06 07:57:20 -05:00
Elizabeth Myers
a19097baa4 ircd: load modules after conf files
The alias module depends on this
2016-04-06 07:43:45 -05:00
Elizabeth Myers
269646ed4c opm: silly bugfix 2016-04-06 07:43:36 -05:00
Elizabeth Myers
dd598516c8 m_alias: minor cleanup 2016-04-06 07:33:36 -05:00
Elizabeth Myers
a559032938 Partially update a comment 2016-04-06 07:28:30 -05:00
Elizabeth Myers
b663a8070f Move alias handling into a dedicated module.
Not yet tested, caveat emptor!

Closes #166
2016-04-06 07:27:50 -05:00
Elizabeth Myers
d4fdeec0d8 s_conf: s_bsd's been gone for a long time... lol 2016-04-06 06:48:59 -05:00
Elizabeth Myers
900683650a Static modules are dead, remove this. 2016-04-06 06:30:58 -05:00
Elizabeth Myers
2575a78b0e Add hook for when rehash is called.
This will be used by the future alias module.
2016-04-06 05:43:54 -05:00
Elizabeth Myers
6b3e61f1f8 Use uint32_t for get_provider_id, not int 2016-04-06 05:43:28 -05:00
Elizabeth Myers
f956cb0f1f Use rb_* versions of nonportable string functions 2016-04-05 05:39:59 -05:00
Elizabeth Myers
508e25a85b librb: add versions of rb_strcasecmp, rb_strncasecmp, and rb_strcasestr.
The first two are POSIX but not standard (Windows has functions that act
like it, so use them), but the latter is non-standard, full stop.
2016-04-05 05:33:43 -05:00
Elizabeth Myers
731d128990 authd: rework module ID system
Provider ID's are now assigned dynamically at load-time. To accomodate
this, there is now a lookup system for finding providers by name (all
providers have names as well).
2016-04-05 04:31:22 -05:00
Elizabeth Myers
376ae2e2a7 Clean up the provider status logic.
Provider status (done, running, not run) is now attached to the
provider-specific data of the client. A reference count of auth
instances is kept in the auth_client struct to determine if a client is
done or not.

This also moves a lot of the logic for manipulating provider data into
into the provider.h header for inlining (no point in a function call for
these simple accessors).
2016-04-05 03:30:02 -05:00
Elizabeth Myers
a68d9a2b61 authd: dynamically allocate data and timeout elements 2016-04-05 03:08:52 -05:00
William Pitcock
d475622639 authd: mention rDNS in found your hostname message 2016-04-05 00:56:43 -05:00
Elizabeth Myers
bdddd9ba83 authd: update all providers to new timeout API 2016-04-04 04:32:55 -05:00
Elizabeth Myers
2e1e0b9981 authd: add provider timeout setting API 2016-04-04 04:24:49 -05:00
Elizabeth Myers
1b4dba98a6 opm: fix typo 2016-04-04 03:59:18 -05:00
Elizabeth Myers
a8322b5268 opm: update to new provider data API 2016-04-04 03:58:46 -05:00
Elizabeth Myers
e78a87f3c4 blacklist: update for new provider data API 2016-04-04 03:49:34 -05:00
Elizabeth Myers
9155a94867 ident: replace some checks with asserts
These checks shouldn't ever trigger, and if they do, it's a problem.
2016-04-04 03:48:42 -05:00
Elizabeth Myers
751d39cc17 ident: update to use new provider data API 2016-04-04 03:39:22 -05:00
Elizabeth Myers
74909c9ada authd: add provider data getter/setter functions 2016-04-04 03:33:25 -05:00
Elizabeth Myers
fc9013d6b0 Don't send original error message if we're already on the channel we're forwarding to
Closes #55
2016-04-04 03:08:52 -05:00
Elizabeth Myers
3256156aca Announce changed capabilities on module load
Closes #165
2016-04-04 02:30:35 -05:00
staticfox
5eb3d7a7c0 modules: Revert mapi_register() to use ints
modinit() returns either 0 (success) or -1 (failure) so we
can't check for true/false.
2016-04-03 20:14:36 -04:00
William Pitcock
5902547a10 wsockd: use text frames 2016-04-03 15:15:12 -05:00
Elizabeth Myers
c0483ac17b boolify calls to rehash 2016-04-03 01:53:34 -05:00
Elizabeth Myers
aa483e55bd bool-ify modules stuff 2016-04-03 01:51:45 -05:00
William Pitcock
dab623671c wsockd: set FIN attribute on all frames, we don't fragment 2016-04-03 01:40:52 -05:00
Elizabeth Myers
6603175304 Clean up module loading a bit. 2016-04-03 01:21:19 -05:00
William Pitcock
c90e5c0884 wsockd: implement plain linebuf draining, finishing this off (closes #78) 2016-04-03 00:10:24 -05:00
William Pitcock
d3f01ce7bf wsockd: implement reading of small and large frames (but not huge frames) 2016-04-03 00:10:24 -05:00
Elizabeth Myers
53c0462146 provider: use rb_dlinkAddTail instead of rb_dlinkAdd.
Providers we add last should come last, not first.
2016-04-03 00:06:58 -05:00
Elizabeth Myers
85589ba32f opm: don't start until we've finished ident and rDNS queries.
This ensures that if we reject the client, they will always have a
username and hostname if ircd decides to accept them.
2016-04-03 00:05:53 -05:00
Elizabeth Myers
cfb9253671 Update warnings in the opm default configs [ci skip] 2016-04-02 23:42:23 -05:00
Elizabeth Myers
0e651b1441 librb: rb_run_event -> rb_run_one_event
This is to avoid confusion with rb_event_run, which does something else.
2016-04-02 23:38:28 -05:00
Elizabeth Myers
f8ef4b8dd6 win32: change from ircd-ratbox-class to charybdis-class 2016-04-02 23:19:38 -05:00
Elizabeth Myers
ffa79a9516 Use rb_dlink_list_length... == 0, not !rb_dlink_list_length 2016-04-02 22:45:52 -05:00
Elizabeth Myers
34bc7caeae Send enabling message to opm at the end of opm block. 2016-04-02 22:33:19 -05:00
Elizabeth Myers
55984834e5 opm: properly disable opm on blacklist deletions.
If there are no proxies left (or they're all being cleared), disable
OPM, as it's totally useless from that point.
2016-04-02 22:31:19 -05:00
Elizabeth Myers
5c5296c8f8 newconf: delete all proxies on rehash 2016-04-02 22:30:54 -05:00
Elizabeth Myers
7f2272d3d3 opm: properly check for duplicate listeners 2016-04-02 21:13:44 -05:00
Elizabeth Myers
850ced64fe authd: options can have no parameters.
This is used for deleting all blacklists for instance.
2016-04-02 20:42:45 -05:00
William Pitcock
c3780ae27f wsockd: try to flush ircd-side recvq when we call close_conn()
this is so that a websocket client may receive it's ERROR message if available
2016-04-02 20:40:17 -05:00
William Pitcock
7428c4e07e wsockd: write short frames and long frames using their preferred wire formats 2016-04-02 20:32:32 -05:00
Elizabeth Myers
e2a8228f85 authproc: minor fixes 2016-04-02 20:31:32 -05:00
Elizabeth Myers
8d48aa190b dns: don't use zero ID's 2016-04-02 20:19:37 -05:00
Elizabeth Myers
e22b896208 Merge branch 'master' of github.com:charybdis-ircd/charybdis 2016-04-02 20:11:35 -05:00
Elizabeth Myers
1d657e0b08 authproc: rehash on authd restart
This is a hack for now so it gets the config again.
2016-04-02 20:10:56 -05:00
Elizabeth Myers
7c4b574e1b authd: avoid crash on full reload 2016-04-02 20:10:17 -05:00
William Pitcock
e688bcbdaf wsockd: more progress on output 2016-04-02 19:59:16 -05:00
Elizabeth Myers
4dbed1ed61 conf: in OPM, it's listen_port, not port. [ci skip] 2016-04-02 19:53:24 -05:00
Elizabeth Myers
18f3b3c928 opm: downgrade a non-fatal warning 2016-04-02 19:50:25 -05:00
Elizabeth Myers
3d2fc110e3 authproc: add more API's for opm management 2016-04-02 19:45:27 -05:00
Elizabeth Myers
c1f4db3fb7 Tweak some configuration semantics of opm 2016-04-02 19:45:09 -05:00
Elizabeth Myers
d9364d2913 authproc: pad leading 0 for localhost IP's
This avoids misparsing by rb's helper stuff..
2016-04-02 19:29:16 -05:00
William Pitcock
839f2fa23e wsockd: provide websocket wire protocol structs 2016-04-02 18:56:37 -05:00
Elizabeth Myers
eb0814b3cb opm: add support for HTTPS CONNECT proxies.
TBD: do we need an SSL listener for these?
2016-04-02 18:38:21 -05:00
William Pitcock
2d89c9ffc1 wsockd: further win32 fixes 2016-04-02 18:28:53 -05:00
William Pitcock
370528047c wsockd: add win32 strcasestr() 2016-04-02 18:19:15 -05:00
William Pitcock
f297042b0c wsockd: more support infrastructure for websockets 2016-04-02 18:15:13 -05:00
Elizabeth Myers
ec39816b13 Appveyor: fix build 2016-04-02 17:47:23 -05:00
Elizabeth Myers
fa2d5b83b4 authd/res: clean up some horribly indented code 2016-04-02 17:45:01 -05:00
Elizabeth Myers
0c0c9cf8fe Don't build appveyor stuff for 3.5, as this branch is not win32 enabled. 2016-04-02 17:45:01 -05:00
William Pitcock
1160f6c9bf wsockd: implement websocket handshake part 2016-04-02 17:07:00 -05:00
Elizabeth Myers
64fae2607a Rename authd.[ch] on ircd side to authproc.[ch] to prevent shadowing. 2016-04-02 16:44:04 -05:00
William Pitcock
1c8c63cbe2 wsockd: various updates 2016-04-02 15:38:32 -05:00
Elizabeth Myers
0ed0a9fe0a Move m_locops module to extensions.
Many networks do not use local ops and therefore should not be required
to have this around all the time.
2016-04-02 05:20:30 -05:00
Elizabeth Myers
b0326abdc9 authd: warn on a bad command 2016-04-02 05:05:28 -05:00
Elizabeth Myers
6d0fafec99 authd: minor cleanups 2016-04-02 04:51:11 -05:00
Elizabeth Myers
ae0a058544 authd: clean up command handling with a table 2016-04-02 04:49:01 -05:00
Elizabeth Myers
61d1befa2a authd: fix race on the ircd side.
The client may have already gone away, so if we can't find the local
cid, don't try to restart authd.
2016-04-02 03:51:54 -05:00
Elizabeth Myers
5cbfed5407 authd: fix up comment [ci skip] 2016-04-02 03:49:31 -05:00
Elizabeth Myers
a3b112f426 authd: fix race with aborting clients. 2016-04-02 03:48:37 -05:00
Elizabeth Myers
6d5edc6f53 authd: when aborting, don't just do read_packet. 2016-04-02 03:46:31 -05:00
Elizabeth Myers
9bba0f6143 opm: add adjustable timeout values 2016-04-02 03:33:27 -05:00
William Pitcock
34b88b6571 ircd: conf: properly calculate the number of wsockd to start 2016-04-02 03:20:16 -05:00
Elizabeth Myers
fabe8b94c5 Add HTTP CONNECT proxy scanning 2016-04-02 03:11:30 -05:00
William Pitcock
bccb7dedef ircd: wsproc: cleanups 2016-04-02 03:10:01 -05:00
William Pitcock
c53ca1e029 ircd: integrate ircd side of wsockd support 2016-04-02 02:56:22 -05:00
Elizabeth Myers
81a05933bf add proxy_exempt to conf files 2016-04-02 02:49:38 -05:00
Elizabeth Myers
fbe8d087e7 Add exempt logic for open proxies 2016-04-02 02:42:11 -05:00
Elizabeth Myers
51fa2ab8a3 opm: allow scanners to be configurable 2016-04-02 02:29:48 -05:00
Elizabeth Myers
adfe7b8396 authd: small cleanup 2016-04-02 01:20:49 -05:00
Elizabeth Myers
6a7bb6f1df authd: more minor cleanups 2016-04-02 01:16:47 -05:00
Elizabeth Myers
b1a577f224 ircd/authd: cleanups 2016-04-02 01:05:21 -05:00
Elizabeth Myers
1de169a248 opm: add configuration interface for configuring scan ports 2016-04-02 00:47:02 -05:00
Elizabeth Myers
4deb334f17 opm: properly re-establish listeners on re-enable 2016-04-01 17:16:17 -05:00
Elizabeth Myers
1661e3656d opm: properly close listeners after disabling proxy scan 2016-04-01 16:35:21 -05:00
Elizabeth Myers
8275e2700d Add opm stuff to default configs 2016-04-01 04:11:04 -05:00
Elizabeth Myers
f105844aad StaticBox is dead, so let's not reference it in the conf files. 2016-04-01 03:45:45 -05:00
Elizabeth Myers
34f16c467d authd: fix API boo boo 2016-04-01 02:56:03 -05:00
Elizabeth Myers
6da256dc93 authd: remove some whitespace 2016-04-01 02:44:50 -05:00
Elizabeth Myers
4f6119cd40 authd: add API for setting OPM listeners 2016-04-01 02:43:01 -05:00
Elizabeth Myers
7372553dd6 authd: fix compile error 2016-04-01 02:42:50 -05:00
Elizabeth Myers
e158281056 authd: properly abort clients who timeout or when the helper restarts 2016-04-01 02:27:48 -05:00
Elizabeth Myers
8860e46a33 providers/opm: It Works™ 2016-04-01 02:17:25 -05:00
Elizabeth Myers
8aacefa338 opm: properly connect to destination port on scan 2016-03-31 19:08:08 -05:00
Elizabeth Myers
d86692fa44 Add new sockaddr_storage port retrieval/setting macros
These macros are safe for use on IPv6 and clean up a lot of code.
2016-03-31 03:00:29 -05:00
Elizabeth Myers
367b1a398d authd/providers/ident: remove pointless memcpy 2016-03-31 02:18:02 -05:00
Elizabeth Myers
8c0b90de9f authd/providers/opm: configure port listeners correctly 2016-03-31 02:13:27 -05:00
Elizabeth Myers
272af6a505 providers/opm: use a name that makes more sense for this variable 2016-03-31 01:45:19 -05:00
Elizabeth Myers
766d4ffccd sockaddr_storage -> rb_sockaddr_storage
What is even the point of this type anyway?
2016-03-31 01:27:50 -05:00
Elizabeth Myers
7b2c764f59 librb: don't include linux/tcp.h, that's already included 2016-03-31 01:16:34 -05:00
Elizabeth Myers
468ef960f8 opm: don't assume we have netinet/tcp.h
Instead, check for it in librb
2016-03-31 01:08:38 -05:00
Elizabeth Myers
4e85459a7c authd: add (not really working) OPM provider.
It doesn't do anything yet as no configuration is plugged in, as well.
2016-03-31 00:28:05 -05:00
Elizabeth Myers
c23f97550f authd/provider: exit on critical errors 2016-03-31 00:26:48 -05:00
Elizabeth Myers
1e89fb5fa2 providers/ident: restore accidentally deleted line 2016-03-30 23:30:09 -05:00
Elizabeth Myers
9f9ab5c2d6 authd/provider: don't crash if there's no init or destroy function 2016-03-30 23:17:21 -05:00
Elizabeth Myers
15c49abbb3 authd/providers: add timeout callback system.
This means that each provider no longer has to keep its own event; it
can set a timeout and have a callbackinstead.
2016-03-30 17:21:49 -05:00
William Pitcock
a20190d5ea librb: fix rb_path_to_self() dlinfo variant 2016-03-30 14:33:39 -05:00
Elizabeth Myers
a5ab106298 authd/provider: fix misordering in macro 2016-03-30 03:38:30 -05:00
Elizabeth Myers
bf3ecca24b ircd/listener: un-obsoleteify comments 2016-03-30 03:36:04 -05:00
Elizabeth Myers
045d9d31c2 Merge branch 'master' of github.com:charybdis-ircd/charybdis 2016-03-30 02:33:19 -05:00
Elizabeth Myers
b3912eae9b authd/provider: it's va_start. 2016-03-30 02:32:34 -05:00
Elizabeth Myers
52d49164a8 authd/provider: include stdinc.h for stdarg.h 2016-03-30 02:22:43 -05:00
Elizabeth Myers
64afc35817 authd/provider: make reject_client take a format string and varargs 2016-03-30 01:29:21 -05:00
Elizabeth Myers
3257f9d6af blacklist: this didn't get committed somehow 2016-03-29 23:33:13 -05:00
Elizabeth Myers
ccb5c37db9 blacklist: compile fixes 2016-03-29 23:29:58 -05:00
Elizabeth Myers
7246347058 blacklist: add notices that we're performing checks. 2016-03-29 23:22:13 -05:00
Elizabeth Myers
4d1e498977 Update news 2016-03-29 13:38:42 -05:00
Elizabeth Myers
08b809f972 bandb: update sqlite3 to 3.12.0 2016-03-29 13:29:18 -05:00
Elizabeth Myers
4094d2fad5 Remove trailing whitespace from files. 2016-03-29 13:23:27 -05:00
Matt Ullman
5c0df0e743 doc: Cleanup trailing whitespace 2016-03-29 10:09:52 -04:00
Matt Ullman
2b535500f9 automake: Ensure ircd_parser.h is created
Fixes random travis explosions
2016-03-28 21:39:10 -04:00
Elizabeth Myers
dfd7d4b103 authd: use atexit() hook to attempt to destroy providers 2016-03-28 19:38:43 -05:00
Elizabeth Myers
34b96d7f76 authd: be more anal about errors 2016-03-28 19:22:40 -05:00
Matt Ullman
d8f8474dfd authd: Cleanup 2016-03-28 20:14:31 -04:00
Elizabeth Myers
7ad083b065 logger: add idebug
This only does something if debugging is enabled.
2016-03-28 19:06:31 -05:00
Elizabeth Myers
bae7e637de ircd/authd: remove rb_free no longer needed. 2016-03-28 18:19:06 -05:00
Elizabeth Myers
0bb5d3f031 authd: this isn't a list dammit! 2016-03-28 18:13:57 -05:00
Elizabeth Myers
540ae37b96 authd: don't use wild pointer 2016-03-28 18:09:22 -05:00
Elizabeth Myers
a6a30cc7b8 ircd/newconf: better IPv4 example 2016-03-28 17:55:54 -05:00
Elizabeth Myers
771dcfad37 newconf: add illustrative examples to comments 2016-03-28 17:54:01 -05:00
Elizabeth Myers
1096025891 authd/dns: remove magic number 2016-03-28 17:50:45 -05:00
Elizabeth Myers
835d456c64 newconf: fix check for IPv6 address length 2016-03-28 17:47:13 -05:00
Elizabeth Myers
3fe0efd55a newconf: change an error to a warning 2016-03-28 17:45:35 -05:00
Elizabeth Myers
e196add31a Merge branch 'authd-framework' 2016-03-28 16:51:45 -05:00
Elizabeth Myers
1bebedd6fb authd: remove useless blacklist stats provider for now.
Right now we keep track of this in ircd as stats is not ready for
asynchronous replies.
2016-03-28 16:49:26 -05:00
Elizabeth Myers
50808796e0 authd: It Works, Bitches™ 2016-03-28 16:47:51 -05:00
Elizabeth Myers
1345a41dda authd: misc fixes 2016-03-28 16:46:52 -05:00
Elizabeth Myers
c6ebd4fdad authd: fix fencepost error 2016-03-28 15:15:16 -05:00
Elizabeth Myers
553dd5a7f0 ircd_lexer: use correct variable here.
ircd_paths[IRCD_PATH_ETC] is what's wanted, not IRCD_PATH_ETC.
2016-03-28 14:59:58 -05:00
Elizabeth Myers
a9b809c796 ircd_lexer: use correct variable here.
ircd_paths[IRCD_PATH_ETC] is what's wanted, not IRCD_PATH_ETC.
2016-03-28 14:58:26 -05:00
Elizabeth Myers
ec2301263e Merge branch 'authd-framework' of github.com:charybdis-ircd/charybdis into authd-framework 2016-03-28 14:46:28 -05:00
Elizabeth Myers
7b4d1de38d Merge branch 'master' into authd-framework 2016-03-28 14:44:47 -05:00
Elizabeth Myers
cc264f942f Merge branch 'authd-framework' of github.com:charybdis-ircd/charybdis into authd-framework 2016-03-28 14:42:25 -05:00
Elizabeth Myers
ad04380360 ircd/authd: respect auth_disabled config option 2016-03-28 02:42:20 -05:00
Elizabeth Myers
59d42a9fcb ircd/authd: use proper timeout values for clients 2016-03-28 02:32:05 -05:00
Elizabeth Myers
ef0b13b960 ircd/authd: timeout dead authd clients 2016-03-28 02:30:54 -05:00
Elizabeth Myers
cc4d393152 ircd/authd: implement client noticing 2016-03-28 02:19:34 -05:00
Elizabeth Myers
d3f6b80867 Replace s_auth/blacklist stuff with authd calls
This also does a lot of surgery on the conf system to reconfigure authd.

/!\ WARNING! ACHTUNG! ADVERTENCIA! ATTENTION! AVVERTIMENTO! /!\
This code has not been run-time tested yet (though it compiles)!
2016-03-28 02:11:16 -05:00
Elizabeth Myers
bd7c2037bf authd/providers/rdns: change option name to rdns_timeout 2016-03-28 01:55:54 -05:00
Elizabeth Myers
a90465f767 authd/providers/blacklist: add stats reporting for blacklist info 2016-03-28 01:05:19 -05:00
Elizabeth Myers
8e00155164 authd/providers/ident: fix typo 2016-03-28 00:03:27 -05:00
Elizabeth Myers
54fb109d82 authd/providers/ident: add conf option for enabling ident 2016-03-27 23:57:06 -05:00
Matt Ullman
673f2cda1c gitignore: Ignore pid files from startall.sh 2016-03-28 00:09:51 -04:00
Matt Ullman
6d2abf1973 testsuite: Update startall.sh 2016-03-28 00:09:01 -04:00
Matt Ullman
a90f87eae4 gitignore: Ignore confdefs.h 2016-03-28 00:08:05 -04:00
Aaron Jones
ed2efe7664
Add extb_usermode module to example configuration files
[ci skip]
2016-03-28 03:29:57 +01:00
Aaron Jones
6c5fa2f6b3
Document extb_usermode module
[ci skip]
2016-03-28 03:28:12 +01:00
Aaron Jones
fef6857e3f
extensions: Fix duplicate extban character usage
extb_usermode and extb_hostmask both use the same extban character
('m'), resulting in only one of the modules being usable (depending
on module load order) and neither one functioning if one of them
is unloaded.

This changes the character for extb_usermode from 'm' to 'u'.

[ci skip]
2016-03-28 03:26:10 +01:00
Matt Ullman
33d43d4fa4 ircd: Move signaled variables to volatile sig_atomic_t 2016-03-27 20:05:38 -04:00
Elizabeth Myers
26d491b95f authd: pass in uint32_t rid's. 2016-03-27 17:32:05 -05:00
Elizabeth Myers
ee7f92714a authd/provider: add stats handling hooking 2016-03-27 17:15:08 -05:00
Elizabeth Myers
02e141f7a3 authd: add stats reporting API 2016-03-27 17:04:14 -05:00
Elizabeth Myers
eccc44ed7b authd/providers/blacklist: use uint8_t for iptype
This clearly illustrates what it is
2016-03-27 14:41:50 -05:00
Elizabeth Myers
6535177fef authd/provider: add data to rejection tag.
This is used for information such as what blacklist rejected the client.
2016-03-27 13:52:52 -05:00
Elizabeth Myers
66e1914beb Merge branch 'authd-framework' of github.com:charybdis-ircd/charybdis into authd-framework 2016-03-27 11:50:19 -05:00
Matt Ullman
aa7eff28f2 hash.c: Save some more bytes 2016-03-27 06:29:10 -04:00
Matt Ullman
909346edb7 ssld: Remove left over function 2016-03-27 06:13:11 -04:00
Elizabeth Myers
60374ac975 authd: add abiltiy to cancel connection 2016-03-26 23:54:21 -05:00
Elizabeth Myers
0da2a404fa authd: try to destroy all providers on the way out. 2016-03-26 23:39:22 -05:00
Elizabeth Myers
420cfb677c authd/provider: add notices in comments to certain functions not to use auth after calling 2016-03-26 23:16:53 -05:00
Elizabeth Myers
e43e61f7a7 authd/providers/blacklist: fix use after free
After calling provider_done, you must *always* assume your auth instance
is freed.
2016-03-26 23:15:28 -05:00
Elizabeth Myers
f681e277eb authd/providers/ident: perform check for valid auth_client data 2016-03-26 20:33:35 -05:00
Elizabeth Myers
247b304f1f authd/provider: forgot this file... 2016-03-26 20:33:21 -05:00
Elizabeth Myers
05fdc0301d authd/provider: do not accept clients until all providers have had a chance to run 2016-03-26 20:32:35 -05:00
Elizabeth Myers
f5586c3abb authd: misc provider fixes 2016-03-26 19:50:09 -05:00
Elizabeth Myers
4ac5b30e77 authd/providers/ident: remove debugging message 2016-03-26 19:31:45 -05:00
Elizabeth Myers
3f7039934f s_auth: remove trailing whitespace at end of usernames. 2016-03-26 19:21:16 -05:00
Elizabeth Myers
6950cc255a authd/providers/blacklist: remove dead store. 2016-03-26 19:19:52 -05:00
Elizabeth Myers
22946d30d5 authd/providers/ident: fix up trailing lf/cr at end of username
This bug existed in the original code too, but I have no idea how it
didn't manifest.
2016-03-26 19:18:54 -05:00
Elizabeth Myers
d1b70e3524 providers/ident: fix some nasty crashes 2016-03-26 18:40:17 -05:00
Elizabeth Myers
0cff7adb13 authd/provider: some fixes 2016-03-26 18:01:58 -05:00
Elizabeth Myers
f875cb8482 providers/ident: more aggressive NULL checks 2016-03-26 18:01:14 -05:00
Elizabeth Myers
47ab6f6e6e authd/providers/ident: properly initialise variable 2016-03-26 17:35:48 -05:00
Elizabeth Myers
cdf1592915 Check these out from authd-framework-2. 2016-03-26 16:53:43 -05:00
Elizabeth Myers
9b24cbdecc Merge branch 'authd-framework-2' into authd-framework 2016-03-26 16:52:13 -05:00
Elizabeth Myers
77e2997bbf Merge branch 'master' into authd-framework-2 2016-03-26 16:45:23 -05:00
Elizabeth Myers
938f93f4bc ircd/authd: some comments 2016-03-26 16:44:41 -05:00
Elizabeth Myers
e2e34c3212 Merge branch 'master' into authd-framework-2 2016-03-26 16:40:28 -05:00
Elizabeth Myers
6ced6a1f1a authd/providers/rdns: minor function renaming cleanup 2016-03-26 16:37:04 -05:00
Elizabeth Myers
67acafca57 authd/providers/ident: add configuration interface 2016-03-26 16:36:50 -05:00
Elizabeth Myers
a0a218bac8 authd/providers/blacklist: add configuration interface for deletion 2016-03-26 16:36:14 -05:00
Matt Ullman
de8b3b7174 sslproc: Remove unused variable 2016-03-26 16:41:36 -04:00
Elizabeth Myers
06f3496ab3 providers/ident: cleanup things 2016-03-26 15:39:55 -05:00
Elizabeth Myers
646e6567c7 providers/rdns: add configuration interface for rDNS timeout 2016-03-26 15:36:12 -05:00
Elizabeth Myers
3f2695ac86 providers/blacklist: add configuration interface 2016-03-26 15:27:57 -05:00
William Pitcock
05e0aa9ac9 wsockd: add some stub i/o code 2016-03-26 05:30:52 -05:00
William Pitcock
1fcba37404 wsockd: conn_t.stream is not needed 2016-03-26 01:30:23 -05:00
Elizabeth Myers
a51487e0e7 authd/provider: add options handlers for providers
This allows providers to create handlers for changing their
configuration.
2016-03-25 23:04:00 -05:00
Elizabeth Myers
0a659bf0ab Port notice stuff over from authd-framework-2 and use it.
This allows things like oper warnings from authd using the W message type
also.
2016-03-25 21:58:32 -05:00
Elizabeth Myers
db821ee9ba authd: split out notices stuff for backporting to master. 2016-03-25 21:29:44 -05:00
Elizabeth Myers
a70a737c9b Merge branch 'master' into authd-framework-2 2016-03-25 21:16:04 -05:00
William Pitcock
58c343f4a8 authd: also check size correctly 2016-03-25 21:12:28 -05:00
William Pitcock
c63cd21e6a authd: check if handler is NULL, ensure that we do not overflow 2016-03-25 21:10:34 -05:00
Elizabeth Myers
75844b15af authd: fix undefined behaviour 2016-03-25 21:09:55 -05:00
Elizabeth Myers
3ad21f6107 authd/provider: remove obsolete comment [ci skip] 2016-03-25 21:08:46 -05:00
Elizabeth Myers
ee658821e3 reject_client: send back ident and hostname with rejection.
At the moment (possibly not in the future) ircd will want to override
our decision whether or not to accept a client; we need to give them
enough information back to ensure they can do it properly.
2016-03-25 21:05:52 -05:00
Elizabeth Myers
a21a82b1b6 Fix dangling line from merge 2016-03-25 21:05:39 -05:00
William Pitcock
caebeeca95 wsockd: add skeleton for future websockets helper (ref #78) 2016-03-25 21:04:22 -05:00
Elizabeth Myers
f49198a67f Merge branch 'master' into authd-framework-2 2016-03-25 21:01:48 -05:00
Elizabeth Myers
122ae255d7 authd: change reload character to R from H.
This is more in line with the specification @kaniini laid out.
2016-03-25 21:00:13 -05:00
Elizabeth Myers
6c88869f22 providers/blacklist: change some checks to asserts.
These should not really happen in reality...
2016-03-25 20:55:10 -05:00
Elizabeth Myers
a7d5aea119 provider: make blacklist queries come after ident/rdns. 2016-03-25 20:46:58 -05:00
Elizabeth Myers
460032e61f Merge branch 'master' into authd-framework-2 2016-03-25 20:09:23 -05:00
Elizabeth Myers
add80afdcb authd/provider: add blacklist provider.
This took way longer than it should have.
2016-03-25 20:07:36 -05:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Elizabeth Myers
14505c8400 rdns: adjust timeout values 2016-03-25 19:47:54 -05:00
Matt Ullman
afba2488ec extb_combi: More int to bool conversion
Cleanup whitespace in ircd_lexer.l
2016-03-25 19:47:58 -04:00
Matt Ullman
fdba4417dc .gitignore: Ignore serno.h from librb as well 2016-03-25 19:40:12 -04:00
William Pitcock
45c5854460 appveyor: make the build less hacky 2016-03-25 18:25:00 -05:00
William Pitcock
0aaa37f721 ircd: only relocate_paths on windows, no point on posix 2016-03-25 18:13:39 -05:00
Elizabeth Myers
800ff2ca9d Merge branch 'master' into authd-framework-2 2016-03-25 11:49:38 -05:00
Elizabeth Myers
42c5dd7e01 serno.h: remove it with make clean. 2016-03-25 11:47:02 -05:00
William Pitcock
d6c17e5de2 ircd: implement path relocation 2016-03-25 01:57:25 -05:00
William Pitcock
2f545aad87 ircd: use ircd_paths for logFileName and pidFileName 2016-03-25 00:00:06 -05:00
William Pitcock
704279e429 starttls: use the client connid instead of the FD for opening the channel with ssld 2016-03-24 20:33:54 -05:00
Elizabeth Myers
b2ede1aa71 actually use warn_opers function 2016-03-24 19:36:41 -05:00
Elizabeth Myers
89d22b9af5 authd/provider: cleanups 2016-03-24 19:23:49 -05:00
William Pitcock
80a0125f36 configure: define ENABLE_FHS_PATHS if built with --enable-fhs-paths, this will disable the path relocation code 2016-03-24 18:55:30 -05:00
William Pitcock
0d180487b4 ircd: unbreak build 2016-03-24 18:50:13 -05:00
William Pitcock
4d8cfacd95 ircd: start staging for relocatable paths 2016-03-24 18:45:28 -05:00
William Pitcock
ac2f2189f9 librb: define RB_PATH_SEPARATOR 2016-03-24 18:21:11 -05:00
Matt Ullman
e0a9b5d3bf chmode: Move check_forward() to a boolean 2016-03-24 14:42:54 -04:00
Matt Ullman
a383180a0a chmode: Move add_id() to a boolean 2016-03-24 14:37:52 -04:00
Matt Ullman
9aa639eddd chmode: Move allow_mode_change() to a boolean 2016-03-24 14:26:02 -04:00
Matt Ullman
25a899651d ssld: Move plain_check_cork() to a boolean 2016-03-24 13:52:16 -04:00
Matt Ullman
2a4b3ea648 version.c.SH: Fix generation not incrementing 2016-03-24 04:00:23 -04:00
Matt Ullman
3b9507d0e9 channel: Move flood_attack_channel() to a boolean 2016-03-24 02:25:26 -04:00
Matt Ullman
216f58a27c channel: Change check_channel_name() note to false
[ci skip]
2016-03-24 02:14:03 -04:00
Matt Ullman
3a46803fef channel: Move check_channel_name() to a boolean 2016-03-24 01:54:39 -04:00
Elizabeth Myers
1346cd1151 Add BlindSight to the credits 2016-03-23 22:17:47 -05:00
Elizabeth Myers
491b3b39d5 cleanup: u_long -> unsigned long 2016-03-23 22:03:24 -05:00
Elizabeth Myers
410fcc233f authd/rdns: rename a function 2016-03-23 21:59:48 -05:00
Elizabeth Myers
30cf391b89 Merge pull request #178 from staticfox/bsdisms
Cleanup more BSD-isms
2016-03-23 21:57:09 -05:00
Matt Ullman
cf623e0802 authd: Fix windows build
Replace stray NO with false
2016-03-23 22:51:03 -04:00
Matt Ullman
2e45f5d808 Cleanup more BSD-isms 2016-03-23 22:37:52 -04:00
Elizabeth Myers
da4287bc62 Merge pull request #177 from awilfox/master
Invoke the standard system shell in autogen.sh
2016-03-23 19:51:23 -05:00
Andrew Wilcox
52854df4ac Invoke the standard system shell in autogen.sh
This avoids a needless dependence on bash.
2016-03-23 19:49:50 -05:00
William Pitcock
c604800a68 Merge pull request #176 from staticfox/morecleanups
More cleanups
2016-03-23 19:14:46 -05:00
Matt Ullman
c056dba233 Remove the rest of the SVN id tags 2016-03-23 20:13:12 -04:00
Matt Ullman
3889fc11af authd: Change str_isnumber() to bool 2016-03-23 20:07:21 -04:00
Elizabeth Myers
32f8c78b55 stupidity fixes 2016-03-23 19:06:33 -05:00
Elizabeth Myers
6cd3964de7 ident: use new *_addr fields 2016-03-23 18:58:56 -05:00
Elizabeth Myers
9c7498d559 authd/provider: add c_addr/l_addr fields
Some providers consume these directly, so it's better to have a "cached"
version that's already generated.
2016-03-23 18:58:37 -05:00
Elizabeth Myers
6e4bcf20ff providers/ident: fix inet_ntop/inet_pton mixup 2016-03-23 18:47:02 -05:00
William Pitcock
5ee46e5127 Merge pull request #175 from staticfox/datatypes
Move away from BSD data types
2016-03-23 18:28:01 -05:00
Matt Ullman
4b11f39115 Move away from BSD data types 2016-03-23 19:11:42 -04:00
Elizabeth Myers
1d591813c3 providers/rdns: remove useless struct member 2016-03-23 17:44:56 -05:00
Elizabeth Myers
8ed8e5cae8 res: expose rDNS building functions
This will be used by the blacklist code to avoid duplication of code.
2016-03-23 16:40:31 -05:00
Elizabeth Myers
2f355b7e3c Merge branch 'master' into authd-framework-2 2016-03-23 16:21:14 -05:00
Elizabeth Myers
6156682605 Remove tier 4 (tier 3 is basically "everything but") 2016-03-23 15:51:25 -05:00
Elizabeth Myers
b347989499 Add unlisted architectures to tier 3 [ci skip] 2016-03-23 15:35:39 -05:00
Elizabeth Myers
fcf13f6d32 README: clearly outline levels of platform support 2016-03-23 15:10:44 -05:00
Elizabeth Myers
ab33d608de DICTIONARY_FOREACH -> RB_DICTIONARY_FOREACH [ci skip] 2016-03-23 14:29:27 -05:00
Elizabeth Myers
fea4e2d2a8 modules: libircd depends on librb, so no need to include it.
This triggers multiple inclusion warnings on Solaris also.
2016-03-23 13:59:45 -05:00
Elizabeth Myers
d57e2b624f Update README 2016-03-23 12:31:51 -05:00
Elizabeth Myers
3d1df26cdd librb/ports: ungimp thing. 2016-03-23 12:06:26 -05:00
Elizabeth Myers
3a1f645bed misc solaris fixes 2016-03-23 12:04:46 -05:00
Elizabeth Myers
757bab823c misc solaris fixes 2016-03-23 12:04:13 -05:00
Elizabeth Myers
28c94d6598 Remove common.h from lexer and parser 2016-03-23 10:09:53 -05:00
Elizabeth Myers
cb5a8bf847 Remove common.h from here too. 2016-03-23 10:06:52 -05:00
Elizabeth Myers
79435744c7 common.h: raison d'être is gone, so out it goes.
Fold whatever was left into ircd_defs.h
2016-03-23 09:33:56 -05:00
Elizabeth Myers
7ac3261f97 Ensure the parser/lexer don't use IRCD_BUFSIZE. 2016-03-23 09:26:07 -05:00
Elizabeth Myers
82236a2a65 IRCD_BUFSIZE is redundant with BUFSIZE, so kill it. 2016-03-23 09:22:55 -05:00
Elizabeth Myers
a52c7a8e69 authd/provider: really fix things for new changes. 2016-03-23 09:15:18 -05:00
Elizabeth Myers
affc871dcb common: don't even attempt to define NULL.
stddef.h includes it, ISO C mandates NULL be in it, and if any platforms
don't have it, *tough shit*.
2016-03-23 09:13:31 -05:00
Elizabeth Myers
fa1b3a733a common: don't even attempt to define NULL.
stddef.h includes it, ISO C mandates NULL be in it, and if any platforms
don't have it, *tough shit*.
2016-03-23 09:11:20 -05:00
Elizabeth Myers
b0f5f40071 Update NEWS 2016-03-23 09:06:47 -05:00
Elizabeth Myers
aba29d5a19 authd/provider: incorporate new changes 2016-03-23 09:03:37 -05:00
Elizabeth Myers
064e88556d Merge branch 'master' into authd-framework-2 2016-03-23 09:02:57 -05:00
Elizabeth Myers
ab31d2b07e Send YES/NO to Davy Jones's Locker. 2016-03-23 08:52:32 -05:00
Elizabeth Myers
bd43a44469 Remove more YES/NO usage. 2016-03-23 08:43:28 -05:00
Elizabeth Myers
dfe18bf0a8 NEWS: fix typo [skip ci] 2016-03-23 08:40:21 -05:00
Elizabeth Myers
86bab0c218 Update NEWS. 2016-03-23 08:39:19 -05:00
Elizabeth Myers
2fc6772ee1 typedef-ify rb_radixtree for consistency. 2016-03-23 08:32:22 -05:00
Elizabeth Myers
4177311e6e Change struct Dictionary(*) to rb_dictionary(_\1).
This cleans things up a slightly and puts the dictionary stuff in its
own namespace.
2016-03-23 08:09:58 -05:00
Elizabeth Myers
2ac4ba969b ircd: shut GCC the fuck up.
No, it can't probably fail... that isn't what that's there for.
2016-03-23 08:07:23 -05:00
Elizabeth Myers
56f84dedf7 DICTIONARY_FOREACH → RB_DICTIONARY_FOREACH
This is in librb and therefore should be prefixed.
2016-03-23 07:45:44 -05:00
William Pitcock
28b856b7ce Merge pull request #174 from staticfox/morecleanup
More cleanup
2016-03-23 03:57:37 -05:00
Matt Ullman
66769bc1f8 More cleanup 2016-03-23 00:11:26 -04:00
Elizabeth Myers
7964098dab Merge branch 'master' into authd-framework-2 2016-03-22 19:17:02 -05:00
Elizabeth Myers
3e875f629f authd/provider: overhaul storage of various pieces of data
Clients are stored in a dictionary referenced by id (to allow for
UINT32_MAX auth clients, which is plenty).

Each provider now has a data slot (this limits the number of providers
to 32 for now, but that's plenty for now) which they can use to attach
data to auth_clients. This consolidates data, aids in debugging, and
makes it easier to just pass around auth_client structures.
2016-03-22 19:13:54 -05:00
William Pitcock
5861f8a677 Merge pull request #173 from staticfox/gitignore
gitignore: Don't commit m4/argz.m4
2016-03-22 17:52:59 -05:00
William Pitcock
4eb49eb7b7 Merge pull request #172 from staticfox/automake
automake: Fix typo in compiler flag
2016-03-22 17:52:46 -05:00
Elizabeth Myers
238a9ed590 Merge branch 'master' into authd-framework-2 2016-03-22 17:43:43 -05:00
Matt Ullman
0e72a76010 gitignore: Don't commit m4/argz.m4 2016-03-22 17:06:45 -04:00
Matt Ullman
35472d0f1f automake: Fix typo in compiler flag 2016-03-22 16:51:06 -04:00
William Pitcock
1135330418 Merge pull request #171 from staticfox/warnings
Cleanup warnings
2016-03-21 22:25:49 -05:00
Matt Ullman
e23126c83b Cleanup warnings 2016-03-21 22:28:41 -04:00
William Pitcock
87b20cbb75 librb: use readlink(2) on linux for the direct path instead of dlinfo 2016-03-21 21:26:28 -05:00
William Pitcock
b7c7f290c7 librb: provide rb_path_to_self() on windows 2016-03-21 21:20:50 -05:00
William Pitcock
4d383612d4 ircd: log runtime path (mainly as proof of concept for rb_path_to_self()) 2016-03-21 21:14:11 -05:00
William Pitcock
790e4dce4e librb: add rb_path_to_self(), which provides fairly reliable runtime path detection 2016-03-21 21:11:53 -05:00
William Pitcock
427ed8ead6 README: link to appveyor builds too 2016-03-21 12:31:43 -05:00
William Pitcock
f5e99138e3 appveyor: try overriding the triplets 2016-03-21 12:12:29 -05:00
William Pitcock
83f717db49 Merge pull request #170 from staticfox/cap_clear
m_cap: Remove CLEAR subcommand as per v3 specs
2016-03-21 09:57:16 -05:00
Elizabeth Myers
8522eb3b2b mkpasswd: improve help and remove DES support.
Just Say No™ to weak ciphers.
2016-03-21 09:12:59 -05:00
Elizabeth Myers
b6979c871a travis: this branch is deprecated, authd-framework-2 is the new hotness 2016-03-21 08:32:47 -05:00
Elizabeth Myers
1a8367735f Make release scripts less out of date. 2016-03-21 08:32:21 -05:00
Elizabeth Myers
c18ef8807a Merge branch 'master' of github.com:charybdis-ircd/charybdis 2016-03-21 08:23:39 -05:00
Elizabeth Myers
4c008ef327 Remove stale line from travis.yml 2016-03-21 08:22:51 -05:00
Matt Ullman
ceabbbbf3c m_cap: Remove CLEAR subcommand as per v3 specs 2016-03-21 00:29:07 -04:00
William Pitcock
bab056f044 appveyor: dont try to start ircd for the moment 2016-03-20 23:00:30 -05:00
William Pitcock
8978ab4efa configure: add same msys check here 2016-03-20 22:17:52 -05:00
William Pitcock
36b3cff77f configure: fix msys checks 2016-03-20 22:06:54 -05:00
William Pitcock
e452b26e46 librb: configure: tolerate older msys versions having wrong uname -a output 2016-03-20 22:01:17 -05:00
William Pitcock
46b3fb5bba appveyor: push librb-config.h 2016-03-20 21:45:05 -05:00
William Pitcock
a9dbc61d7e appveyor: provide git for build 2016-03-20 21:39:25 -05:00
William Pitcock
6e2ed9da91 appveyor: simplify build script further 2016-03-20 21:34:03 -05:00
William Pitcock
1a79eced20 appveyor: try a different approach 2016-03-20 21:27:11 -05:00
William Pitcock
74b2b4aa45 appveyor: collect more data 2016-03-20 21:13:19 -05:00
William Pitcock
81b6d9c633 appveyor: --noconfirm 2016-03-20 21:09:11 -05:00
William Pitcock
4b135591c2 appveyor: (re)install mingw-w64-x86_64-libwinpthread-git 2016-03-20 21:07:27 -05:00
William Pitcock
5e85b1f894 appveyor: sanity check cc1 2016-03-20 21:02:39 -05:00
William Pitcock
5b97e7d2c7 appveyor: make mingw64 gcc more talkative 2016-03-20 20:54:48 -05:00
William Pitcock
64832940fb appveyor: sanity check gcc itself 2016-03-20 20:50:57 -05:00
William Pitcock
e94decb620 appveyor: lol dont do full system upgrade in first go 2016-03-20 20:40:51 -05:00
William Pitcock
c82ce5c621 appveyor: just do what update-core does without using update-core since it doesnt support unattended upgrades 2016-03-20 20:36:31 -05:00
William Pitcock
264e9451b2 appveyor: use update-core --noconfirm 2016-03-20 20:32:06 -05:00
William Pitcock
315c3a8ff6 appveyor: verify msys2 is up to date 2016-03-20 20:29:16 -05:00
William Pitcock
0e961686c0 appveyor: push config.log on fail 2016-03-20 20:20:50 -05:00
William Pitcock
2677b17117 appveyor: blah gcc check 2016-03-20 20:15:26 -05:00
William Pitcock
1ad16a505b appveyor: use right gcc 2016-03-20 20:11:17 -05:00
William Pitcock
b7029c8a6c appveyor: pacman --noconfirm i guess 2016-03-20 20:02:26 -05:00
William Pitcock
dbf326603a appveyor: don't install packages we already have 2016-03-20 19:59:42 -05:00
William Pitcock
c167a8e146 appveyor: don't install pkgconf, they have pkg-config instead 2016-03-20 19:56:32 -05:00
William Pitcock
4f3db30451 appveyor: use pacman -Sy not -Syu 2016-03-20 19:55:02 -05:00
William Pitcock
4acd32f7fb add appveyor config 2016-03-20 19:50:52 -05:00
William Pitcock
d5bc7ef377 Merge pull request #169 from staticfox/chghost_sync
s_user: Don't send CHGHOST clients op/voice syncs
2016-03-20 18:12:24 -05:00
Matt Ullman
ad9cbf9e0d s_user: Don't send CHGHOST clients op/voice syncs 2016-03-20 18:59:07 -04:00
Elizabeth Myers
98793cc9e4 librb: remove an experiment I had.
This won't really work on 32-bit architectures due to pointer
truncation. In any case, I wasn't planning on using it for this reason,
it was simply something I tinkered with.
2016-03-20 10:28:35 -05:00
William Pitcock
5a5f173daa parse: check IsServer() before firing off a remove_unknowns() call 2016-03-20 06:40:54 -05:00
William Pitcock
4f5056dd83 ircd: fix build on freebsd 2016-03-20 06:22:39 -05:00
William Pitcock
dd92c99b83 modules: fix thinko 2016-03-20 06:01:12 -05:00
William Pitcock
c9108ea073 ircd: modules: findmodule_byname(): also check LT_MODULE_EXT here 2016-03-20 06:00:20 -05:00
William Pitcock
6cb643f4f9 ircd: modules: use LT_MODULE_EXT more consistently 2016-03-20 05:54:48 -05:00
William Pitcock
032ef5ef9e modules: more GET_SS_FAMILY() checking 2016-03-20 04:46:50 -05:00
William Pitcock
570bbefb54 configure: remove old check for socklen_t. ircd uses rb_socklen_t for a long time. 2016-03-20 04:40:14 -05:00
William Pitcock
eb55877548 librb: fix socklen_t check 2016-03-20 04:24:30 -05:00
William Pitcock
9783438eb4 authd: res: fix build on windows ipv6 2016-03-20 04:22:17 -05:00
William Pitcock
44f442e3fb ircd: parse: now this type cast for POINTER MATH is just fucking stupid 2016-03-20 04:21:25 -05:00
William Pitcock
d24856d228 librb: commio: squelch setsockopt(3) warnings 2016-03-20 04:18:42 -05:00
William Pitcock
fe277230f9 librb: configure: also include ws2tcpip.h 2016-03-20 04:14:28 -05:00
William Pitcock
71b2af0611 acinclude: fix sockaddr_in6 checvk too 2016-03-20 04:10:33 -05:00
William Pitcock
ea83b018b5 librb: acinclude: check for ipv6 on win32 2016-03-20 04:08:12 -05:00
William Pitcock
ddebec8cfd reslib: really fix it this time 2016-03-20 03:57:21 -05:00
William Pitcock
f23719b7cd authd: reslib: fix compile on win32 2016-03-20 03:56:00 -05:00
William Pitcock
4063dc2f62 authd: reslib: hook in windows DNS logic 2016-03-20 03:51:31 -05:00
William Pitcock
898268a84d CREDITS: fix whitespace 2016-03-20 03:49:06 -05:00
William Pitcock
38b68802a3 librb: rb_lib: undefine any previous errno consts on win32 2016-03-20 03:41:25 -05:00
William Pitcock
09f528c24c ircd: win32 does not need the FD 0,1,2 stuff 2016-03-20 03:10:05 -05:00
William Pitcock
c1bfea7332 ircd: handle some EXIT_FAILURE cases differently on win32 2016-03-20 03:06:14 -05:00
William Pitcock
48c6d0f56c ircd: squelch write(2) warning differently 2016-03-20 03:02:56 -05:00
William Pitcock
02831b6f65 modules: warning cleanups 2016-03-20 02:42:42 -05:00
William Pitcock
b870e83db3 makefile: remove *.dll.a files too 2016-03-20 02:30:57 -05:00
William Pitcock
c0949eb003 extensions/m_webirc: win32 fixes 2016-03-20 02:26:30 -05:00
William Pitcock
2d77d121a3 m_stats: win32 fixes 2016-03-20 02:19:36 -05:00
William Pitcock
4c1e52d3a7 bandb: use _WIN32 guards where appropriate 2016-03-20 02:14:13 -05:00
William Pitcock
3c27591e9d configure: move mingw check down a bit 2016-03-20 02:11:06 -05:00
William Pitcock
b5c0180c4b ircd: build: tell libtool what to DLL_EXPORT 2016-03-20 02:08:14 -05:00
William Pitcock
3f97a5c529 configure: check for MINGW 2016-03-20 02:07:06 -05:00
William Pitcock
1ba9eba550 ircd: _WIN32 checks on geteuid() too 2016-03-20 02:04:26 -05:00
William Pitcock
538d208948 ircd: ircd main: use librb functions for daemon management 2016-03-20 02:03:32 -05:00
William Pitcock
a7fb269357 ircd: listener: more ss_family grr 2016-03-20 02:01:00 -05:00
William Pitcock
53e50d0e2f ircd: ircd_signal: win32 stubs 2016-03-20 02:00:22 -05:00
William Pitcock
7671316784 ircd: lexer: likewise 2016-03-20 01:59:09 -05:00
William Pitcock
e16f4b78b1 ircd: ircd_parser: we do not need to include netinet/in.h 2016-03-20 01:58:28 -05:00
William Pitcock
0b9aca384a ircd: client: fix format string for free_user() debug notice 2016-03-20 01:57:19 -05:00
William Pitcock
4e376fff55 include: hostmask: use GET_SS_FAMILY() 2016-03-20 01:55:31 -05:00
William Pitcock
e867208deb ircd: use GET_SS_FAMILY() in a bunch of places 2016-03-20 01:54:24 -05:00
William Pitcock
1d90b085d3 ircd: blacklist: use GET_SS_FAMILY() 2016-03-20 01:48:14 -05:00
William Pitcock
e0dc28c59f librb: rb_dictionary: temporary hack to shut up gcc on windows 2016-03-20 01:46:00 -05:00
William Pitcock
85368a13d3 ircd: rewrite SOCKET_ERROR as I_SOCKET_ERROR 2016-03-20 01:44:00 -05:00
William Pitcock
2dea53a203 authd: some more win32 fixes 2016-03-20 01:37:00 -05:00
William Pitcock
66cd5f6695 authd/reslib: include rb_lib.h 2016-03-20 01:33:23 -05:00
William Pitcock
c99ae1907f authd: use GET_SS_FAMILY() where appropriate 2016-03-20 01:30:24 -05:00
William Pitcock
8da0b2f2cb authd: use _WIN32 as the define for checking windows presence 2016-03-20 01:19:46 -05:00
William Pitcock
4f73990245 stdinc: more cleanups 2016-03-20 01:19:07 -05:00
William Pitcock
76ebf6c489 authd: initial pass at win32 porting 2016-03-20 01:16:41 -05:00
William Pitcock
b1f7e4098f librb: win32: more cleanups 2016-03-20 00:41:01 -05:00
William Pitcock
e49147e56e commio: even more win32 fixes 2016-03-20 00:38:46 -05:00
William Pitcock
339150ec60 commio: further win32 fixes 2016-03-20 00:37:50 -05:00
William Pitcock
7dbf237f93 commio: win32 fixes 2016-03-20 00:36:35 -05:00
William Pitcock
17e4e6af83 librb: further cleanups 2016-03-20 00:35:13 -05:00
William Pitcock
dc7e6b42ca librb: some win32 fixes 2016-03-20 00:33:19 -05:00
William Pitcock
b68dee9bcb librb: only install WSA stubs if windows SDK does not provide them 2016-03-20 00:18:42 -05:00
William Pitcock
b45a2f351e configure: check -lws2_32 for socket() too 2016-03-20 00:11:06 -05:00
William Pitcock
1859e9d7d7 ircd: remove basically entirely pointless ServerInfo.hub (closes #167) 2016-03-19 23:05:07 -05:00
William Pitcock
72b51232a9 ensure we do not distribute flex/bison files 2016-03-19 19:23:08 -05:00
Elizabeth Myers
9b8e9eb321 config.h delenda est 2016-03-19 19:14:26 -05:00
Elizabeth Myers
fe4224394e Can IGNORE_BOGUS_TS at the behest of @kaniini and @jilest 2016-03-19 18:55:13 -05:00
Elizabeth Myers
2a9257c652 rb_dictionary: add include needed for int types. 2016-03-19 15:59:27 -05:00
Elizabeth Myers
46d17a88b4 provider: compile fixes 2016-03-19 15:58:48 -05:00
Elizabeth Myers
893a92e7b3 rb_dictionary: add include needed for int types. 2016-03-19 15:58:30 -05:00
Elizabeth Myers
f7b37c1dc1 authd: add provider-specific data to auth_client via a dictionary. 2016-03-19 15:47:10 -05:00
Elizabeth Myers
68f90ee247 Merge branch 'master' of github.com:charybdis-ircd/charybdis into authd-framework-2 2016-03-19 07:36:33 -05:00
William Pitcock
43f06d8d8c ircd/sslproc: same for zlib_ok 2016-03-19 00:58:57 -05:00
William Pitcock
d35870ee36 ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-03-19 00:58:15 -05:00
William Pitcock
bfc44622c8 ircd: do not shadow internal openssl symbol "ssl_ok" (yeah, i know) 2016-03-19 00:57:32 -05:00
William Pitcock
7cc67225cb sslproc: return after calling free_ssl_daemon() when in sandbox ipc service routine 2016-03-19 00:04:38 -05:00
William Pitcock
ca372c23c9 bandb: embedded sqlite3: fix build on cygwin 2016-03-18 23:39:13 -05:00
William Pitcock
066b05dfe2 librb: use charybdis acinclude dir 2016-03-18 23:28:42 -05:00
William Pitcock
61eb4ba64a ircd: link libircd with -no-external 2016-03-18 23:14:38 -05:00
Elizabeth Myers
b429e2df07 install-sh: make +x 2016-03-18 16:25:38 -05:00
Elizabeth Myers
c084fcafec ircd: fix a really retarded GCC warning by being anal retentively "standards compliant" 2016-03-18 15:53:43 -05:00
Elizabeth Myers
36e803d93a crypt: fix strict-aliasing warnings by using an explicit alias. 2016-03-18 15:46:09 -05:00
Elizabeth Myers
1db8a31395 modules: fix stupid GCC false positive warning.
This invocation of strlen is on a constant string and should be folded
by any sane compiler (GCC included), but it warns anyway because GCC is
stupid.
2016-03-18 15:32:33 -05:00
Elizabeth Myers
175a4a132f Update gitignore 2016-03-18 15:17:53 -05:00
Elizabeth Myers
1d89c9e945 Remove unnecessary autotools cruft and other detritus 2016-03-18 15:13:11 -05:00
Elizabeth Myers
cca418c9b7 Add --enable-ignore-bogus-ts flag.
This hoists the option out of config.h.
2016-03-18 15:02:59 -05:00
Elizabeth Myers
0e99e13a71 configure: add ENABLE_OPER_CHGHOST flag 2016-03-18 14:57:08 -05:00
Elizabeth Myers
f79f3e6a95 config.h: update a tad 2016-03-18 14:43:50 -05:00
Elizabeth Myers
c2c236234e Remove aclocal.m4 2016-03-18 14:35:21 -05:00
William Pitcock
1ca8cd5276 parse: ensure that aliases have a sufficient number of parameters before trying to process them 2016-03-17 23:13:22 -05:00
Elizabeth Myers
a16b484f27 Import this from authd-framework branch 2016-03-17 16:25:58 -05:00
Elizabeth Myers
2b0cc3d36a Redo of the authd-framework branch.
This is basically most of the code from the authd-framework branch, but
written to the new DNS code in master. Not quite done yet but getting
there.
2016-03-17 16:23:27 -05:00
Elizabeth Myers
4598135e44 mailmap: Sam is Christine now apparently. 2016-03-17 14:48:46 -05:00
Elizabeth Myers
617144af7a dns: remove unneeded defines 2016-03-14 22:15:28 -05:00
Elizabeth Myers
9ca15a2679 Merge branch 'master' of github.com:charybdis-ircd/charybdis 2016-03-14 22:14:28 -05:00
Simon Arlott
532f83a70a
ircd: Don't refer to the IP address as a "netmask" in error messages 2016-03-14 22:38:04 +00:00
Elizabeth Myers
068c6c4a2b dns: use a dictionary for query storage 2016-03-13 03:23:41 -05:00
Elizabeth Myers
1d9925cfb3 authd: fix a fallthrough. 2016-03-13 03:22:41 -05:00
Elizabeth Myers
b22c6f101c rb_dictionary: add functions for uint64_t (long) variables. 2016-03-13 00:16:19 -06:00
Elizabeth Myers
0e1f366732 reference.conf: fix me being an incompetent fuckwit.
Blind search and replace ruined this file. Remember to check your
regexes, people.
2016-03-12 20:27:37 -06:00
Elizabeth Myers
9abdcf1c64 modules: can .la suffix.
.la archives are prohibited by most Linux distributions because they
clutter up the linker. They may get caught up as victims in scripts that
purge .la files. Besides, .la files don't matter for simple loadable
modules on most systems.

So, what we do now instead is just use the platform suffix detected by
libtool.
2016-03-12 20:10:46 -06:00
Elizabeth Myers
540676fc18 cancel_query: fix stupid build error 2016-03-12 07:36:57 -06:00
Elizabeth Myers
45ac1e3ce6 authd: add the ability to cancel DNS requests 2016-03-12 07:10:27 -06:00
Elizabeth Myers
399c633313 authd: add improved API for internal usage
This is similar to what exists in ircd, but instead of request ID's, we
return struct dns_query pointers (that are freed by the DNS callback, so
you don't have to worry about their lifecycle management).
2016-03-12 07:08:27 -06:00
Elizabeth Myers
27aca3c385 Really fix the help index. 2016-03-12 06:26:50 -06:00
Elizabeth Myers
5567a6f943 Regenerate user help index. 2016-03-12 06:23:23 -06:00
Elizabeth Myers
47ca8753c7 What I really meant to say. 2016-03-10 11:43:01 -06:00
Elizabeth Myers
b63612893f What I really meant to say. 2016-03-10 11:42:37 -06:00
Elizabeth Myers
467a0a79a5 Stop building this branch plzkthxbai 2016-03-10 11:33:28 -06:00
Elizabeth Myers
43f599bb87 Stop building this branch plzkthxbai 2016-03-10 11:32:46 -06:00
Elizabeth Myers
91f870b39b auth: enable soft reject of clients.
This doesn't cancel callbacks in progress. This is useful in cases where
you're not sure you want to reject a client yet.
2016-03-10 11:30:09 -06:00
Elizabeth Myers
df32819e04 authd: tag rejection type. 2016-03-10 11:27:07 -06:00
Elizabeth Myers
c2222d7e9a authd: actually init providers on startup.
(Yay, it doesn't crash!)
2016-03-10 10:04:35 -06:00
Elizabeth Myers
8b4544c9dc authd: load ident provider 2016-03-10 10:01:41 -06:00
Elizabeth Myers
f1861e48e6 authd: identd fixes 2016-03-10 10:00:46 -06:00
Elizabeth Myers
b74739c247 auth: use sockaddr_storage to store ports 2016-03-10 09:32:37 -06:00
Elizabeth Myers
c70ae2e5cb authd: properly iterate through all outstanding rdns queries on timeout 2016-03-10 08:43:46 -06:00
Elizabeth Myers
9eb410b347 rdns: properly set provider 2016-03-10 08:28:22 -06:00
Elizabeth Myers
cafe4dd8df authd: plug in new C type. 2016-03-10 08:09:16 -06:00
Elizabeth Myers
50f842125a authd: crap, C was taken already, rename reload to H. 2016-03-10 08:07:29 -06:00
Elizabeth Myers
8dc9aa85b6 authd: crap, C was taken already, rename reload to H. 2016-03-10 08:06:57 -06:00
Elizabeth Myers
187643195c authd: add rdns provider (compile-tested) 2016-03-10 08:04:17 -06:00
Elizabeth Myers
5bfc606fa4 authd/provider: use rb_sockaddr_storage for IP addresses. 2016-03-10 07:25:22 -06:00
Elizabeth Myers
b3265d7afb dns: create sockcmp function. 2016-03-10 06:32:25 -06:00
Elizabeth Myers
1c99f551e3 dns: add format_address function 2016-03-10 05:57:33 -06:00
Elizabeth Myers
f169fc8842 authd: add address families to provider processing.
ircd knows about them so let's not reinvent checking for address types
and stuff.
2016-03-10 05:40:21 -06:00
Elizabeth Myers
9b5b2dedc0 authd/provider: add these to provider.h 2016-03-10 03:15:03 -06:00
Elizabeth Myers
0f95a2749f rename auth.[ch] to provider.[ch]
This name is less confusing and more descriptive.
2016-03-10 03:07:52 -06:00
Elizabeth Myers
99e538670d authd: convert auth stuff to use a linked list.
This allows runtime loadable providers.
2016-03-10 03:02:16 -06:00
Elizabeth Myers
2c01da6b7e Once more with feeling, remove useless enum bit
Now with 50% less experimental changes
2016-03-10 02:42:40 -06:00
Elizabeth Myers
be67cfca84 Revert "[ci skip] remove useless bit in auth.h"
This reverts commit 4cc131fc48.
2016-03-10 02:42:18 -06:00
Elizabeth Myers
4cc131fc48 [ci skip] remove useless bit in auth.h 2016-03-10 02:37:52 -06:00
Elizabeth Myers
bc8067e571 Send cnotice/cprivmsg help to Hades. 2016-03-10 02:15:28 -06:00
William Pitcock
f2d5cea00a modules: remove explicit CPRIVMSG/CNOTICE, this has been obsolete for a long time 2016-03-10 02:13:43 -06:00
Elizabeth Myers
f42aa1a9e5 auth: minor changes 2016-03-10 01:59:37 -06:00
Elizabeth Myers
05e17ac208 authd: initial authentication framework implementation
Not plugged into anything yet, but compile-tested.
2016-03-10 01:50:36 -06:00
Elizabeth Myers
3ec1db3785 m_error: use strncasecmp, not strcmp 2016-03-09 18:53:08 -06:00
Elizabeth Myers
788e2d592c m_stats: eliminate special casing of calling the stats L handler. 2016-03-09 17:19:16 -06:00
Mantas Mikulėnas
6f39a80ec6 authd, m_stats: fix command table sizes
There are 256 possible byte values.
2016-03-09 18:15:42 +02:00
Elizabeth Myers
6445c1cf0b rehash: don't restart authd for DNS reloads
This could lead to pretty nasty things, like losing DNS (and in the
future, ident) queries. That's a Bad Thing™.
2016-03-09 03:46:04 -06:00
Elizabeth Myers
503727d1ee More bool conversions 2016-03-09 02:19:31 -06:00
Elizabeth Myers
f408f36452 Merge branch 'elizafox-cleanups' of github.com:charybdis-ircd/charybdis into elizafox-cleanups 2016-03-09 02:10:36 -06:00
Elizabeth Myers
5c1dbc3cc3 Fix m_xline [ci skip] 2016-03-09 02:10:23 -06:00
Elizabeth Myers
1b916de505 More bool conversions [ci skip] 2016-03-09 02:10:21 -06:00
Elizabeth Myers
818c157a6d More bool conversions [ci skip] 2016-03-09 02:06:21 -06:00
Elizabeth Myers
8fbc1152bb Remove dead variable "cold_start" that no longer exists [ci skip] 2016-03-09 02:01:42 -06:00
Elizabeth Myers
f66f0baa67 More bool conversions 2016-03-09 02:00:40 -06:00
Elizabeth Myers
05b77c613f m_close: remove dangling return [ci skip] 2016-03-09 01:45:01 -06:00
Elizabeth Myers
b8b72cbdf1 m_chghost: convert more stuff to bool [ci skip] 2016-03-09 01:44:20 -06:00
Elizabeth Myers
550e851c5e Merge branch 'master' of github.com:charybdis-ircd/charybdis into elizafox-cleanups 2016-03-09 01:41:10 -06:00
Elizabeth Myers
3c7d6fcce7 Message handlers should return void.
Also fix up some return values and stuff to use bool (or void if
nothing). I just did it whilst I was here.

According to jilles, the return value used to signify whether or not the
client had exited. This was error-prone and was fixed a long, long time
ago, but the return value was left int for historical reasons.

Since the return type is not used (and has no clear use case anyway),
it's safe to just get rid of it.
2016-03-09 01:37:03 -06:00
Elizabeth Myers
92a5053638 Merge pull request #163 from awilfox/master
core/m_error: Be consistent in strncmp usage
2016-03-09 01:30:52 -06:00
Elizabeth Myers
eeabf33a7c Move module description headers to the top
This is cleaner.

Note this was broken out of a much larger piece of work I did, so if
there's any problems, I apologise!
2016-03-09 01:29:41 -06:00
Andrew Wilcox
959f5f368b core/m_error: Be consistent in strncmp usage 2016-03-09 01:08:23 -06:00
William Pitcock
ea111ea544 ircd: further cleanup of YES/NO 2016-03-08 13:52:48 -06:00
William Pitcock
881acf00c6 ircd: fix up some iwarn() calls which referred to L_MAIN 2016-03-08 13:47:41 -06:00
William Pitcock
3089f59c10 modules: using labs() for date math is unsafe 2016-03-08 13:46:19 -06:00
William Pitcock
d2e0b78f6c s_conf: remove YES/NO references 2016-03-08 13:45:29 -06:00
Elizabeth Myers
6287d57fa9 s_user: clean up return types and can YES/NO. 2016-03-08 05:06:29 -06:00
Elizabeth Myers
07554369bd Detect stdbool.h and add conformant shims if it isn't available
Charybdis requires C99 already, so it's high time we start using
stdbool. I've converted a few pieces of code already.

A lot of the old code that uses YES/NO should probably be updated too
because that's fucking hideous.
2016-03-08 04:54:04 -06:00
Elizabeth Myers
b3b7401f13 Remove another silly outdated comment [ci skip] 2016-03-08 04:40:46 -06:00
Elizabeth Myers
1235d6848f m_svinfo: remove outdated comment 2016-03-08 04:40:19 -06:00
Elizabeth Myers
963c3faa43 m_stats: kill O(n) lookup on stats. 2016-03-08 04:38:42 -06:00
Elizabeth Myers
9e6917c147 More mailmap entries 2016-03-08 03:59:30 -06:00
Elizabeth Myers
38df338776 Update mailmap for my emails past and present. 2016-03-08 03:51:09 -06:00
Elizabeth Myers
55799c6b4d dns: prune worthless function. 2016-03-08 03:25:21 -06:00
Elizabeth Myers
8a26cd1973 dns: clean up awful hacks.
We now have a resolver cache which we init on startup.
2016-03-08 03:22:25 -06:00
Elizabeth Myers
394b8dde17 authd: allow querying the list of DNS servers.
This was an asston of pain, and it still feels "dirty" as it introduces
an async call where there normally wouldn't be one. Better
implementation more than welcome.
2016-03-08 02:53:25 -06:00
Elizabeth Myers
cdf5ed6cc8 blacklist: clean up some of my old code 2016-03-07 19:54:25 -06:00
Elizabeth Myers
7e6b5384b3 Convert 2.8 style ToUpper/ToLower names to irctoupper/irctolower 2016-03-07 19:04:24 -06:00
Elizabeth Myers
3a29f678cf Rename RATBOX_PROFILE to RB_PROFILE. 2016-03-07 18:52:50 -06:00
Elizabeth Myers
81204be809 Add ircd serials to AV2. 2016-03-07 18:10:22 -06:00
Elizabeth Myers
4ea068e826 Try to fix stupid build error on Travis 2016-03-07 18:00:13 -06:00
Elizabeth Myers
d0a28c6a94 Use Unix time for the date code.
This is easier to deal with than YYYYMMDD.
2016-03-07 17:40:50 -06:00
Elizabeth Myers
749d697c98 Fix generation of serno.h
Due to reversed conditionals, it wasn't being generated properly.

This also actually fixes its generation in librb by just copying the
Charybdis version. Unbundlers will want to take note of this.
2016-03-07 17:15:39 -06:00
William Pitcock
c5baae2459 Merge pull request #162 from maxteufel/umode_noctcp
extensions: add umode_noctcp extension
2016-03-07 14:35:23 -06:00
Max Teufel
54d8925ed4 extensions: add umode_noctcp extension 2016-03-07 18:48:14 +01:00
Elizabeth Myers
34dbd2d49b Makefile.am: make git serno generation a little nicer. 2016-03-07 05:15:35 -06:00
Elizabeth Myers
638d286293 Change some RATBOX_FOO defines to CHARYBDIS_FOO. 2016-03-07 05:01:31 -06:00
Elizabeth Myers
b8e9ac5f5f AV2 description: forgot this one too 2016-03-07 04:13:01 -06:00
Elizabeth Myers
a278a4fc68 AV2 descriptions: forgot these 2016-03-07 04:11:58 -06:00
Elizabeth Myers
3bde01a819 Update extensions/spy_* with AV2 descriptions. 2016-03-07 04:09:14 -06:00
Elizabeth Myers
84b4c05888 Add AV2 descriptions for extensions/sno_* 2016-03-07 04:02:27 -06:00
Elizabeth Myers
3fd3d7e176 Port some more extensions to AV2 and add descriptions 2016-03-07 03:50:03 -06:00
Elizabeth Myers
8699801ca2 Compensate for my obviously diminished faculties. 2016-03-07 03:42:43 -06:00
Elizabeth Myers
02369fa767 Give all extensions/m_* modules AV2 descriptions 2016-03-07 03:40:51 -06:00
Elizabeth Myers
f45f4143f6 m_starttls: fix fucked-up merge 2016-03-07 03:15:50 -06:00
Elizabeth Myers
684725edf5 m_starttls: port to AV2 caps stuff 2016-03-07 03:15:00 -06:00
Elizabeth Myers
fc939ca58f Merge pull request #161 from awilfox/av2desc
Add AV2 descriptions to all modules P-X
2016-03-07 03:10:51 -06:00
Elizabeth Myers
dacd2aa8c2 Bump some extensions to AV2 and add descriptions 2016-03-07 03:08:40 -06:00
Andrew Wilcox
893806a6ea modules: Add AV2 description to m_xline 2016-03-07 02:54:54 -06:00
Andrew Wilcox
3bf449fe26 modules: Add AV2 descriptions for m_w* modules 2016-03-07 02:53:27 -06:00
Andrew Wilcox
ae5695cdcb m_time and m_user: Fix small typo 2016-03-07 02:53:16 -06:00
Elizabeth Myers
1fe7d6083d AV2 descriptions for m_[no]* 2016-03-07 02:45:37 -06:00
Andrew Wilcox
78624ddf8d modules: Add AV2 description to m_version 2016-03-07 02:45:00 -06:00
Andrew Wilcox
4855e957c5 modules: Add AV2 descriptions to all m_u* modules 2016-03-07 02:43:11 -06:00
Elizabeth Myers
bc89faebd1 m_map: oops... 2016-03-07 02:37:33 -06:00
Elizabeth Myers
f5ebe640bc Add AV2 descriptions to m_[l-m]* 2016-03-07 02:34:00 -06:00
Andrew Wilcox
be9c397952 modules: Add AV2 descriptions to all m_t* modules 2016-03-07 02:27:32 -06:00
Elizabeth Myers
f1156bf07a Do AV2 descriptions for m_[i-k]* 2016-03-07 02:11:50 -06:00
Elizabeth Myers
df1f1212a8 m_invite: update for AV2 2016-03-07 02:09:21 -06:00
Andrew Wilcox
3abc337fe1 modules: Add AV2 descriptions to all m_s* modules 2016-03-07 02:05:28 -06:00
Elizabeth Myers
9fd8e7cbc9 Do AV2 strings for m_[d-h]* 2016-03-07 01:59:08 -06:00
Andrew Wilcox
114d98b3cc modules: Add AV2 descriptions to all m_r* modules 2016-03-07 01:52:45 -06:00
Elizabeth Myers
5544da98b8 Add AV2 descriptions to all m_c* modules. 2016-03-07 01:52:16 -06:00
Andrew Wilcox
d5d3540913 modules: Add AV2 descriptions to all m_p* modules 2016-03-07 01:47:40 -06:00
Elizabeth Myers
3c88406edc Do a few more AV2 descriptions in modules. 2016-03-07 01:38:14 -06:00
Elizabeth Myers
de2b673f5a example_module: forgot a stupid semicolon. 2016-03-07 01:35:35 -06:00
Elizabeth Myers
b212d71344 chm_noctcp: add AV2 string 2016-03-07 01:32:19 -06:00
Elizabeth Myers
4a0944732a chm_nocolour: add AV2 docs 2016-03-07 01:31:27 -06:00
Elizabeth Myers
4d552723ee example_module: update for AV2. 2016-03-07 01:27:57 -06:00
Elizabeth Myers
deef17e5b9 Merge branch 'awilfox-av2desc' 2016-03-07 01:21:11 -06:00
Elizabeth Myers
4491f53665 Merge branch 'av2desc' of https://github.com/awilfox/charybdis into awilfox-av2desc 2016-03-07 01:20:49 -06:00
Elizabeth Myers
0466682f92 m_quit: add desc string 2016-03-07 01:17:30 -06:00
Elizabeth Myers
ee6dcb0514 Add more core module descriptions 2016-03-07 01:16:24 -06:00
Andrew Wilcox
42c9851a5d core/m_squit: Add AV2 description 2016-03-07 01:09:07 -06:00
Andrew Wilcox
51588bbc9f core/m_server: Add AV2 description 2016-03-07 01:06:39 -06:00
Andrew Wilcox
4dc7383a2f core/m_quit: Add AV2 description 2016-03-07 01:06:39 -06:00
Andrew Wilcox
25e38006db core/m_part: Add AV2 description 2016-03-07 01:06:39 -06:00
Elizabeth Myers
d821282260 cap_server_time: update doodads for AV2 2016-03-07 01:05:24 -06:00
Elizabeth Myers
41fb059881 cap_account_tag: migrate CAP reg/desc to AV2 2016-03-07 01:02:08 -06:00
William Pitcock
d2ba0399c0 Merge pull request #158 from awilfox/av2desc
Add AV2 descriptions to core modules
2016-03-07 00:58:54 -06:00
Andrew Wilcox
8661d5ae5c core/m_message: Add AV2 description 2016-03-07 00:57:05 -06:00
Andrew Wilcox
ac1b809c5f core/m_kill: Add AV2 description 2016-03-07 00:56:08 -06:00
Andrew Wilcox
33b2b6c1ab core/m_kick: Add AV2 description 2016-03-07 00:55:36 -06:00
Andrew Wilcox
823ab5285f core/m_join: Add AV2 description 2016-03-07 00:52:50 -06:00
Andrew Wilcox
8798744e50 core/m_die: Add AV2 description 2016-03-07 00:48:48 -06:00
Andrew Wilcox
65ca483f97 core/m_ban: Add AV2 description 2016-03-07 00:48:27 -06:00
William Pitcock
c81afd1580 extensions: add AV2 description strings to a few modules 2016-03-07 00:32:01 -06:00
Elizabeth Myers
d9e4f6f074 librb: it's pretty obvious this has been updated since 2008.
Add code to properly generate SERNO accordingly.
2016-03-07 00:23:30 -06:00
William Pitcock
e09ee7faad librb: remove some files installed by libtoolize 2016-03-07 00:14:18 -06:00
William Pitcock
b7e4fcb7a7 modules: AV2: use unsigned int for capability IDs instead of signed int 2016-03-07 00:13:54 -06:00
William Pitcock
ccb75e917e m_cap: use rb_snprintf_append() instead of pointer math 2016-03-07 00:13:54 -06:00
Elizabeth Myers
105a4985b4 Migrate remaining modules to AV2
No descriptions yet. :(
2016-03-07 00:03:39 -06:00
Elizabeth Myers
1bb809cb30 Remove m_42 from README. 2016-03-06 23:58:32 -06:00
Elizabeth Myers
d40217b4f6 Bye m_42.
Mostly a useless hybrid relic that nobody had used for years.
2016-03-06 23:57:50 -06:00
Elizabeth Myers
04f832b778 Bump all extensions to AV2
Most do not yet have descriptions, but that's trivial.
2016-03-06 23:57:10 -06:00
Elizabeth Myers
581dad19a4 Update chm_* modules to AV2 2016-03-06 23:48:27 -06:00
Elizabeth Myers
978b723252 modules: show module provenance in modlist 2016-03-06 23:21:08 -06:00
Elizabeth Myers
216d70e91d modules: tag origin at load time. 2016-03-06 18:57:05 -06:00
William Pitcock
7ee96784c2 remove pregenerated librb/configure 2016-03-06 18:30:01 -06:00
William Pitcock
498b189340 librb: provide AC_TRY_RUN fallback for cross-compiling librb (closes #151) 2016-03-06 18:29:19 -06:00
Elizabeth Myers
c63aeb44e9 modules: add origin field to V2 2016-03-06 17:52:49 -06:00
Elizabeth Myers
c168ef1864 m_remove: use new AV2 MAPI 2016-03-06 17:27:02 -06:00
Elizabeth Myers
2ab24be6f9 modules: show descriptions in list 2016-03-06 17:26:30 -06:00
Elizabeth Myers
0eb7d9c02c modules: add description field 2016-03-06 17:14:31 -06:00
Elizabeth Myers
0e5bf029a6 modules: wow, that was a dumb error.
Add a stupid break statement.
2016-03-06 17:08:44 -06:00
Elizabeth Myers
7b075a7610 modules: whoops, forgot one tiny thing 2016-03-06 17:04:02 -06:00
Elizabeth Myers
8e9c6a7590 modules: add new MAPI V2
MAPI V1 is still supported for legacy modules, but it is highly
recommended to update to MAPI V2. It includes support for capability
tables, module descriptions, and implicit versions.
2016-03-06 16:53:03 -06:00
Elizabeth Myers
123231aa3c CREDITS: add other team members (that is, those with commit access) 2016-03-06 15:39:01 -06:00
Elizabeth Myers
a4bf26dd34 Move irc_* data structures to librb.
This makes the base ircd less cluttered up with data structures that can
go elsewhere.
2016-03-06 14:17:19 -06:00
Elizabeth Myers
eddf454cd3 librb: whoops, didn't realise this was needed... :x 2016-03-06 13:30:56 -06:00
Elizabeth Myers
1cabc01c9c README: lol, IRIX and libc5. 2016-03-06 13:28:56 -06:00
Elizabeth Myers
aba90ea5fe Update news 2016-03-06 13:27:14 -06:00
Elizabeth Myers
90d3128863 librb: remove credits, they are redundant with charybdis's. 2016-03-06 13:21:47 -06:00
Elizabeth Myers
4966594cfa librb: remove ChangeLog, it hasn't been updated for 8 years. 2016-03-06 13:19:23 -06:00
Elizabeth Myers
cfa2362d80 librb: forgot this. 2016-03-06 13:18:55 -06:00
Elizabeth Myers
fe037171d6 Change all leftover libratbox stuff to librb. 2016-03-06 03:49:27 -06:00
Elizabeth Myers
5f5b18684d config.h.dist: forgot one... 2016-03-06 03:00:42 -06:00
Elizabeth Myers
1b7a47417b Remove more $Id tags. 2016-03-06 02:58:32 -06:00
Elizabeth Myers
c6d81c6d59 m_echotags: Oops... 2016-03-06 02:49:16 -06:00
Elizabeth Myers
cbeab4bc34 Remove $Id tags from everything.
These are obsolete and none have changed since 10 years gao...
2016-03-06 02:47:27 -06:00
Elizabeth Myers
5c5d0fb721 bantool: we are not ircd-ratbox 2016-03-06 02:47:27 -06:00
William Pitcock
a3a2f405fc ircd: -lrb, not -lratbox 2016-03-06 02:34:47 -06:00
William Pitcock
4c1873ed21 update librb README to explain the namechange 2016-03-06 02:33:48 -06:00
William Pitcock
c83f2f5e12 rename libratbox to librb, since its pretty modified anyway 2016-03-06 02:30:20 -06:00
Elizabeth Myers
36588d4eac Merge branch 'master' of github.com:charybdis-ircd/charybdis 2016-03-05 22:49:12 -06:00
Elizabeth Myers
a5c46d31e4 Ginormous docs cleanup.
Purge a lot of really old and obsolete documents, and merge some together
where possible. Lots of efnet docs and the old ircd-ratbox manpage (lol)
was purged.

Reorganise everything nice and neatly as possible. Things describing
features can be found in features/, and some more technical documents
were moved to techinical/.

Old credits file was consolidated into credits-past.txt, and a reference
was added to it in the credits.
2016-03-05 22:39:50 -06:00
William Pitcock
bbe36c05b6 Merge pull request #155 from Elizafox/master
Remove some leftover ircd-ratbox references.
2016-03-05 21:44:14 -06:00
William Pitcock
af6b2ce6fc bandb: add -DSQLITE_OMIT_LOAD_EXTENSION for built-in sqlite 2016-03-05 21:42:36 -06:00
Elizabeth Myers
4dbb75ee84 Remove some leftover ircd-ratbox references. 2016-03-05 21:39:51 -06:00
William Pitcock
411c704f4b remove obsolete INSTALL document that clearly nobody ever reads 2016-03-05 21:27:53 -06:00
William Pitcock
23aeba6a11 Merge pull request #154 from Elizafox/master
Remove old .indent.pro files
2016-03-05 21:25:40 -06:00
Elizabeth Myers
1d91de8100 Remove old .indent.pro files
These have been unused since dinosaurs roamed the earth and are mostly
smelly old Hybrid relics.
2016-03-05 21:21:36 -06:00
William Pitcock
38ffccf8c3 cap: allow modules to return client-specific responses for capability inquiries 2016-03-05 18:56:36 -06:00
William Pitcock
1aee992256 update gitignore 2016-03-05 18:30:06 -06:00
William Pitcock
a4cac7eeab autogen: additional tweaks 2016-03-05 18:00:02 -06:00
William Pitcock
f9b3182cbf libratbox: same changes 2016-03-05 17:54:26 -06:00
William Pitcock
7fc8787332 autogen: minor tweaks 2016-03-05 17:51:28 -06:00
William Pitcock
0409e18fa6 build: remove more autotools detritus 2016-03-05 17:49:13 -06:00
William Pitcock
9ea48ec30a remove presupplied autotools files 2016-03-05 17:47:48 -06:00
William Pitcock
5462fb6ee8 update NEWS 2016-03-05 03:03:31 -06:00
William Pitcock
4c83e47679 invite: implement invite-notify support 2016-03-05 02:49:10 -06:00
William Pitcock
d058096aaa invite: broadcast INVITE messages instead of using point to point routing, to facilitate invite-notify 2016-03-05 02:39:42 -06:00
William Pitcock
93cf3e5ac8 Merge pull request #153 from Elizafox/master
parse: get rid of report_messages
2016-03-05 02:08:27 -06:00
Elizabeth Myers
7416e480b0 parse: export cmd_dict for use elsewhere. 2016-03-05 01:05:26 -06:00
Elizabeth Myers
e8f1c19e7b parse: get rid of report_messages
It is a function with a single usage, that is used only for one specific
stats command on one line.
2016-03-05 00:55:33 -06:00
Simon Arlott
e9ffc3c153
ssld: provide version in stats S output 2016-03-03 22:14:50 +00:00
William Pitcock
08e43ffb21 connect: fix tmpport handling 2016-03-02 16:32:27 -06:00
William Pitcock
428f9bc117 client: handle UID rollover. ircd-ratbox r28917 2016-03-02 15:56:49 -06:00
William Pitcock
65f2c0a263 ircd: simplify connid table handling 2016-03-02 15:31:50 -06:00
William Pitcock
1b6568f6d0 sslproc: compile fix 2016-03-01 20:24:12 -06:00
William Pitcock
a0130f9daf sslproc: properly use zconnid's for ziplinks 2016-03-01 20:02:55 -06:00
William Pitcock
36f0ec74c1 client: always purge a client from the connid table, as connid is not related to FD 2016-03-01 19:52:34 -06:00
William Pitcock
3da53a4d74 Merge pull request #152 from lp0/ssld_foreach_info-20160301
ircd: add missing sslproc function ssld_foreach_info()
2016-03-01 15:55:29 -06:00
Simon Arlott
035d9143bd ircd: add missing sslproc function ssld_foreach_info()
Iterate through the ssl daemons and report their status.
2016-03-01 21:30:51 +00:00
William Pitcock
15b0093d1f update NEWS 2016-02-29 19:28:27 -06:00
William Pitcock
455d2750fc cap: don't show orphaned capabilities 2016-02-28 19:15:13 -06:00
William Pitcock
2e4bf32f36 capability: set ownerdata to NULL when orphaning 2016-02-28 19:15:04 -06:00
William Pitcock
6b23b98ab6 m_cap: ensure buffers are initialized properly 2016-02-28 18:49:29 -06:00
mniip
802710b59a Always send the certificate fingerprint when doing SASL because the services might need it for SOME REASON 2016-02-29 03:29:08 +03:00
William Pitcock
ba316ed56c cap: implicitly enable cap-notify on CAP LS 302, to MAKE IRC GREAT AGAIN!!!!oneoneone 2016-02-28 01:32:54 -06:00
William Pitcock
ddf62b10f9 m_cap: add support for CAP LS 302 2016-02-28 01:13:08 -06:00
William Pitcock
da3e5fcb42 sasl: implement support for distributing mechlists 2016-02-28 01:02:10 -06:00
William Pitcock
df06f4c920 cap server-time: add .000 for microsecs since our clock does not support microsecs 2016-02-28 00:40:46 -06:00
William Pitcock
193d4db30c sasl: transfer ownership of 'sasl' capability to m_sasl module 2016-02-28 00:29:26 -06:00
Mantas Mikulėnas
62a0966666 buildsystem: honor $DESTDIR in install-data-hook
Closes #150
2016-02-27 15:53:37 +02:00
William Pitcock
573896f639 send: allow passing NULL origin to build_msgbuf_from() (for future use) 2016-02-27 02:56:44 -06:00
William Pitcock
be2ce24c42 send: implement echo-message 2016-02-27 02:48:37 -06:00
William Pitcock
4bdf963cdc modules: add cap_server_time, adding server-time cap support 2016-02-27 02:31:38 -06:00
William Pitcock
ed3853649d starttls: add s_serv for caps 2016-02-27 01:51:58 -06:00
William Pitcock
0416a2cc86 starttls: take ownership of 'tls' capability 2016-02-27 01:45:40 -06:00
William Pitcock
32df5e96a6 cap: substantial rewrite leveraging the ircd capabilities framework for client caps 2016-02-27 01:41:36 -06:00
William Pitcock
ba83226733 capability: move some previously private structures to public API 2016-02-27 00:46:49 -06:00
William Pitcock
486cd34415 ircd: chase capability API changes 2016-02-27 00:01:54 -06:00
William Pitcock
63b9db9675 capability: allow attaching capability-owner data to a capability token, to enable extended data for client capabilities 2016-02-26 23:55:43 -06:00
William Pitcock
4d2f203026 msgbuf: msgbuf_unparse_tags(): don't send a tags sigil unless tags will actually be emitted 2016-02-20 18:41:16 -06:00
William Pitcock
474f6342e8 send: we dont actually want tags in sendto_channel_local_butone() 2016-02-20 18:35:35 -06:00
William Pitcock
c8c3ac2440 send: obviously we can't just reuse a va_list, duh 2016-02-20 18:32:32 -06:00
William Pitcock
667fb62eec send: implement tags support for sendto_channel_flags() too 2016-02-20 18:27:15 -06:00
William Pitcock
adaa9ba989 send: more sendto_anywhere() fixing 2016-02-20 18:12:46 -06:00
William Pitcock
f2003b4411 send: fix sendto_anywhere() missing a target param 2016-02-20 17:59:38 -06:00
William Pitcock
71c875fb9a msgbuf: allow for an explicit target to be defined 2016-02-20 17:59:00 -06:00
William Pitcock
815fbc146f modules/cap_account_tag: new module providing the account-tag cap as a proof of concept 2016-02-20 17:44:46 -06:00
William Pitcock
48a2b7c182 hook: allow hook_data to have non-const arguments, add hook_cdata for arguments that must be treated const 2016-02-20 17:44:13 -06:00
William Pitcock
cf549495d8 libratbox: export rb_linebuf_putprefix on linux 2016-02-20 17:30:20 -06:00
William Pitcock
ddedc60398 cap: register the account-tag capability 2016-02-20 17:26:35 -06:00
William Pitcock
5559c3cf17 send: implement partial support for outbound tags (enough for account-tag as a testcase) 2016-02-20 16:37:19 -06:00
William Pitcock
4f8ababae0 send: implement linebuf_put_msgbuf() and msgbuf_build_from(), which build the core of the ircv3.2 tags support for outbound messages 2016-02-20 15:50:12 -06:00
William Pitcock
5abeae60b8 libratbox: implement rb_linebuf_putprefix() which joins a format string to a static string 2016-02-20 15:12:13 -06:00
William Pitcock
33085472a2 msgbuf: make msgbuf_unparse_prefix() public 2016-02-20 14:46:09 -06:00
William Pitcock
c678fbc08b ircd: remove broken USE_IODEBUG_HOOKS knob and related code 2016-02-20 12:02:49 -06:00
William Pitcock
8f64d32533 msgbuf: implement msgbuf_vunparse_fmt() and friends 2016-02-20 11:38:00 -06:00
William Pitcock
691adddd0e msgbuf: handle me.name properly 2016-02-20 11:23:44 -06:00
William Pitcock
4a13e3f1da msgbuf: add some message building code 2016-02-20 11:21:12 -06:00
William Pitcock
d84acbceca newconf: move SSL/TLS deprecation message from ERROR severity to WARNING severity 2016-02-19 17:11:25 -06:00
William Pitcock
7baa37a9ef msg: remove last vestiges of the fakelag system. charybdis has never supported fakelag. 2016-02-19 16:43:39 -06:00
William Pitcock
e742a9e9e7 Merge pull request #149 from anarcat/reproducible
make build reproducible
2016-02-16 00:01:57 -06:00
Antoine Beaupré
a393a68a0e make build reproducible
we do this by removing the uname usage everywhere: it is not actually
used at runtime at all.

we keep the timestamp, because it is actually used in user_welcome()
but allow it to be overriden.

ideally, that timestamp would be completely removed, but I am not sure
what to put in its place, or if it would break some mysterious RFC (or
client!) if we remove that announcement.
2016-02-16 00:37:20 -05:00
William Pitcock
0fc6e6891a Merge pull request #147 from anarcat/extra-clean
add missing files to the clean target
2016-02-15 23:07:03 -06:00
Antoine Beaupré
4354228c72 add missing files to the clean target
without those, make; make clean is not idempotent
2016-02-15 22:24:48 -05:00
William Pitcock
d670fe5271 msgbuf: msgbuf_append_tag(): add support for attaching a specific capability bit 2016-02-13 00:19:23 -06:00
William Pitcock
b4993fe8c3 msgbuf: pull in s_assert 2016-02-12 12:12:30 -06:00
William Pitcock
920e4849f1 msgbuf: fix AFP() macro 2016-02-12 11:56:15 -06:00
William Pitcock
9d5170247e msgbuf: attach capabilities mask to each tag for sending
this will be used with a bloom filter to speed up the 1-to-many case
2016-02-11 19:50:47 -06:00
William Pitcock
7b20f46ed3 Merge pull request #146 from lp0/fix-sqlite-unixRandomness-read-20160211
bandb: sqlite3: check read() return value
2016-02-11 16:13:34 -06:00
William Pitcock
5f8919a9c3 Merge pull request #145 from lp0/fix-ssld-fmt-warnings-20160211
ssld: fix format string warnings for statistics
2016-02-11 16:13:20 -06:00
Simon Arlott
20b940a99c
bandb: sqlite3: check read() return value 2016-02-11 22:08:37 +00:00
Simon Arlott
26b83fa09d
ssld: fix format string warnings for statistics
Cast the uint64_t format arguments to unsigned long long as
that's what the format string specifies.
2016-02-11 21:58:44 +00:00
William Pitcock
08006c16f8 msgbuf: do a better job of handling gotchas with parsing tags 2016-02-10 21:16:28 -06:00
William Pitcock
c84003aeb5 ssld: we use uint8_t for IPC buffers, not char 2016-02-10 21:03:09 -06:00
William Pitcock
a1125230f3 libratbox: time_t can be 64-bit, so use labs() 2016-02-10 21:02:56 -06:00
William Pitcock
ca45daba73 extensions: add m_echotags extension to echo back your tags in NOTICE form 2016-02-10 21:00:27 -06:00
William Pitcock
428ca87b01 modules: chase MsgBuf API change 2016-02-10 20:54:17 -06:00
William Pitcock
760bafdac3 extensions: update for API change 2016-02-10 20:14:22 -06:00
William Pitcock
4a84a763cd ircd: change MessageHandler to include a MsgBuf pointer at the front for tag access 2016-02-10 20:13:44 -06:00
Simon Arlott
8ace0906ad libratbox: event: continually adjust ish event times
When events are scheduled to run at a random +/- 1/3rd of the specified
frequency it can vary considerably for the longer timers (particularly
try_connections), so adjust the frequency to a different random interval
of the original frequency every time the event runs.
2016-02-10 19:03:31 -06:00
Simon Arlott
eb1b303d56 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-02-10 19:03:30 -06:00
William Pitcock
dea27a087c Merge pull request #144 from lp0/handle-which_ssld_failure-start_ssld_connect-accept-20160210
ircd: Handle which_ssld failure
2016-02-10 18:54:05 -06:00
Simon Arlott
5e270e7d89
ircd: Handle which_ssld failure
It's possible for which_ssld to fail and return NULL, handle this in
start_ssld_connect and start_ssld_accept by returning NULL. The NULL
return value is already handled in all calls to start_ssld_accept,
so handle this for start_ssld_connect by reporting an error connecting.

Handle it in start_zlib_session by exiting the client.
2016-02-10 22:45:38 +00:00
Simon Arlott
b9ff4868a9
ircd: add missing rb_free in start_zlib_session 2016-02-10 22:45:35 +00:00
William Pitcock
6d01fdc791 Merge pull request #137 from lp0/fix-ssld-change_connid-20160207
ssld: change_connid may be called with an unknown ID
2016-02-10 15:54:43 -06:00
William Pitcock
45d128bc10 Merge pull request #142 from lp0/fix-random_socket-20160210
authd: fix link failure in random_socket
2016-02-10 15:53:27 -06:00
Simon Arlott
3f6cbacc41
authd: fix link failure in random_socket
The random_socket function isn't used, and the code can only be
compiled if the function is optimised away (because it's static
and unused) otherwise it will fail to link when "ipv4_addr" and
"ipv6_addr" are not found.

Fix this by modifying ipv4_addr and ipv6_addr so that they're not
external variables.
2016-02-10 21:29:41 +00:00
Simon Arlott
7beaee5239
ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-02-10 21:22:50 +00:00
William Pitcock
1579e155b1 parse: further cleanups 2016-02-10 10:25:16 -06:00
William Pitcock
20dd3725b8 parse: fix aliases 2016-02-10 10:09:42 -06:00
William Pitcock
269dd686b3 msgbuf: improve parse logic 2016-02-10 00:46:32 -06:00
William Pitcock
4d03595da4 parse: utilise MsgBuf to simplify message parsing 2016-02-10 00:22:37 -06:00
William Pitcock
a8e69f5dfc msgbuf: implement msgbuf_parse() 2016-02-10 00:08:58 -06:00
William Pitcock
88b427b61d msgbuf: add lowlevel interface for building MsgBuf objects 2016-02-09 23:19:13 -06:00
William Pitcock
b830b64106 include: add msgbuf.h for future msgbuf api 2016-02-09 23:08:35 -06:00
William Pitcock
de50a480af Remove unused .depend files. 2016-02-09 23:08:35 -06:00
William Pitcock
5512416070 Merge pull request #140 from viatsko/remove-snprintf
Remove libratbox's snprintf.c, update related ircd code
2016-02-09 21:58:07 -06:00
Valerii Iatsko
5203cba5ce Remove libratbox's snprintf.c, update related ircd code 2016-02-10 02:25:32 +01:00
Valerii Iatsko
e44504ebf1 Add .travis.yml 2016-02-10 00:00:30 +01:00
William Pitcock
55d5f7970a ircd: various memory leak fixes from pull requests 2016-02-09 10:53:24 -06:00
Simon Arlott
87c44482d0 ircd: chmode: Avoid referencing beyond the end of the flags_list array in set_channel_mode
We're setting flags to flags_list[3] at the end of the loop, but the
array only has 3 elements. Unless the compiler optimises this away
(because flags will not be used again) we're accessing memory beyond
the end of the array.

With gcc-4.9:
chmode.c: In function 'set_channel_mode':
chmode.c:1548:54: warning: iteration 2u invokes undefined behavior [-Waggressive-loop-optimizations]
  for(j = 0, flags = flags_list[0]; j < 3; j++, flags = flags_list[j])
                                                      ^
chmode.c:1548:2: note: containing loop
  for(j = 0, flags = flags_list[0]; j < 3; j++, flags = flags_list[j])

Explicitly set "flags = flags_list[j]" at the start of each loop
iteration, which will avoid referencing off the end of the array.
2016-02-09 10:41:37 -06:00
Simon Arlott
41aed6bbf7 libratbox: define UINT16_MAX
UINT16_MAX may not be defined on some ancient hosts (FreeBSD 4.8)

It's used by libratbox/src/tools.c
2016-02-09 10:41:37 -06:00
Valerii Iatsko
32c3cbd857 Update .gitignore 2016-02-09 10:41:37 -06:00
Valerii Iatsko
9258de810b ircd: configure: require C99 compiler 2016-02-09 10:41:37 -06:00
Valerii Iatsko
b79edd3e79 ircd: configure.ac: remove trailing whitespaces 2016-02-09 10:41:37 -06:00
Valerii Iatsko
6755009c17 Run autoconf 2016-02-09 10:41:37 -06:00
Simon Arlott
173a2f4dda configure: make TOPICLEN warn on >390, not >=390
Configuring --with-topiclen=390 outputs a warning that TOPICLEN
has been limited to 390, but that's what was requested.
2016-02-09 10:41:37 -06:00
Simon Arlott
d5ef3fd3b6 autoconf: Quote AC_LANG_PROGRAM when used within AC_*_IFELSE
AC_LANG_PROGRAM needs to be quoted when used within AC_*_IFELSE:
https://lists.gnu.org/archive/html/bug-autoconf/2011-04/msg00017.html

This fixes the following warnings:

$ autoreconf
configure.ac:298: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2729: _AC_RUN_IFELSE is expanded from...
../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
../../lib/autoconf/general.m4:2748: AC_RUN_IFELSE is expanded from...
configure.ac:298: the top level
configure.ac:593: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2661: _AC_LINK_IFELSE is expanded from...
../../lib/autoconf/general.m4:2678: AC_LINK_IFELSE is expanded from...
configure.ac:593: the top level
...
configure.ac:309: warning: AC_LANG_CONFTEST: no AC_LANG_SOURCE call detected in body
../../lib/autoconf/lang.m4:193: AC_LANG_CONFTEST is expanded from...
../../lib/autoconf/general.m4:2729: _AC_RUN_IFELSE is expanded from...
../../lib/m4sugar/m4sh.m4:639: AS_IF is expanded from...
../../lib/autoconf/general.m4:2748: AC_RUN_IFELSE is expanded from...
configure.ac:309: the top level
...
2016-02-09 10:41:37 -06:00
Valerii Iatsko
84b49742ad ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-02-09 10:41:36 -06:00
Valerii Iatsko
8f89a66d2a Update .gitignore 2016-02-09 10:41:36 -06:00
Valerii Iatsko
de596e1948 CREDITS: updated my nickname and email 2016-02-09 10:41:36 -06:00
Valerii Iatsko
c56f5979aa Fixed compilation w/ gnutls v3 2016-02-09 10:41:36 -06:00
William Pitcock
c4e9deaef9 extensions: add chm_insecure, which has the opposite effect of chm_sslonly.
This module makes SSL required to join any channels except for ones specifically marked insecure.
It is meant to be used in a migration path away from plaintext IRC.
2016-01-29 22:26:41 -05:00
William Pitcock
35f284c2bd ircd: newconf: impose a deprecation warning for plaintext listeners 2016-01-29 11:35:05 -05:00
William Pitcock
f7036bbe6f libratbox: gnutls: add gnutls 3.4 support (closes #123) 2016-01-24 14:51:57 -05:00
William Pitcock
46277ee2e2 remove TODO, outdated like whoa 2016-01-23 14:55:06 -05:00
William Pitcock
41976628bd README: being the reference ircv3.1 implementation seems boring in 2016. 2016-01-23 14:52:57 -05:00
William Pitcock
cc6ce2d689 ircd: hash: remove some detritus 2016-01-23 11:44:08 -05:00
William Pitcock
d38c08c178 ircd: hostname lists are now stored in a radix tree 2016-01-23 11:40:17 -05:00
William Pitcock
b47f8a4fda ircd: import modified version of ratbox 3.1 whowas code 2016-01-23 11:16:34 -05:00
William Pitcock
3de2266243 ircd: monitor: use irc_radixtree instead of home-grown hashtable 2016-01-23 10:35:40 -05:00
William Pitcock
b9a32bd24b LIST: plug memory leak 2016-01-22 16:07:55 -05:00
William Pitcock
912cae0c9c Revert "ircd: rework sendq limits a bit."
This reverts commit 9a5958119c.
2016-01-20 22:27:33 -05:00
William Pitcock
999fab778c Revert "LIST: use new sendq system to reimplement SAFELIST differently."
This reverts commit e835592cfc.
2016-01-20 22:26:55 -05:00
William Pitcock
704697b6b6 ircd: radixtree: allow irc_radixtree_elem_find() to find a fuzzy match instead of an exact match 2016-01-20 22:10:35 -05:00
William Pitcock
0d9a72de21 ircd: radixtree: add irc_radixtree_foreach_start_from() which uses irc_radixtree_elem_find() to find the starting point 2016-01-20 21:02:03 -05:00
William Pitcock
1b68574301 ircd: radixtree: move some things into the right namespace 2016-01-20 20:52:17 -05:00
Jilles Tjoelker
58855a9f2c extensions/helpops: Do not use oper:hidden.
If +H is a separate umode and privilege, there is no reason to have
oper:hidden, which did not work properly anyway since it is not propagated
to other servers.
2016-01-16 15:23:32 +01:00
Jilles Tjoelker
6da38a0a5d WHOIS: Make hide_opers_in_whois not affect opers doing whois. 2016-01-16 15:22:50 +01:00
William Pitcock
103a1bfd34 extensions/override: disable false positive modehack notice 2016-01-16 02:28:49 -06:00
William Pitcock
f69d7febc7 extensions/override: improve KICK override messages 2016-01-16 02:04:01 -06:00
William Pitcock
1046ac77af ircd: chmode: change CHFL_CHANOP checks where appropriate to allow levels above CHFL_CHANOP
this is the same behaviour as other checks in other places in the code.
2016-01-16 01:55:57 -06:00
William Pitcock
f60055d32d ircd: call rehash_authd(), not restart_authd() when rehashing 2016-01-16 00:04:07 -06:00
William Pitcock
71c955336e ircd: add general::hide_opers_in_whois to simulate ircd-seven operhide 2016-01-15 13:38:40 -06:00
William Pitcock
161ac1c8d5 extensions/helpops: implement DEHELPER command 2016-01-14 15:16:29 -06:00
William Pitcock
4d21f1e8e0 extensions/helpops: new module, implementing a helpops system.
if loaded, this module takes over /stats p, and displays people who are umode +H.
to get umode +H, one must have the "usermode:helpops" permission.
2016-01-14 08:08:40 -06:00
William Pitcock
ea2d270096 STATS: allow modules to override normal stats requests 2016-01-14 06:57:04 -06:00
William Pitcock
0cc93eadc0 NEWS: first pass of many at 3.6 news 2016-01-14 06:45:18 -06:00
William Pitcock
3ee43bcf29 ircd: get_channel_access(): do not derive channel pointer from membership 2016-01-13 22:16:44 -06:00
William Pitcock
633531a4aa TOPIC: strip channel topic colors here if configured, instead of in set_channel_topic() 2016-01-13 17:17:14 -06:00
William Pitcock
e4af89f4d7 Revert "LIST: since we now have channel::strip_topic_colors, don't unconditionally strip colors here anymore"
This reverts commit b28b21f6d5.
2016-01-13 17:11:16 -06:00
William Pitcock
b28b21f6d5 LIST: since we now have channel::strip_topic_colors, don't unconditionally strip colors here anymore 2016-01-13 17:05:49 -06:00
William Pitcock
14482679ce ircd: channel: implement an option to strip color codes from channel topics 2016-01-13 17:05:41 -06:00
William Pitcock
b4e3861bf9 ircd: get_channel_access(): allow override hooks to work without a membership pointer 2016-01-13 16:56:05 -06:00
William Pitcock
e118f2d431 extensions/chm_operpeace: new module which disallows kicking of operators on select channels 2016-01-13 16:52:56 -06:00
William Pitcock
fd8e3f892c ircd: chmode: clean up chm_hidden() a little bit 2016-01-13 16:37:25 -06:00
William Pitcock
be29ec793d ircd: import hidden channel modes framework, from ircd-seven
This allows for modules to define channel modes which are only visible to opers.
2016-01-13 16:34:27 -06:00
William Pitcock
88c48be58c extensions/sno_globalnickchange: import from ircd-seven 2016-01-12 07:10:39 -06:00
William Pitcock
abad2c5da6 CONNECT: allow using 3-argument CONNECT with port == 0 locally (closes #119) 2016-01-12 05:54:04 -06:00
William Pitcock
15feac531c ircd: implement support for remote module load/unload/etc commands 2016-01-12 00:37:54 -06:00
William Pitcock
cc7ae51cdc Allow remote DIE and RESTART (from ircd-seven) 2016-01-12 00:04:54 -06:00
William Pitcock
3b1c2aa62c modules: add missing m_grant.c 2016-01-11 23:52:04 -06:00
William Pitcock
a4721f5e9f ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd) 2016-01-11 23:32:23 -06:00
William Pitcock
fe749d3709 ircd: implement GRANT subsystem based on ircd-seven 2016-01-11 23:02:03 -06:00
William Pitcock
cd66c5b922 ircd: change_nick_user_host(): only update target_p->username if the buffer has actually changed (pointed out by Valgrind) 2016-01-11 22:46:49 -06:00
William Pitcock
b870a5f8e9 extensions/override: display mode-change string in override messages 2016-01-11 22:40:32 -06:00
William Pitcock
7abb4a4f0d parse: add missing semicolon 2016-01-11 22:31:19 -06:00
William Pitcock
e4603e3d27 parse: implement reconstruct_parv() 2016-01-11 22:28:55 -06:00
William Pitcock
49c12c23f9 extensions/m_remove: simplify the reason building code, pointed out by mniip 2016-01-10 22:27:28 -06:00
William Pitcock
1bb3786ddb Merge pull request #118 from dwfreed/remove-quote-part
extensions/m_remove: quote user part messages
2016-01-10 19:42:05 -06:00
Doug Freed
a69c4f8c56 extensions/m_remove: quote user part messages
Quote user part messages like freenode/ircd-seven so that users can't
fake a channel op using /remove.  This only applies when this module is
loaded.
2016-01-10 12:51:28 -08:00
William Pitcock
9b74b99268 ircd: hash: channels are no longer a hashtable 2016-01-09 23:47:50 -06:00
William Pitcock
730b914c17 LIST: more cleanups 2016-01-09 23:34:52 -06:00
William Pitcock
e835592cfc LIST: use new sendq system to reimplement SAFELIST differently.
This is more like ratbox, but with the same filtering etc. features, and also using the hard sendq limit.
2016-01-09 23:28:53 -06:00
William Pitcock
9a5958119c ircd: rework sendq limits a bit.
The sendq limit is now soft, now we halt processing if a sendq is exceeded, until it is sufficiently drained.
This allows us to implement SAFELIST and other floody commands without hacks.
2016-01-09 23:14:04 -06:00
William Pitcock
8dacf9e917 ircd: make STATS B easier to understand 2016-01-09 06:23:13 -06:00
William Pitcock
a21e57bebe ircd: scache: use irc_radixtree 2016-01-09 05:55:46 -06:00
William Pitcock
ed4d1541ff ircd: hash: we do not use 2.8-style chained hashtables for client lookups anymore, so remove no longer relevant comments 2016-01-09 05:43:51 -06:00
William Pitcock
bb4ac31447 ircd: hash: use an irc_radixtree for client names 2016-01-09 05:30:13 -06:00
William Pitcock
3eeccbe3ce ircd: hash: use an irc_radixtree for IDs 2016-01-09 05:13:10 -06:00
William Pitcock
46be39faab ircd: hash: use an irc_radixtree for storing resv's 2016-01-09 04:59:02 -06:00
William Pitcock
5c7c7d65c2 ircd: hash: client connection id hashtables are now dictionaries keyed by uint32 2016-01-09 04:25:41 -06:00
William Pitcock
45dfdf46c8 ircd: irc_dictionary: allow storage of non-string types as keys 2016-01-09 04:09:40 -06:00
William Pitcock
d99ff0298c ircd: irc_dictionary: fix up stats routines 2016-01-09 01:41:20 -06:00
William Pitcock
21d5a11cb8 ircd: irc_dictionary: also show dictionary stats 2016-01-09 01:34:37 -06:00
William Pitcock
99b461bb2f ircd: ensure irc_dictionary users have names, for stats tracking. 2016-01-09 01:22:11 -06:00
William Pitcock
b02a913bc8 ircd: operhash: rewrite to use irc_radixtree 2016-01-09 01:08:15 -06:00
William Pitcock
db891ac3ca ircd: irc_radixtree: add irc_radixtree_irccasecanon and irc_radixtree_strcasecanon helpers 2016-01-09 01:00:55 -06:00
William Pitcock
325cc939b7 ircd: irc_radixtree: add some convenience functions for tracking radix tree stats 2016-01-09 00:54:57 -06:00
William Pitcock
8e6ba6f9ce ircd: add irc_radixtree, which is like irc_dictionary but uses a radix tree as the backing store 2016-01-09 00:44:39 -06:00
William Pitcock
d6797f8639 ircd: operhash: convert to a proper stringpool implementation 2016-01-08 11:09:00 -06:00
William Pitcock
e575ed5193 libratbox: disable the block allocator, but keep it as a stub for now 2016-01-08 07:16:23 -06:00
William Pitcock
190a59706e configure: no more small-net 2016-01-08 07:09:47 -06:00
William Pitcock
9e45a5ca19 buildsystem: further cleanup 2016-01-08 07:01:00 -06:00
William Pitcock
a886cb82fb buildsystem: more LTDLINCL fixes 2016-01-08 06:57:45 -06:00
William Pitcock
f0718c93d5 configure: use correct path for libltdl 2016-01-08 06:50:01 -06:00
William Pitcock
1eeb046930 ircd: remove internal resolver, no longer used 2016-01-08 06:39:51 -06:00
William Pitcock
1d02144f8b ircd: move DNS resolution over to authd 2016-01-08 06:31:08 -06:00
William Pitcock
c7c009b563 authd: do not use \n with rb_helper_write(), unnecessary 2016-01-08 05:44:41 -06:00
William Pitcock
1bf2919817 ircd/dns: implement final version of authd-dns line protocol 2016-01-08 05:44:05 -06:00
William Pitcock
fa43f55940 authd: fix some DNS module logic 2016-01-08 05:32:27 -06:00
William Pitcock
5164a68650 buildsystem: update Makefile.in's 2016-01-08 05:20:32 -06:00
William Pitcock
6d063f05b0 ircd: start up authd 2016-01-08 05:20:09 -06:00
Aaron Jones
d8c4154da2 Fix LTDL conditional, remove some unnecessary and/or ugly configure tests 2016-01-07 17:15:55 +00:00
Aaron Jones
eec2776c6c Fix some autotools discrepancies, disable SQLite threading code 2016-01-07 16:58:28 +00:00
William Pitcock
63f53befd3 ircd: add main.c stub executable 2016-01-06 23:57:35 -06:00
William Pitcock
415b482ce3 ircd: add new lex/yacc files 2016-01-06 22:50:54 -06:00
William Pitcock
1d9974511b ircd/dns: same 2016-01-06 21:35:34 -06:00
William Pitcock
ebccc13b84 authd: fix ratbox3.1-ism 2016-01-06 21:25:07 -06:00
William Pitcock
4c4f6c971e lets try this 2016-01-06 21:07:14 -06:00
William Pitcock
471fdc673b add missing libltdl support files 2016-01-06 20:49:31 -06:00
William Pitcock
3949459b81 ircd/authd: minor cleanups 2016-01-06 04:46:11 -06:00
William Pitcock
fb7d74efef ircd/authd: split out authd lifecycle functions from actual DNS functions 2016-01-06 04:41:57 -06:00
William Pitcock
7d2852b4d1 dns: new WIP client which queries authd for DNS records, not yet in use 2016-01-06 04:28:34 -06:00
William Pitcock
b5e4f39625 buildsystem: build serno.h before anything else 2016-01-06 04:27:32 -06:00
William Pitcock
0c32811863 buildsystem: add authd to SUBDIRS 2016-01-06 04:11:21 -06:00
William Pitcock
8cf45447e2 authd: implement DNS module 2016-01-06 03:52:37 -06:00
William Pitcock
f3e11b1d6f authd: clean up command handlers code a little 2016-01-06 03:11:20 -06:00
William Pitcock
ed62c46ba1 authd: import stripped down charybdis resolver 2016-01-06 02:47:22 -06:00
William Pitcock
0d73e7db9c authd: add skeleton 2016-01-06 02:31:11 -06:00
William Pitcock
b697c3296a sslproc: process title of ssld seemed gramatically weird (nitpicking) 2016-01-06 02:15:23 -06:00
William Pitcock
03906030a3 extensions: import sno_channelcreate from ircd-seven 2016-01-06 02:03:06 -06:00
William Pitcock
d610d3f344 config.h: fix SPATH 2016-01-06 02:00:12 -06:00
William Pitcock
d76258f559 modules: revert lt_dlopenext() change 2016-01-06 01:57:24 -06:00
William Pitcock
4f0e3623ca ircd: fix linking on OS X 2016-01-06 01:40:48 -06:00
William Pitcock
79b525052b doc: fix make install 2016-01-06 01:34:41 -06:00
William Pitcock
30da589e9e modules: use lt_dlopenext() to make the config look nicer 2016-01-06 01:33:33 -06:00
William Pitcock
2a19fc3f57 general: remove last vestiges of static modules support (this hasn't ever actually worked...) 2016-01-06 01:28:20 -06:00
William Pitcock
46fded53d4 update buildsystem artifacts 2016-01-06 01:16:49 -06:00
William Pitcock
ff12cc9479 rename src to ircd, libcore to libircd 2016-01-06 01:16:08 -06:00
William Pitcock
df317d705b update NEWS 2016-01-05 21:43:14 -06:00
William Pitcock
0fa09b8024 documentation updates for libltdl 2016-01-05 21:41:03 -06:00
William Pitcock
f272e7abc7 modules: use libltdl to load the modules 2016-01-05 21:39:09 -06:00
William Pitcock
bc38c72ced buildsystem: build ircd itself as a library to allow removal of -undefined suppress on OS X 2016-01-05 21:31:21 -06:00
William Pitcock
c52df12552 buildsystem: convert to automake + libtool 2016-01-05 21:20:25 -06:00
William Pitcock
0191e3d3eb import latest libltdl 2016-01-05 20:23:56 -06:00
William Pitcock
f26219863a begin 3.6 development 2016-01-05 20:15:10 -06:00
581 changed files with 58835 additions and 201273 deletions

82
.github/workflows/ci.yml vendored Normal file
View file

@ -0,0 +1,82 @@
name: CI
on:
push:
branches:
- main
paths-ignore:
- 'doc/oper-guide/**'
- 'CREDITS'
- 'LICENSE'
- 'NEWS.md'
- 'README.md'
pull_request:
branches:
- main
paths-ignore:
- 'doc/oper-guide/**'
- 'CREDITS'
- 'LICENSE'
- 'NEWS.md'
- 'README.md'
jobs:
linux:
name: Linux
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
# Debian 10 Buster
- os: ubuntu-20.04
compiler: gcc-8
- os: ubuntu-20.04
compiler: clang-7
# Ubuntu 20.04 Focal
- os: ubuntu-20.04
compiler: gcc-9
- os: ubuntu-20.04
compiler: clang-10
# Debian 11 Bullseye
- os: ubuntu-22.04
compiler: gcc-10
- os: ubuntu-22.04
compiler: clang-11
# Ubuntu 22.04 Jammy
- os: ubuntu-22.04
compiler: gcc-11
- os: ubuntu-22.04
compiler: clang-14
# next
- os: ubuntu-22.04
compiler: gcc-12
env:
CC: ${{ matrix.compiler }}
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends \
${CC} \
automake \
autoconf \
libtool \
libsqlite3-dev \
libhyperscan-dev \
# EOF
- uses: actions/checkout@v2
- name: autogen.sh
run: bash autogen.sh
- name: configure
run: CFLAGS="-Werror -Wno-unused-value -Wno-unused-parameter" ./configure --enable-assert=hard --enable-warnings
- name: make
run: make -j2
- name: make check
run: make check
- name: make install
run: make install

29
.github/workflows/docs.yaml vendored Normal file
View file

@ -0,0 +1,29 @@
name: Oper Guide
on:
push:
branches:
- main
paths:
- 'doc/oper-guide/**'
pull_request:
branches:
- main
paths:
- 'doc/oper-guide/**'
jobs:
build:
runs-on: ubuntu-18.04
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends \
python-sphinx \
texinfo \
# EOF
- uses: actions/checkout@v2
- name: Build
run: make -C doc/oper-guide html man info

77
.gitignore vendored
View file

@ -1,6 +1,7 @@
tags
Makefile
*~
*.a
*.o
*.so
*.lo
@ -9,31 +10,71 @@ Makefile
*.log
*.sw?
.deps
.dirstamp
.libs
autom4te.cache
authd/authd
bandb/bandb
bandb/bantool
bandb/solanum-bantool
autom4te.cache
aclocal.m4
compile
confdefs.h
config.guess
config.sub
depcomp
ltmain.sh
missing
config.log
config.status
configure
stamp-h1
libltdl/
librb/configure
librb/compile
librb/depcomp
librb/aclocal.m4
librb/include/librb_config.h
librb/include/librb_config.h.in
librb/include/librb-config.h
librb/include/serno.h
librb/librb.pc
librb/ltmain.sh
librb/missing
librb/libratbox.pc
librb/libtool
librb/src/version.c
librb/src/version.c.last
scripts/*.tar.bz2
scripts/*.tar.gz
include/setup.h
libratbox/include/libratbox_config.h
libratbox/include/librb-config.h
libratbox/include/stamp-h1
libratbox/libratbox.pc
libratbox/libtool
libratbox/src/version.c
libratbox/src/version.c.last
scripts/*.tbz2
scripts/*.tgz
servlink/servlink
src/ircd
src/lex.yy.c
src/version.c
src/version.c.last
src/y.tab.h
src/y.tab.c
include/setup.h.in
ircd/solanum
ircd/ircd_parser.c
ircd/ircd_parser.h
ircd/ircd_lexer.c
ircd/version.c
ircd/version.c.last
ssld/ssld
wsockd/wsockd
testsuite/ircd.pid.*
tools/solanum-mkpasswd
tools/solanum-mkfingerprint
tools/genssl
tools/mkpasswd
tools/viconf
include/serno.h
ircd/solanum
ircd/version.c
ircd/version.c.last
/libtool
Makefile.in
m4/argz.m4
m4/libtool.m4
m4/ltargz.m4
m4/ltdl.m4
m4/ltoptions.m4
m4/ltsugar.m4
m4/ltversion.m4
m4/lt~obsolete.m4
*.dSYM/
*.exe

49
.indent.pro vendored
View file

@ -1,49 +0,0 @@
/* $Id: .indent.pro 238 2005-09-21 05:26:03Z nenolod $ */
/* copy this file to the source dir then run indent file.c */
--gnu-style
/* This is the indent before the brace not inside the block. */
--brace-indent0
/* Indent case: by 2 and braces inside case by 0(then by 0)... */
--case-brace-indentation0
--case-indentation2
--indent-level8
/* Put while() on the brace from do... */
--cuddle-do-while
/* Disable an annoying format... */
--no-space-after-function-call-names
/* Disable an annoying format... */
--dont-break-procedure-type
/* Disable an annoying format... */
--no-space-after-casts
--line-length200
/* typedefs */
-T boolean_t
-T node_t
-T list_t
-T tld_t
-T kline_t
-T EVH
-T sra_t
-T server_t
-T user_t
-T channel_t
-T chanuser_t
-T myuser_t
-T mychan_t
-T chanacs_t
-T CONFIGENTRY
-T CONFIGFILE
-T Block
-T MemBlock
-T BlockHeap

View file

@ -1,9 +1,14 @@
Aaron Sethman <androsyn@ratbox.org> androsyn <devnull@localhost>
Alexander Færøy <ahf@0x90.dk> Alexander F?r?y <ahf@0x90.dk>
Ariadne Conill <ariadne@dereferenced.org> <nenolod@atheme.org>
Ariadne Conill <ariadne@dereferenced.org> <nenolod@dereferenced.org>
Ariadne Conill <ariadne@dereferenced.org> nenolod <devnull@localhost>
Brett Greenham <taros@shadowircd.net> B.Greenham <taros@shadowircd.net>
Chris Mills <chris@chrisam.net> TheChrisAM <chris@chrisam.net>
Chris Mills <chris@chrisam.net> freenode!ChrisAM <chris@chrisam.net>
Elizabeth Jennifer Myers <elizabeth@sporksmoo.net> <elizabeth@sporksirc.net>
Elizabeth Myers <elizabeth@interlinked.me> <elizabeth@sporksirc.net>
Elizabeth Myers <elizabeth@interlinked.me> <elizabeth@sporksmoo.net>
Elizabeth Myers <elizabeth@interlinked.me> <spaz@whotookspaz.org>
Elly Fong-Jones <elly@leptoquark.net> Elly <elly@leptoquark.net>
Jilles Tjoelker <jilles@stack.nl> jilles <devnull@localhost>
Nathan Phillip Brink <binki@gentoo.org> <ohnobinki@ohnopublishing.net>
@ -13,5 +18,5 @@ Valeriy Yatsko <dwr@shadowircd.net> <darkwire@darkwire.ru>
Valeriy Yatsko <dwr@shadowircd.net> <darkwire@ircd-charybdis.ru>
Valeriy Yatsko <dwr@shadowircd.net> <darkwire@sellcenter.ru>
Valeriy Yatsko <dwr@shadowircd.net> <dwr@it-penza.org>
William Pitcock <nenolod@dereferenced.org> <nenolod@atheme.org>
William Pitcock <nenolod@dereferenced.org> nenolod <devnull@localhost>
Christine Dodrill <shadow.h511@gmail.com> <quora@lavabit.com>
Christine Dodrill <shadow.h511@gmail.com> <quorawings@gmail.com>

46
CREDITS
View file

@ -1,30 +1,28 @@
Charybdis started as an evolution from ircd-ratbox. Its development
is led by a team of dedicated developers who have put a lot of time
into the project, and it has seen use on a variety of different
network configurations.
Solanum is based on Charybdis, which was based on ircd-ratbox.
The charybdis core team is listed in nick-alphabetical order:
Development is led by a group of representatives from Libera Chat
and OFTC:
amdj, Aaron Jones <amdj@libera.chat>
dwfreed, Doug Freed <dwfreed@mtu.edu>
ilbelkyr, Nicole Kleinhoff <ilbelkyr@libera.chat>
mcintosh, Richie McIntosh <richiemcintosh@gmail.com>
Myon, Christoph Berg <myon@oftc.net>
spb, Stephen Bennet <spb@libera.chat>
tomaw, Tom Wesley <tom@tomaw.net>
The Charybdis team was:
amdj, Aaron Jones <aaronmdjones -at- gmail.com>
Ariadne, Ariadne Conill <ariadne -at- dereferenced.org>
Elizafox, Elizabeth Myers <elizabeth -at- interlinked.me>
jdhore, JD Horelick <jdhore1 -at- gmail.com>
jilles, Jilles Tjoelker <jilles -at- stack.nl>
mr_flea, Keith Buck <mr_flea -at- esper.net>
kaniini, William Pitcock <nenolod -at- dereferenced.org>
spb, Stephen Bennett <spb -at- attenuate.org>
viatsko, Valerii Iatsko <dwr -at- codingbox.io>
The following people have made contributions to the Charybdis releases,
in nick-alphabetical order:
A full list of contributors to Charybdis and its predecessors
is in doc/credits-past.txt.
AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
anfl, Lee Hardy <lee -at- leeh.co.uk>
beu, Elfyn McBratney <elfyn.mcbratney -at- gmail.com>
dwr, Valery Yatsko <dwr -at- shadowircd.net>
Elizacat, Elizabeth Myers <elizabeth -at- interlinked.me>
Entrope, Michael Poole <mdpoole -at- trolius.org>
gxti, Michael Tharp <gxti -at- partiallystapled.com>
jdhore, JD Horelick <jdhore1 -at- gmail.com>
Taros, Brett Greenham <taros -at- shadowircd.net>
ThaPrince, Jon Christopherson <jon -at- vile.com>
twincest, River Tarnell <river -at- attenuate.org>
w00t, Robin Burchell <surreal.w00t -at- gmail.com>
Visit the Charybdis website at: http://www.charybdis.io
Visit us on IRC at: irc.freenode.net #charybdis
Visit the Solanum website at: https://solanum.chat/
Visit us on IRC at: irc.libera.chat #solanum

View file

@ -1,6 +0,0 @@
The Charybdis GIT repository can be checked out using the following command:
git clone git://github.com/charybdis-ircd/charybdis.git charybdis-devel
Charybdis's GIT repository depot can be browsed over the internet at
the following address:
http://github.com/charybdis-ircd/charybdis

186
INSTALL
View file

@ -1,186 +0,0 @@
Charybdis INSTALL Document
$Id: INSTALL 3384 2007-04-03 22:45:04Z jilles $
Copyright (c) 2001 by ircd-hybrid team
Copyright (c) 2002-2004 ircd-ratbox development team
Copyright (c) 2005-2008 charybdis development team
----------------------------------------------------------------------
HOW TO BUILD
As of hybrid-4, the distribution uses GNU autoconf instead of the old
Config script. The Makefile has also been updated to include CFLAGS
defines for popular modern OSes.
1.
Read the NEWS file to find out about the exciting new features in
this version. Other good reads are BUGS, doc/ircd.conf.example, and
README.FIRST.
2.
Run the configure script. It will create include/setup.h and the
Makefiles to match your system. In ircd-ratbox, the paths are now handled
with the --prefix option to configure, not in config.h.
/usr/local/ircd is the default if no prefix is specified.
./configure --prefix="/usr/local/ircd"
Note: There are some special optional parameters to the configure
script that some admins may wish to use.
*
--enable-kqueue - Use the superior kqueue(2) system call as
opposed to the default poll(2). This is currently only available
on FreeBSD 4.1 or higher.
*
--enable-devpoll - Enable the superior /dev/poll support on
Solaris. Linux /dev/poll is broken and will not work with this
option.
*
--enable-epoll - Enable the superior Linux Edge-Triggered Polling
system. This is currently only available on 2.5 Linux kernel
versions or later.
*
--enable-openssl - Enable the openssl dependent crypto functions.
This will allow CHALLENGE to work and encrypted links. On systems
where the configure script can automatically detect OpenSSL, this
option is not necessary. If configure cannot find OpenSSL, you
must specify a path with this option
(--enable-openssl=/path/to/openssl)
*
--enable-ipv6 - Enable IPv6 support.
*
--enable-assert[=OPTION] - Enable some debugging code. OPTION is
either 'soft' or 'hard' (default: hard). 'hard' should never be
used on production servers as it may generate unnecessary cores.
'soft' prevents cores from being generated but still imposes some
additional load.
*
--enable-small-net - Tunes the server for smaller networks by
reducing the startup memory footprint. This should really only be
used for *small* networks, as this tends to be a performance hit
on larger networks.
*
--with-nicklen=LENGTH - Sets the maximum NICK length. Note that
this must be consistent across your entire network.
3.
make should build ircd.
4.
make install will install the server, modules, and tools in the
the prefix specified when configure was run.
5.
If you wish to enable the user log, oper log, and failed oper log,
issue these commands at the shell prompt (in the prefix directory)
$ touch logs/userlog
$ touch logs/operlog
$ touch logs/foperlog
Note: If you use different names in ircd.conf, you must 'touch' the
specific names.
----------------------------------------------------------------------
HOW TO GET HELP
Send Check or Money Order to... just kidding! You're on your own for
support. Try asking other ircd-ratbox admins on EFnet if you can't fix it
yourself. If you do fix anything, however, please send context or unified
diffs to ircd-ratbox@lists.ratbox.org so the fixes can be incorporated into
the next release of ircd-hybrid. If ratbox crashes on you, PLEASE contact
ircd-ratbox@lists.ratbox.org ASAP with a backtrace of the core.
DISCUSSION: There is a mailing list for discussion of ratbox issues,
To subscribe, visit:
http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox
----------------------------------------------------------------------
NOTES
The best way to get a backtrace of the core is to follow this sequence of
instructions:
1.
Change to the directory containing the core file
2.
Run gdb on the binary and the core file. With an unmodified ircd-ratbox
installation, an example command line is below (in the /usr/local/ircd
directory)
$ gdb bin/ircd ircd.core
3.
At the "(gdb)" prompt, enter the command "bt"
4.
Save the output of the backtrace command and send it to
ircd-ratbox@lists.ratbox.org
5.
Be sure to save the ircd binary, the modules, and the core file in a
safe place in case the developers need to look deeper than a backtrace
provides.
----------------------------------------------------------------------
OPENSSL NOTES
Older FreeBSD machines sometimes have the obsolete ports version of
OpenSSL libcrypto in /usr/local/lib. When configure is used with
--enable-openssl, and libintl is detected in /usr/local/lib, the
/usr/local/lib directory will be searched BEFORE the system /usr/lib for
libraries by the linker. The linker may try to link to the old
/usr/local/lib libcrypto instead of the system /usr/lib libcrypto. Some
older versions may cause error messages similar to the following:
gcc -g -O2 -DIRCD_PREFIX=\"/home/wcampbel/ircd\" -Wl,-export-dynamic
-L/usr/local/lib -o ircd blalloc.o channel.o vchannel.o class.o client.o
dline_conf.o event.o fdlist.o fileio.o hash.o irc_string.o ircd.o ircdauth.o
ircd_signal.o linebuf.o list.o listener.o m_error.o match.o memdebug.o
modules.o motd.o mtrie_conf.o oldparse.o numeric.o packet.o parse.o res.o rsa.o
restart.o s_auth.o s_bsd.o s_bsd_kqueue.o s_conf.o s_debug.o s_gline.o s_log.o
s_misc.o s_serv.o s_stats.o s_user.o scache.o send.o sprintf_irc.o tools.o
whowas.o lex.yy.o y.tab.o version.o -lintl -ldescrypt -lcrypto -lfl
rsa.o: In function `get_randomness':
/home/wcampbel/dev/ircd-ratbox/src/rsa.c(.text+0x60): undefined reference to
`RAND_pseudo_bytes'
/usr/local/lib/libcrypto.so: undefined reference to `ERR_load_RSAREF_strings'
/usr/local/lib/libcrypto.so: undefined reference to `RSA_PKCS1_RSAref'
*** Error code 1
If this is the case, you may need to rerun configure without the
--enable-openssl option, manually edit src/Makefile and modules/Makefile
to put -L/usr/lib before the -L/usr/local/lib in LDFLAGS, or remove the
old OpenSSL from /usr/local, and recompile all applications that use
libcrypto to use the system one.

View file

@ -1,4 +1,3 @@
# $Id: LICENSE 6 2005-09-10 01:02:21Z nenolod $
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

60
Makefile.am Normal file
View file

@ -0,0 +1,60 @@
AUTOMAKE_OPTIONS = foreign
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = librb
if BUILD_LTDL
SUBDIRS += libltdl
endif
SUBDIRS += ircd \
ssld \
wsockd \
authd \
bandb \
tests \
tools \
modules \
extensions \
help \
doc
BUILT_SOURCES = include/serno.h
include/serno.h:
@if [ -d .git ]; then \
revh=`git log -1 --date=format:%Y%m%d --pretty=format:%cd-%h`; \
datecode=`git log -1 --pretty=format:%ct`; \
if [ -n "$$revh" ]; then \
echo '#define SERNO "'$$revh'"' >include/serno.h ; \
echo "#define DATECODE $${datecode}UL" >>include/serno.h; \
fi \
fi
@if [ ! -f include/serno.h ]; then \
echo '#define SERNO "unknown"' >include/serno.h; \
echo '#define DATECODE 0UL' >>include/serno.h; \
fi
install-data-hook:
test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir}
install-exec-hook:
rm -f ${DESTDIR}${libdir}/*.la
rm -f ${DESTDIR}${moduledir}/*.la
rm -f ${DESTDIR}${moduledir}/autoload/*.la
rm -f ${DESTDIR}${moduledir}/extensions/*.la
rm -f ${DESTDIR}${libdir}/*.dll.a
rm -f ${DESTDIR}${moduledir}/*.dll.a
rm -f ${DESTDIR}${moduledir}/autoload/*.dll.a
rm -f ${DESTDIR}${moduledir}/extensions/*.dll.a
distclean-local:
rm -f librb/include/librb-config.h
clean-local:
rm -f include/serno.h
rm -f ircd/ircd_lexer.c
rm -f ircd/ircd_parser.c
rm -f ircd/ircd_parser.h
rm -f ircd/version.c
rm -f ircd/version.c.last

View file

@ -1,162 +0,0 @@
#************************************************************************
#* IRC - Internet Relay Chat, Makefile
#* Copyright (C) 1990, Jarkko Oikarinen
#*
#* This program is free software; you can redistribute it and/or modify
#* it under the terms of the GNU General Public License as published by
#* the Free Software Foundation; either version 1, or (at your option)
#* any later version.
#*
#* This program is distributed in the hope that it will be useful,
#* but WITHOUT ANY WARRANTY; without even the implied warranty of
#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
#* GNU General Public License for more details.
#*
#* You should have received a copy of the GNU General Public License
#* along with this program; if not, write to the Free Software
#* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#*
#* $Id: Makefile.in 1347 2006-05-17 14:49:13Z nenolod $
#*/
RM=@RM@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
mandir = @mandir@
libdir = @libdir@
pkglibdir = @pkglibdir@
moduledir = @moduledir@
helpdir = @helpdir@
sysconfdir = @sysconfdir@
logdir = @logdir@
rundir = @rundir@
pkgrundir = @pkgrundir@
localstatedir = @localstatedir@
pkglocalstatedir= @pkglocalstatedir@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
# Default CFLAGS
# CFLAGS = -g -O2 -DNDEBUG
CFLAGS = @CFLAGS@
# Developers CFLAGS
#CFLAGS= -g -O2 -Wunused -Wall -ggdb -pedantic -Wshadow -Wmissing-declarations
# Default make flags - you may want to uncomment this on a multicpu machine
#MFLAGS = -j 4
#
# For developers
#CFLAGS= -g -O2 -Wall
# You may need to define the FD_SETSIZE in order to overrule
# the system one.
#CFLAGS= -DNDEBUG -g -O2 -D"FD_SETSIZE=1024"
SHELL=/bin/sh
# `extensions' must be after `modules' for proper creation of $(moduledir).
SUBDIRS=libratbox modules extensions src tools ssld bandb doc help
CLEANDIRS = ${SUBDIRS}
RSA_FILES=rsa_respond/README rsa_respond/respond.c rsa_respond/Makefile
all: build
autoconf: configure.ac
autoconf
autoheader
${RM} -f config.cache
build:
-@if [ ! -f include/setup.h ] ; then \
echo "Hmm...doesn't look like you've run configure..."; \
echo "Doing so now."; \
sh configure; \
fi
@if [ -d .git ] ; then \
revh=`git log -1 --date=short --pretty=format:%cd_%h 2>/dev/null | sed -e s/-//g -e s/_/-/`;\
[ -z "$$revh" ] || echo '#define SERNO "'$$revh'"' >include/serno.h ; \
elif [ -d .hg ] ; then \
revh=`hg parents --template '{date|shortdate}_{node|short}' 2>/dev/null | sed -e s/-//g -e s/_/-/`;\
[ -z "$$revh" ] || echo '#define SERNO "'$$revh'"' >include/serno.h ; \
fi
@[ -f include/serno.h ] || echo '#define SERNO "unknown"' >include/serno.h
@for i in $(SUBDIRS); do \
echo "build ==> $$i";\
cd $$i;\
${MAKE} || exit; cd ..;\
done
clean:
${RM} -f *~ core rsa_respond.tar rsa_respond.tar.gz
@for i in $(CLEANDIRS); do \
echo "clean ==> $$i";\
cd $$i;\
${MAKE} clean; cd ..;\
done
-@if [ -f include/setup.h ] ; then \
echo "To really restart installation, make distclean" ; \
fi
distclean:
${RM} -f Makefile *~ *.rej *.orig core ircd.core
${RM} -f config.status config.cache config.log
cd include; ${RM} -f setup.h *~ *.rej *.orig ; cd ..
@for i in $(CLEANDIRS); do \
echo "distclean ==> $$i";\
cd $$i;\
${MAKE} distclean; cd ..;\
done
depend:
@[ -f include/serno.h ] || echo '#define SERNO "unknown"' >include/serno.h
@for i in $(SUBDIRS); do \
echo "depend ==> $$i";\
cd $$i;\
${MAKE} depend; cd ..;\
done
lint:
@for i in $(SUBDIRS); do \
echo "lint ==> $$i";\
cd $$i;\
${MAKE} lint; cd ..;\
done
install-mkdirs:
@echo "ircd: setting up ircd directory structure"
-@if test ! -d $(DESTDIR)$(prefix); then \
mkdir -p -m 755 $(DESTDIR)$(prefix); \
fi
-@if test ! -d $(DESTDIR)$(bindir); then \
mkdir -p -m 755 $(DESTDIR)$(bindir); \
fi
-@if test ! -d $(DESTDIR)$(sysconfdir); then \
mkdir -p -m 755 $(DESTDIR)$(sysconfdir); \
fi
-@if test ! -d $(DESTDIR)$(mandir); then \
mkdir -p -m 755 $(DESTDIR)$(mandir); \
fi
-@if test ! -d $(DESTDIR)$(logdir); then \
mkdir -p -m 755 $(DESTDIR)$(logdir); \
fi
-@if test ! -d '$(DESTDIR)$(pkgrundir)'; then \
mkdir -p -m 755 '$(DESTDIR)$(pkgrundir)'; \
fi
-@if test ! -d '$(DESTDIR)$(pkglocalstatedir)'; then \
mkdir -p -m 755 '$(DESTDIR)$(pkglocalstatedir)'; \
fi
install: install-mkdirs all
@for i in $(SUBDIRS); do \
echo "install ==> $$i";\
cd $$i;\
${MAKE} install; \
cd ..; \
done
rsa_respond:
@cd tools;\
echo "Creating rsa_respond.tar.gz";\
tar cf ../rsa_respond.tar $(RSA_FILES);\
cd ..;\
gzip rsa_respond.tar

197
NEWS.md
View file

@ -1,8 +1,203 @@
# News
This is charybdis 3.5.0, Copyright (c) 2005-2016 Charybdis team.
This is solanum 1.0-dev.
See LICENSE for licensing details (GPL v2).
## solanum-1.0
Includes changes from charybdis-4.1.3-dev.
**This release includes breaking changes from charybdis 4.x.** Please pay close attention to
bolded warnings in the full release notes below.
### build
- Add `--with-asan` to configure to produce an ASan instrumented build
### server protocol
- **Breaking:** Don't implicitly abort SASL when connection registration handshake completes;
requires updating atheme to include https://github.com/atheme/atheme/pull/833.
- OPER is now propagated globally, as :operator OPER opername privset
### user
- **Breaking:** invite-notify is now enabled by loading the invite-notify extension
- Prioritise older, more important client capabilities for clients that can only accept
one line of CAP LS
- Add the solanum.chat/realhost vendor capability (provided by extensions/cap\_realhost)
- Add the solanum.chat/identify-msg vendor capability (provided by extensions/identify\_msg)
- Server-side aliases preserve protocol framing characters
- Add the +G user mode for soft callerid (implicitly allow users with a common channel)
- /invite no longer punches through callerid
- invite-notify now works
- Rejectcached users are now sent the reason of the ban that caused their reject in most cases
- Rejectcache entries expire when their corresponding K-lines do
- One-argument /stats and zero-argument /motd are no longer ratelimited
- Channel bans don't see through IP spoofs
- Global /names now respects userhost-in-names
- The `$j` extban is no longer usable inside ban exceptions
- TLSv1 connections are accepted. They can still be disabled using OpenSSL config if you don't
want them. TLSv1 existing is not thought to be a threat to up-to-date clients.
### oper
- **Breaking:** Kick immunity for override is now its own extension, override\_kick\_immunity
- **Breaking:** /stats A output now follows the same format as other stats letters
- **Breaking:** helpops now uses +h instead of +H
- **Breaking:** sno\_whois and the spy\_ extensions have been removed
- **Breaking:** Using /wallops now requires the oper:wallops privilege instead of oper:massnotice
- Opers now have their privset (identified by name) on remote servers
- Oper-only umodes are refreshed after rehash and /grant
- Extension modules can be reloaded
- Override no longer spams about being enabled/disabled. It continues to spam on each use.
- Add /testkline, which has the same syntax as /testline but doesn't check if the mask is ilined
- /privs is now remote-capable and can respond with more than one line
- Most commands now respect oper hiding
- Massnotice (notice/privmsg to $$.../$#...) now alerts opers
- Massnotice no longer imposes any restrictions on the target mask
- /kline and /dline are hardened to invalid inputs
- K/D-lines are more consistent about checking for encoded ipv4-in-ipv6 addresses
- Add extensions/drain to reject new connections
- Add extensions/filter to filter messages, parts and quits with a Hyperscan database
- Add extensions/sasl\_usercloak to interpolate SASL account names into I-line spoofs
### conf
- **Breaking:** Completely overhaul oper privs. All privset configs will need to be rewritten.
See reference.conf for details.
- Add the `kline_spoof_ip` I-line flag to make any spoof opaque to K-line matching
- Add general::hide\_tkline\_duration to remove durations from user-visible ban reasons
- Add general::hide\_opers, which behaves as if all opers have oper:hidden
- Add general::post\_registration\_delay
- Add general::tls\_ciphers\_oper\_only to hide TLS cipher details in /whois
- Add channel::opmod\_send\_statusmsg to send messages allowed by +z to @#channel
- Add class::max\_autoconn, with the behaviour of class::max\_number for servers prior to
charybdis 4
- Add `secure {}` blocks. Networks listed in a secure block gain +Z and can match `need_ssl` I-
and O-lines.
- Remove general::kline\_delay
- If m\_webirc is loaded, connections that try to use a webirc auth block as their I-line will
be disconnected on registration
### misc
- **Breaking:** WEBIRC now processes the "secure" option as specified by IRCv3. Web gateways that
do not set this option will need to be updated or their connections will show as insecure.
- Successfully changing IP with WEBIRC now drops an identd username
### code
- Channel lists are now kept sorted. A for-loop macro, `ITER_COMM_CHANNELS`, is introduced to
efficiently compare two such lists.
## charybdis-4.1.2
### user
- src/s\_user.c: don't corrupt usermodes on module unload/reload
## charybdis-4.1.1
### security
- Fix an issue with the PASS command and duplicate server instances.
### misc
- Fix connection hang with blacklist/opm when ident is disabled.
- Improve SASL CAP notification when the services server disconnects.
- MbedTLS: Support ChaCha20-Poly1305 in default cipher suites.
## charybdis-4.1
### misc
- SCTP is now supported for server connections (and optionally, user connections)
## charybdis-4.0.1
### server protocol
- SJOIN messages were being constructed in a 1024 byte buffer and truncated to 512 bytes
when sending. This caused channels with more than 50 users to fail to propagate all of
them during a net join.
## charybdis-4.0
### build
- Build system has been converted to libtool + automake for sanity reasons.
- The compile date is now set at configure time rather than build time, allowing for
reproducible builds. (#148, #149)
- Support for GNUTLS 3.4 has been added.
### user
- Import the ability to exceed MAXCHANNELS from ircd-seven.
- Implement IRCv3.2 enhanced capability negotiation (`CAP LS 302`).
- Implement support for receiving and sending IRCv3 message tags.
- Implement IRCv3.2 capabilities: (#141)
- account-tag
- echo-message
- invite-notify
- sasl
- server-time
- SASL: certificate fingerprints are now always sent to the SASL agent, allowing for
the certificate to be used as a second authentication factor.
### oper
- Merge several features from ircd-seven:
- Implement support for remote DIE/RESTART.
- Implement support for remote MODLOAD et al commands.
- Add the GRANT command which allows for temporarily opering a client.
- Implement the hidden oper-only channel modes framework.
- Implement a channel mode that disallows kicking IRC operators (+M).
- Enhance the oper override system, allowing more flexibility and detail
in network-wide notices.
- DNS, ident, and blacklist lookups have been moved to a dedicated daemon known
as authd. Some cosmetic changes to blacklist statistics and rejection notices
have resulted.
- An experimental OPM scanner has been added to authd. Plaintext SOCKS4,
SOCKS5, and HTTP CONNECT proxies can be checked for.
- The LOCOPS command has been moved from core to an extension.
- All core modules in charybdis have descriptions, which are shown in MODLIST.
- Suffixes should not be used when doing /MODLOAD, /MODUNLOAD, /MODRELOAD, etc.
### misc
- Support for WebSocket has been added, use the listen::wsock option to switch
a listener into websocket mode.
### conf
- Add the ability to strip color codes from topics unconditionally.
- The obsolete hub option from server info has been removed.
### docs
- The documentation has been cleaned up; obsolete files have been purged, and
files have been renamed and shuffled around to be more consistent.
### code
- `common.h` is gone. Everything useful in it was moved to `ircd_defs.h`.
- `config.h` is gone; the few remaining knobs in it were not for configuration
by mere mortals, and mostly existed as a 2.8 relic. Most of the knobs live in
`defaults.h`, but one is well-advised to stay away unless they know exactly
what they are doing.
- A new module API has been introduced, known as AV2. It includes things such as
module datecodes (to ensure modules don't fall out of sync with the code),
module descriptions, and other fun things.
- Alias and module commands are now in m_alias and m_modules, respectively, and
can be reloaded if need be. For sanity reasons, m_modules is a core module,
and cannot be unloaded.
- irc_dictionary and irc_radixtree related functions are now in librb, and
prefixed accordingly. Typedefs have been added for consistency with existing
data structures. For example, now you would write `rb_dictionary *foo` and
`RB_DICTIONARY_FOREACH`.
- C99 bools are now included and used in the code. Don't use ints as simple true
or false flags anymore. In accordance with this change, the `YES`/`NO` and
`TRUE`/`FALSE` macros have been removed.
- Return types from command handlers have been axed, as they have been useless
for years.
- libratbox has been renamed to librb, as we have diverged from upstream long
ago.
- Almost all 2.8-style hashtable structures have been moved to dictionaries or
radix trees, resulting in significant memory savings.
- The block allocator has been disabled and is no longer used.
- The ratbox client capabilities have been ported to use the ircd capabilities
framework, allowing for modules to provide capabilities.
- Support for restarting ssld has been added. ssld processes which are still
servicing clients will remain in use, but not service new connections, and
are garbage collected when they are no longer servicing connections.
- Support for ratbox-style 'iodebug' hooks has been removed.
- New channel types may be added by modules, see `extensions/chantype_dummy.c`
for a very simple example.
## charybdis-3.5.0
### server protocol

110
README.md
View file

@ -1,66 +1,94 @@
# charybdis
# solanum ![Build Status](https://github.com/solanum-ircd/solanum/workflows/CI/badge.svg)
Charybdis is a reference implementation of the IRCv3.1 server component. It is meant to be
used with an IRCv3-capable services implementation such as [Atheme][atheme] or [Anope][anope].
Solanum is an IRCv3 server designed to be highly scalable. It implements IRCv3.1 and some parts of IRCv3.2.
[atheme]: http://www.atheme.net/
It is meant to be used with an IRCv3-capable services implementation such as [Atheme][atheme] or [Anope][anope].
[atheme]: https://atheme.github.io/
[anope]: http://www.anope.org/
# necessary requirements
* A supported platform
* A working dynamic load library.
* A working lex. Solaris /usr/ccs/bin/lex appears to be broken, on this system flex should be used.
* A working dynamic library system
* A working lex and yacc - flex and bison should work
# platforms
Solanum is developed on Linux with glibc, but is currently portable to most POSIX-compatible operating systems.
However, this portability is likely to be removed unless someone is willing to maintain it. If you'd like to be that
person, please let us know on IRC.
# platform specific errata
These are known issues and workarounds for various platforms.
* **macOS**: you must set the `LIBTOOLIZE` environment variable to point to glibtoolize before running autogen.sh:
```bash
brew install libtool
export LIBTOOLIZE="/usr/local/bin/glibtoolize"
./autogen.sh
```
* **FreeBSD**: if you are compiling with ipv6 you may experience
problems with ipv4 due to the way the socket code is written. To
fix this you must: `sysctl net.inet6.ip6.v6only=0`
* **Solaris**: you may have to set your `PATH` to include `/usr/gnu/bin` and `/usr/gnu/sbin` before `/usr/bin`
and `/usr/sbin`. Solaris's default tools don't seem to play nicely with the configure script. When running
as a 32-bit binary, it should be started as:
```bash
ulimit -n 4095 ; LD_PRELOAD_32=/usr/lib/extendedFILE.so.1 ./solanum
```
# building
```bash
sudo apt install build-essential pkg-config automake libtool libsqlite3-dev # or equivalent for your distribution
./autogen.sh
./configure --prefix=/path/to/installation
make
make check # run tests
make install
```
See `./configure --help` for build options.
# feature specific requirements
* For SSL/TLS client and server connections, one of:
* OpenSSL 1.0 or newer
* LibreSSL
* mbedTLS
* GnuTLS
* OpenSSL 1.0.0 or newer (`--enable-openssl`)
* LibreSSL (`--enable-openssl`)
* mbedTLS (`--enable-mbedtls`)
* GnuTLS (`--enable-gnutls`)
* For certificate-based oper CHALLENGE, OpenSSL 1.0 or newer.
* For certificate-based oper CHALLENGE, OpenSSL 1.0.0 or newer.
(Using CHALLENGE is not recommended for new deployments, so if you want to use a different TLS library,
feel free.)
* For ECDHE, OpenSSL 1.0.0 or newer is required. RHEL/Fedora and derivatives like CentOS
will need to compile OpenSSL from source, as ECC/ECDHE-functionality is removed from
the OpenSSL package in these distributions.
* For ECDHE under OpenSSL, on Solaris you will need to compile your own OpenSSL on these systems, as they
have removed support for ECC/ECDHE. Alternatively, consider using another library (see above).
# tips
* To report bugs in charybdis, visit us at irc.freenode.net #charybdis
* To report bugs in Solanum, visit us at `#solanum` on [Libera Chat](https://libera.chat)
* Please read doc/index.txt to get an overview of the current documentation.
* Please read [doc/readme.txt](doc/readme.txt) to get an overview of the current documentation.
* The files, /etc/services, /etc/protocols, and /etc/resolv.conf, SHOULD be
* Read the [NEWS.md](NEWS.md) file for what's new in this release.
* The files, `/etc/services`, `/etc/protocols`, and `/etc/resolv.conf`, SHOULD be
readable by the user running the server in order for ircd to start with
the correct settings. If these files are wrong, charybdis will try to use
127.0.0.1 for a resolver as a last-ditch effort.
the correct settings. If these files are wrong, Solanum will try to use
`127.0.0.1` for a resolver as a last-ditch effort.
* FREEBSD USERS: if you are compiling with ipv6 you may experience
problems with ipv4 due to the way the socket code is written. To
fix this you must: "sysctl net.inet6.ip6.v6only=0"
# git access
* SOLARIS USERS: this code appears to tickle a bug in older gcc and
egcs ONLY on 64-bit Solaris7. gcc-2.95 and SunPro C on 64bit should
work fine, and any gcc or SunPro compiled on 32bit.
* The Solanum git repository can be checked out using the following command:
`git clone https://github.com/solanum-ircd/solanum`
* SUPPORTED PLATFORMS: this code should compile without any warnings on:
* FreeBSD 10
* Gentoo & Gentoo Hardened ~x86/~amd64/~fbsd
* RHEL 6 / 7
* Debian Jessie
* OpenSuSE 11/12
* OpenSolaris 2008.x?
* Solaris 10 sparc.
Please let us know if you find otherwise.
It probably does not compile on AIX, IRIX or libc5 Linux.
* Please read NEWS for information about what is in this release.
* Other files recommended for reading: BUGS, INSTALL
* Solanum's git repository can be browsed over the Internet at the following address:
https://github.com/solanum-ircd/solanum

61
TODO
View file

@ -1,61 +0,0 @@
/ = in progress, x = done, ? = to be discussed, F = charybdis3.1 or next releases
[/] finish legacy code removal
[x] remove 2.8 report_error() in ratbox imported stuff
[F] client.c, channel.c is very 2.8 style still. it'd be nice to pack them into their own
namespace and such. moreover, the other 2.8 code needs similar rewriting/reworking too...
[x] merge m_join.c and m_sjoin.c in one module (same functions, done in ratbox3)
[ ] rewrite s_auth.c
[ ] authentication state/lock manager
[ ] move resolver/auth checker code into separated modules
[x] port to libratbox
[x] get it running
[x] clean up maxconnections kludges &c
[x] in-process SSL
[x] port and use ratbox ssld for server links
[x] merge with libratbox SVN
[x] ssl stuff
[x] client-to-client ssl
[x] server-to-server ssl
[x] ssl usermode (+Z)
[x] ssl channelmode (done by extban and chm_compat)
[x] tool for generating ssl certificates and other stuff
[x] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too)
[x] merge some stuff from ircd-seven directly (to be determined what)
[x] remote d:lines support
[x] PASS selector:password for auth{} (useful for dynamic IPs)
[ ] kline/xline/resv sync (what about spb's extension?)
[x] drop non-TS6 (legacy protocol) support
[?] Patch or core-feature - libguess on-fly any-charset-to-utf8 translation
[x] module engine rework
[?] MODULE_DEPEND and MODULE_CONFLICT for building extension dependencies (backport from shadowircd)
[x] more beautiful way of adding new channel modes by module
[x] basic functionality
[x] some example modules
[x] another idea is too make that work with privilege groups, like "serveradmins" or "ircops"
[ ] make nick/user/host validation functions/match tables able to work in separated modules,
this will help us making support for native characters sets/slashes in host etc
[ ] auth checker module
[ ] resolver module
[x] privilege system for privilege groups, something like
in .conf: helper { kill_global, rehash, kline_local }
in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done
-- this is done kinda like this, but not really. See HasPrivilege() calls. privilege_add() was not needed ~nenolod
[x] Remove glines entirely
[/] test suite as in ircu
[?] win32
[?] mingw support
[R] win32 native support - VS doesn't follow C99, this will require us switching back to C89 with libratbox and (future) core
[x] Bug fixes
[x] Compilation without zlib headers fails - fixed
[x] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage
[ ] Improvments
[ ] ircd shouldn't need bison/byacc/yacc or flex for compilation
--- other stuff
[?] internally split out +o/+v "ranks" into a series of permissions. this could allow for configure-defined
special access levels, halfops, etc. (would need to match globally, somehow. extra SVINFO param?)
might be backported from shadowircd in future (chanroles planned)
[?] somehow hide channel operators like ircnet can do?
couldn't be done via extension currently - compilation-time option acceptable?
[x] create chmode.h and put there all declarations of chm_* - this will make some modules clean
[?] Move oper override server WALLOPS to global server notices?

16
aclocal.m4 vendored
View file

@ -1,16 +0,0 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
m4_include([m4/charybdis.m4])
m4_include([m4/pkg.m4])

17
authd/Makefile.am Normal file
View file

@ -0,0 +1,17 @@
pkglibexec_PROGRAMS = authd
AM_CFLAGS=$(WARNFLAGS)
AM_CPPFLAGS = -I../include -I../librb/include
authd_SOURCES = \
authd.c \
dns.c \
notice.c \
provider.c \
res.c \
reslib.c \
providers/dnsbl.c \
providers/ident.c \
providers/rdns.c \
providers/opm.c
authd_LDADD = ../librb/src/librb.la

216
authd/authd.c Normal file
View file

@ -0,0 +1,216 @@
/* authd/authd.c - main code for authd
* Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "authd.h"
#include "dns.h"
#include "provider.h"
#include "notice.h"
#define MAXPARA 10
static void error_cb(rb_helper *helper) __attribute__((noreturn));
static void handle_reload(int parc, char *parv[]);
static void handle_stat(int parc, char *parv[]);
static void handle_options(int parc, char *parv[]);
rb_helper *authd_helper = NULL;
authd_cmd_handler authd_cmd_handlers[256] = {
['C'] = handle_new_connection,
['D'] = handle_resolve_dns,
['E'] = handle_cancel_connection,
['O'] = handle_options,
['R'] = handle_reload,
['S'] = handle_stat,
};
authd_stat_handler authd_stat_handlers[256] = {
['D'] = enumerate_nameservers,
};
authd_reload_handler authd_reload_handlers[256] = {
['D'] = reload_nameservers,
};
rb_dictionary *authd_option_handlers;
static void
handle_stat(int parc, char *parv[])
{
authd_stat_handler handler;
unsigned long long rid;
if(parc < 3)
{
warn_opers(L_CRIT, "BUG: handle_stat received too few parameters (at least 3 expected, got %d)", parc);
return;
}
if((rid = strtoull(parv[1], NULL, 16)) > UINT32_MAX)
{
warn_opers(L_CRIT, "BUG: handle_stat got a rid that was too large: %s", parv[1]);
return;
}
if (!(handler = authd_stat_handlers[(unsigned char)parv[2][0]]))
return;
handler((uint32_t)rid, parv[2][0]);
}
static void
handle_options(int parc, char *parv[])
{
struct auth_opts_handler *handler;
if(parc < 2)
{
warn_opers(L_CRIT, "BUG: handle_options received too few parameters (at least 2 expected, got %d)", parc);
return;
}
if((handler = rb_dictionary_retrieve(authd_option_handlers, parv[1])) == NULL)
{
warn_opers(L_CRIT, "BUG: handle_options got a bad option type %s", parv[1]);
return;
}
if((parc - 2) < handler->min_parc)
{
warn_opers(L_CRIT, "BUG: handle_options received too few parameters (at least %d expected, got %d)", handler->min_parc, parc);
return;
}
handler->handler(parv[1], parc - 2, (const char **)&parv[2]);
}
static void
handle_reload(int parc, char *parv[])
{
authd_reload_handler handler;
if(parc <= 2)
{
/* Reload all handlers */
for(size_t i = 0; i < 256; i++)
{
if ((handler = authd_reload_handlers[(unsigned char) i]) != NULL)
handler('\0');
}
return;
}
if (!(handler = authd_reload_handlers[(unsigned char)parv[1][0]]))
return;
handler(parv[1][0]);
}
static void
parse_request(rb_helper *helper)
{
static char *parv[MAXPARA + 1];
static char readbuf[READBUF_SIZE];
int parc;
int len;
authd_cmd_handler handler;
while((len = rb_helper_read(helper, readbuf, sizeof(readbuf))) > 0)
{
parc = rb_string_to_array(readbuf, parv, MAXPARA);
if(parc < 1)
continue;
handler = authd_cmd_handlers[(unsigned char)parv[0][0]];
if (handler != NULL)
handler(parc, parv);
}
}
static void
error_cb(rb_helper *helper)
{
exit(EX_ERROR);
}
static void
dummy_handler(int sig)
{
return;
}
static void
setup_signals(void)
{
struct sigaction act;
act.sa_flags = 0;
act.sa_handler = SIG_IGN;
sigemptyset(&act.sa_mask);
sigaddset(&act.sa_mask, SIGPIPE);
sigaddset(&act.sa_mask, SIGALRM);
#ifdef SIGTRAP
sigaddset(&act.sa_mask, SIGTRAP);
#endif
#ifdef SIGWINCH
sigaddset(&act.sa_mask, SIGWINCH);
sigaction(SIGWINCH, &act, 0);
#endif
sigaction(SIGPIPE, &act, 0);
#ifdef SIGTRAP
sigaction(SIGTRAP, &act, 0);
#endif
act.sa_handler = dummy_handler;
sigaction(SIGALRM, &act, 0);
}
int
main(int argc, char *argv[])
{
setup_signals();
authd_helper = rb_helper_child(parse_request, error_cb, NULL, NULL, NULL, 256, 256, 256); /* XXX fix me */
if(authd_helper == NULL)
{
fprintf(stderr, "authd is not meant to be invoked by end users\n");
exit(EX_ERROR);
}
rb_set_time();
setup_signals();
authd_option_handlers = rb_dictionary_create("authd options handlers", rb_strcasecmp);
init_resolver();
init_providers();
rb_init_prng(NULL, RB_PRNG_DEFAULT);
rb_helper_loop(authd_helper, 0);
/*
* XXX this function will never be called from here -- is it necessary?
*/
destroy_providers();
return 0;
}

59
authd/authd.h Normal file
View file

@ -0,0 +1,59 @@
/* authd/dns.h - header for authd DNS functions
* Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _AUTHD_H
#define _AUTHD_H
#include "stdinc.h"
#include "rb_lib.h"
#include "rb_dictionary.h"
#include "setup.h"
#include "ircd_defs.h"
typedef enum exit_reasons
{
EX_ERROR = 1,
EX_DNS_ERROR = 2,
EX_PROVIDER_ERROR = 3,
} exit_reasons;
typedef void (*provider_opts_handler_t)(const char *, int, const char **);
struct auth_opts_handler
{
const char *option;
int min_parc;
provider_opts_handler_t handler;
};
extern rb_helper *authd_helper;
typedef void (*authd_cmd_handler)(int parc, char *parv[]);
typedef void (*authd_stat_handler)(uint32_t rid, const char letter);
typedef void (*authd_reload_handler)(const char letter);
extern authd_cmd_handler authd_cmd_handlers[256];
extern authd_stat_handler authd_stat_handlers[256];
extern authd_reload_handler authd_reload_handlers[256];
extern rb_dictionary *authd_option_handlers;
#endif

303
authd/dns.c Normal file
View file

@ -0,0 +1,303 @@
/* authd/dns.c - authd DNS functions
* Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "authd.h"
#include "dns.h"
#include "notice.h"
#include "res.h"
static void handle_lookup_ip_reply(void *data, struct DNSReply *reply);
static void handle_lookup_hostname_reply(void *data, struct DNSReply *reply);
uint64_t query_count = 0;
/* A bit different from ircd... you just get a dns_query object.
*
* It gets freed whenever the res code gets back to us.
*/
struct dns_query *
lookup_ip(const char *host, int aftype, DNSCB callback, void *data)
{
struct dns_query *query = rb_malloc(sizeof(struct dns_query));
int g_type;
if(aftype == AF_INET)
{
query->type = QUERY_A;
g_type = T_A;
}
else if(aftype == AF_INET6)
{
query->type = QUERY_AAAA;
g_type = T_AAAA;
}
else
{
rb_free(query);
return NULL;
}
query->id = query_count++;
query->callback = callback;
query->data = data;
query->query.ptr = query;
query->query.callback = handle_lookup_ip_reply;
gethost_byname_type(host, &query->query, g_type);
return query;
}
/* See lookup_ip's comment */
struct dns_query *
lookup_hostname(const char *ip, DNSCB callback, void *data)
{
struct dns_query *query = rb_malloc(sizeof(struct dns_query));
int aftype;
if(!rb_inet_pton_sock(ip, &query->addr))
{
rb_free(query);
return NULL;
}
aftype = GET_SS_FAMILY(&query->addr);
if(aftype == AF_INET)
query->type = QUERY_PTR_A;
else if(aftype == AF_INET6)
query->type = QUERY_PTR_AAAA;
else
{
rb_free(query);
return NULL;
}
query->id = query_count++;
query->callback = callback;
query->data = data;
query->query.ptr = query;
query->query.callback = handle_lookup_hostname_reply;
gethost_byaddr(&query->addr, &query->query);
return query;
}
/* Cancel a pending query */
void
cancel_query(struct dns_query *query)
{
query->callback = query->data = NULL;
}
/* Callback from gethost_byname_type */
static void
handle_lookup_ip_reply(void *data, struct DNSReply *reply)
{
struct dns_query *query = data;
char ip[HOSTIPLEN] = "*";
if(query == NULL)
{
/* Shouldn't happen */
warn_opers(L_CRIT, "DNS: handle_lookup_ip_reply: query == NULL!");
exit(EX_DNS_ERROR);
}
if(reply == NULL)
goto end;
switch(query->type)
{
case QUERY_A:
if(GET_SS_FAMILY(&reply->addr) == AF_INET)
rb_inet_ntop_sock((struct sockaddr *)&reply->addr, ip, sizeof(ip));
break;
case QUERY_AAAA:
if(GET_SS_FAMILY(&reply->addr) == AF_INET6)
{
rb_inet_ntop_sock((struct sockaddr *)&reply->addr, ip, sizeof(ip));
if(ip[0] == ':')
{
memmove(&ip[1], ip, strlen(ip));
ip[0] = '0';
}
}
break;
default:
warn_opers(L_CRIT, "DNS: handle_lookup_ip_reply: unknown query type %d",
query->type);
exit(EX_DNS_ERROR);
}
end:
if(query->callback)
query->callback(ip, ip[0] != '*', query->type, query->data);
rb_free(query);
}
/* Callback from gethost_byaddr */
static void
handle_lookup_hostname_reply(void *data, struct DNSReply *reply)
{
struct dns_query *query = data;
char *hostname = NULL;
if(query == NULL)
{
/* Shouldn't happen */
warn_opers(L_CRIT, "DNS: handle_lookup_hostname_reply: query == NULL!");
exit(EX_DNS_ERROR);
}
if(reply == NULL)
goto end;
if(query->type == QUERY_PTR_A)
{
struct sockaddr_in *ip, *ip_fwd;
ip = (struct sockaddr_in *) &query->addr;
ip_fwd = (struct sockaddr_in *) &reply->addr;
if(ip->sin_addr.s_addr == ip_fwd->sin_addr.s_addr)
hostname = reply->h_name;
}
else if(query->type == QUERY_PTR_AAAA)
{
struct sockaddr_in6 *ip, *ip_fwd;
ip = (struct sockaddr_in6 *) &query->addr;
ip_fwd = (struct sockaddr_in6 *) &reply->addr;
if(memcmp(&ip->sin6_addr, &ip_fwd->sin6_addr, sizeof(struct in6_addr)) == 0)
hostname = reply->h_name;
}
else
{
/* Shouldn't happen */
warn_opers(L_CRIT, "DNS: handle_lookup_hostname_reply: unknown query type %d",
query->type);
exit(EX_DNS_ERROR);
}
end:
if(query->callback)
query->callback(hostname, hostname != NULL, query->type, query->data);
rb_free(query);
}
static void
submit_dns_answer(const char *reply, bool status, query_type type, void *data)
{
char *id = data;
if(!id || type == QUERY_INVALID)
{
warn_opers(L_CRIT, "DNS: submit_dns_answer gave us a bad query");
exit(EX_DNS_ERROR);
}
if(reply == NULL || status == false)
{
rb_helper_write(authd_helper, "E %s E %c *", id, type);
rb_free(id);
return;
}
rb_helper_write(authd_helper, "E %s O %c %s", id, type, reply);
rb_free(id);
}
void
handle_resolve_dns(int parc, char *parv[])
{
char *id = rb_strdup(parv[1]);
char qtype = *parv[2];
char *record = parv[3];
int aftype = AF_INET;
switch(qtype)
{
case '6':
aftype = AF_INET6;
case '4':
if(!lookup_ip(record, aftype, submit_dns_answer, id))
submit_dns_answer(NULL, false, qtype, NULL);
break;
case 'S':
case 'R':
if(!lookup_hostname(record, submit_dns_answer, id))
submit_dns_answer(NULL, false, qtype, NULL);
break;
default:
warn_opers(L_CRIT, "DNS: handle_resolve_dns got an unknown query: %c", qtype);
exit(EX_DNS_ERROR);
}
}
void
enumerate_nameservers(uint32_t rid, const char letter)
{
char buf[(HOSTIPLEN + 1) * IRCD_MAXNS];
size_t s = 0;
if (!irc_nscount)
{
/* Shouldn't happen */
warn_opers(L_CRIT, "DNS: no name servers!");
stats_error(rid, letter, "NONAMESERVERS");
exit(EX_DNS_ERROR);
}
for(int i = 0; i < irc_nscount; i++)
{
char addr[HOSTIPLEN];
size_t addrlen;
rb_inet_ntop_sock((struct sockaddr *)&irc_nsaddr_list[i], addr, sizeof(addr));
if (!addr[0])
{
/* Shouldn't happen */
warn_opers(L_CRIT, "DNS: bad nameserver!");
stats_error(rid, letter, "INVALIDNAMESERVER");
exit(EX_DNS_ERROR);
}
addrlen = strlen(addr) + 1;
(void)snprintf(&buf[s], sizeof(buf) - s, "%s ", addr);
s += addrlen;
}
if(s > 0)
buf[--s] = '\0';
stats_result(rid, letter, "%s", buf);
}
void
reload_nameservers(const char letter)
{
/* Not a whole lot to it */
restart_resolver();
}

61
authd/dns.h Normal file
View file

@ -0,0 +1,61 @@
/* authd/dns.h - header for authd DNS functions
* Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef _AUTHD_DNS_H
#define _AUTHD_DNS_H
#define DNS_REQ_IDLEN 10
#include "stdinc.h"
#include "res.h"
#include "reslib.h"
typedef enum
{
QUERY_INVALID = 0,
QUERY_A = '4',
QUERY_AAAA = '6',
QUERY_PTR_A = 'R',
QUERY_PTR_AAAA = 'S',
} query_type;
/* Similar to that in ircd */
typedef void (*DNSCB)(const char *res, bool status, query_type type, void *data);
struct dns_query
{
struct DNSQuery query;
query_type type;
struct rb_sockaddr_storage addr;
uint64_t id;
DNSCB callback;
void *data;
};
extern struct dns_query *lookup_hostname(const char *ip, DNSCB callback, void *data);
extern struct dns_query *lookup_ip(const char *host, int aftype, DNSCB callback, void *data);
extern void cancel_query(struct dns_query *query);
extern void handle_resolve_dns(int parc, char *parv[]);
extern void enumerate_nameservers(uint32_t rid, const char letter);
extern void reload_nameservers(const char letter);
#endif

84
authd/notice.c Normal file
View file

@ -0,0 +1,84 @@
/* authd/notice.c - send notices back to the ircd and to clients
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "authd.h"
#include "notice.h"
/* Send a notice to a client */
void
notice_client(uint32_t cid, const char *fmt, ...)
{
char buf[BUFSIZE];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
rb_helper_write(authd_helper, "N %x :%s", cid, buf);
}
/* Send a warning to the IRC daemon for logging, etc. */
void
warn_opers(notice_level_t level, const char *fmt, ...)
{
char buf[BUFSIZE];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
rb_helper_write(authd_helper, "W %c :%s", level, buf);
}
/* Send a stats result */
void
stats_result(uint32_t cid, char letter, const char *fmt, ...)
{
char buf[BUFSIZE];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
rb_helper_write(authd_helper, "Y %x %c %s", cid, letter, buf);
}
/* Send a stats error */
void
stats_error(uint32_t cid, char letter, const char *fmt, ...)
{
char buf[BUFSIZE];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
rb_helper_write(authd_helper, "X %x %c %s", cid, letter, buf);
}
void
stats_done(uint32_t cid, char letter)
{
rb_helper_write(authd_helper, "Z %x %c", cid, letter);
}

38
authd/notice.h Normal file
View file

@ -0,0 +1,38 @@
/* authd/notice.h - send notices back to the ircd and to clients
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __SOLANUM_AUTHD_NOTICE_H__
#define __SOLANUM_AUTHD_NOTICE_H__
typedef enum
{
L_DEBUG = 'D',
L_INFO = 'I',
L_WARN = 'W',
L_CRIT ='C',
} notice_level_t;
void notice_client(uint32_t cid, const char *fmt, ...);
void warn_opers(notice_level_t level, const char *fmt, ...);
void stats_result(uint32_t cid, char letter, const char *fmt, ...);
void stats_error(uint32_t cid, char letter, const char *fmt, ...);
void stats_done(uint32_t cid, char letter);
#endif /* __SOLANUM_AUTHD_NOTICE_H__ */

433
authd/provider.c Normal file
View file

@ -0,0 +1,433 @@
/* authd/provider.c - authentication provider framework
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* The basic design here is to have "authentication providers" that do things
* like query ident and DNSBLs and even open proxies.
*
* Providers are registered in the auth_providers linked list. It is planned to
* use a bitmap to store provider ID's later.
*
* Providers can either return failure immediately, immediate acceptance, or do
* work in the background (calling set_provider to signal this).
*
* Provider-specific data for each client can be kept in an index of the data
* struct member (using the provider's ID).
*
* All providers must implement at a minimum a perform_provider function. You
* don't have to implement the others if you don't need them.
*
* Providers may kick clients off by rejecting them. Upon rejection, all
* providers are cancelled. They can also unconditionally accept them.
*
* When a provider is done and is neutral on accepting/rejecting a client, it
* should call provider_done. Do NOT call this if you have accepted or rejected
* the client.
*
* Eventually, stuff like *:line handling will be moved here, but that means we
* have to talk to bandb directly first.
*
* --Elizafox, 9 March 2016
*/
#include "stdinc.h"
#include "rb_dictionary.h"
#include "rb_lib.h"
#include "authd.h"
#include "provider.h"
#include "notice.h"
static EVH provider_timeout_event;
rb_dictionary *auth_clients;
rb_dlink_list auth_providers;
static rb_dlink_list free_pids;
static uint32_t allocated_pids;
static struct ev_entry *timeout_ev;
/* Set a provider's raw status */
static inline void
set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status)
{
auth->data[provider].status = status;
}
/* Set the provider as running */
static inline void
set_provider_running(struct auth_client *auth, uint32_t provider)
{
auth->providers_active++;
set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING);
}
/* Provider is no longer operating on this auth client */
static inline void
set_provider_done(struct auth_client *auth, uint32_t provider)
{
set_provider_status(auth, provider, PROVIDER_STATUS_DONE);
auth->providers_active--;
}
/* Initalise all providers */
void
init_providers(void)
{
auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp);
timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1);
/* FIXME must be started before rdns/ident to receive completion notification from them */
load_provider(&dnsbl_provider);
load_provider(&opm_provider);
/* FIXME must be started after dnsbl/opm in case of early completion notifications */
load_provider(&rdns_provider);
load_provider(&ident_provider);
}
/* Terminate all providers */
void
destroy_providers(void)
{
rb_dlink_node *ptr, *nptr;
rb_dictionary_iter iter;
struct auth_client *auth;
/* Cancel outstanding connections */
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
auth_client_ref(auth);
/* TBD - is this the right thing? */
reject_client(auth, UINT32_MAX, "destroy",
"Authentication system is down... try reconnecting in a few seconds");
auth_client_unref(auth);
}
RB_DLINK_FOREACH_SAFE(ptr, nptr, auth_providers.head)
{
struct auth_provider *provider = ptr->data;
if(provider->destroy)
provider->destroy();
rb_dlinkDelete(ptr, &auth_providers);
}
rb_dictionary_destroy(auth_clients, NULL, NULL);
rb_event_delete(timeout_ev);
}
/* Load a provider */
void
load_provider(struct auth_provider *provider)
{
/* Assign a PID */
if(rb_dlink_list_length(&free_pids) > 0)
{
/* use the free list */
provider->id = RB_POINTER_TO_UINT(free_pids.head->data);
rb_dlinkDestroy(free_pids.head, &free_pids);
}
else
{
if(allocated_pids == MAX_PROVIDERS || allocated_pids == UINT32_MAX)
{
warn_opers(L_WARN, "Cannot load additional provider, max reached!");
return;
}
provider->id = allocated_pids++;
}
if(provider->opt_handlers != NULL)
{
struct auth_opts_handler *handler;
for(handler = provider->opt_handlers; handler->option != NULL; handler++)
rb_dictionary_add(authd_option_handlers, handler->option, handler);
}
if(provider->stats_handler.letter != '\0')
authd_stat_handlers[(unsigned char)provider->stats_handler.letter] = provider->stats_handler.handler;
if(provider->init != NULL)
provider->init();
rb_dlinkAdd(provider, &provider->node, &auth_providers);
}
void
unload_provider(struct auth_provider *provider)
{
if(provider->opt_handlers != NULL)
{
struct auth_opts_handler *handler;
for(handler = provider->opt_handlers; handler->option != NULL; handler++)
rb_dictionary_delete(authd_option_handlers, handler->option);
}
if(provider->stats_handler.letter != '\0')
authd_stat_handlers[(unsigned char)provider->stats_handler.letter] = NULL;
if(provider->destroy != NULL)
provider->destroy();
rb_dlinkDelete(&provider->node, &auth_providers);
/* Reclaim ID */
rb_dlinkAddAlloc(RB_UINT_TO_POINTER(provider->id), &free_pids);
}
void
auth_client_free(struct auth_client *auth)
{
rb_dictionary_delete(auth_clients, RB_UINT_TO_POINTER(auth->cid));
rb_free(auth->data);
rb_free(auth);
}
/* Cancel outstanding providers for a client (if any). */
void
cancel_providers(struct auth_client *auth)
{
if(auth->providers_cancelled)
return;
auth->providers_cancelled = true;
if(auth->providers_active > 0)
{
rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, auth_providers.head)
{
struct auth_provider *provider = ptr->data;
if(provider->cancel != NULL && is_provider_running(auth, provider->id))
/* Cancel if required */
provider->cancel(auth);
}
}
}
/* Provider is done */
void
provider_done(struct auth_client *auth, uint32_t id)
{
rb_dlink_node *ptr;
lrb_assert(is_provider_running(auth, id));
lrb_assert(id != UINT32_MAX);
lrb_assert(id < allocated_pids);
set_provider_done(auth, id);
if(auth->providers_active == 0 && !auth->providers_starting)
{
/* All done */
accept_client(auth);
return;
}
RB_DLINK_FOREACH(ptr, auth_providers.head)
{
struct auth_provider *provider = ptr->data;
if(provider->completed != NULL && is_provider_running(auth, provider->id))
/* Notify pending clients who asked for it */
provider->completed(auth, id);
}
}
/* Reject a client and cancel any outstanding providers */
void
reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...)
{
char buf[BUFSIZE];
va_list args;
va_start(args, fmt);
vsnprintf(buf, sizeof(buf), fmt, args);
va_end(args);
/* We send back username and hostname in case ircd wants to overrule our decision.
* In the future this may not be the case.
* --Elizafox
*/
rb_helper_write(authd_helper, "R %x %c %s %s %s :%s",
auth->cid, id != UINT32_MAX ? auth->data[id].provider->letter : '*',
auth->username, auth->hostname,
data == NULL ? "*" : data, buf);
if(id != UINT32_MAX)
set_provider_done(auth, id);
cancel_providers(auth);
}
/* Accept a client and cancel outstanding providers if any */
void
accept_client(struct auth_client *auth)
{
rb_helper_write(authd_helper, "A %x %s %s", auth->cid, auth->username, auth->hostname);
cancel_providers(auth);
}
/* Begin authenticating user */
static void
start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port, const char *protocol)
{
struct auth_client *auth;
unsigned long long lcid = strtoull(cid, NULL, 16);
rb_dlink_node *ptr;
if(lcid == 0 || lcid > UINT32_MAX)
return;
auth = rb_malloc(sizeof(struct auth_client));
auth_client_ref(auth);
auth->cid = (uint32_t)lcid;
if(rb_dictionary_find(auth_clients, RB_UINT_TO_POINTER(auth->cid)) == NULL)
rb_dictionary_add(auth_clients, RB_UINT_TO_POINTER(auth->cid), auth);
else
{
warn_opers(L_CRIT, "provider: duplicate client added via start_auth: %s", cid);
exit(EX_PROVIDER_ERROR);
}
auth->protocol = strtoull(protocol, NULL, 16);
rb_strlcpy(auth->l_ip, l_ip, sizeof(auth->l_ip));
auth->l_port = (uint16_t)atoi(l_port); /* should be safe */
(void) rb_inet_pton_sock(l_ip, &auth->l_addr);
SET_SS_PORT(&auth->l_addr, htons(auth->l_port));
rb_strlcpy(auth->c_ip, c_ip, sizeof(auth->c_ip));
auth->c_port = (uint16_t)atoi(c_port);
(void) rb_inet_pton_sock(c_ip, &auth->c_addr);
SET_SS_PORT(&auth->c_addr, htons(auth->c_port));
rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname));
rb_strlcpy(auth->username, "*", sizeof(auth->username));
auth->data = rb_malloc(allocated_pids * sizeof(struct auth_client_data));
auth->providers_starting = true;
RB_DLINK_FOREACH(ptr, auth_providers.head)
{
struct auth_provider *provider = ptr->data;
auth->data[provider->id].provider = provider;
lrb_assert(provider->start != NULL);
/* Execute providers */
set_provider_running(auth, provider->id);
if(!provider->start(auth))
/* Rejected immediately */
goto done;
if(auth->providers_cancelled)
break;
}
auth->providers_starting = false;
/* If no providers are running, accept the client */
if(auth->providers_active == 0)
accept_client(auth);
done:
auth_client_unref(auth);
}
/* Callback for the initiation */
void
handle_new_connection(int parc, char *parv[])
{
if (parc < 6) {
warn_opers(L_CRIT, "provider: received too few params for new connection (6 expected, got %d)", parc);
exit(EX_PROVIDER_ERROR);
}
start_auth(parv[1], parv[2], parv[3], parv[4], parv[5], parc > 6 ? parv[6] : "0");
}
void
handle_cancel_connection(int parc, char *parv[])
{
struct auth_client *auth;
unsigned long long lcid;
if(parc < 2)
{
warn_opers(L_CRIT, "provider: received too few params for new connection (2 expected, got %d)", parc);
exit(EX_PROVIDER_ERROR);
}
lcid = strtoull(parv[1], NULL, 16);
if(lcid == 0 || lcid > UINT32_MAX)
{
warn_opers(L_CRIT, "provider: got a request to cancel a connection that can't exist: %s", parv[1]);
exit(EX_PROVIDER_ERROR);
}
if((auth = rb_dictionary_retrieve(auth_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL)
{
/* This could happen as a race if we've accepted/rejected but they cancel, so don't die here.
* --Elizafox */
return;
}
auth_client_ref(auth);
cancel_providers(auth);
auth_client_unref(auth);
}
static void
provider_timeout_event(void *notused __unused)
{
struct auth_client *auth;
rb_dictionary_iter iter;
const time_t curtime = rb_current_time();
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
rb_dlink_node *ptr;
auth_client_ref(auth);
RB_DLINK_FOREACH(ptr, auth_providers.head)
{
struct auth_provider *provider = ptr->data;
const time_t timeout = get_provider_timeout(auth, provider->id);
if(is_provider_running(auth, provider->id) && provider->timeout != NULL &&
timeout > 0 && timeout < curtime)
{
provider->timeout(auth);
}
}
auth_client_unref(auth);
}
}

246
authd/provider.h Normal file
View file

@ -0,0 +1,246 @@
/* authd/provider.h - authentication provider framework
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifndef __SOLANUM_AUTHD_PROVIDER_H__
#define __SOLANUM_AUTHD_PROVIDER_H__
#include "stdinc.h"
#include "authd.h"
#include "rb_dictionary.h"
#define MAX_PROVIDERS 32 /* This should be enough */
typedef enum
{
PROVIDER_STATUS_NOTRUN = 0,
PROVIDER_STATUS_RUNNING,
PROVIDER_STATUS_DONE,
} provider_status_t;
struct auth_client_data
{
struct auth_provider *provider; /* Pointer back */
time_t timeout; /* Provider timeout */
void *data; /* Provider data */
provider_status_t status; /* Provider status */
};
struct auth_client
{
uint32_t cid; /* Client ID */
int protocol; /* IP protocol (TCP/SCTP) */
char l_ip[HOSTIPLEN + 1]; /* Listener IP address */
uint16_t l_port; /* Listener port */
struct rb_sockaddr_storage l_addr; /* Listener address/port */
char c_ip[HOSTIPLEN + 1]; /* Client IP address */
uint16_t c_port; /* Client port */
struct rb_sockaddr_storage c_addr; /* Client address/port */
char hostname[HOSTLEN + 1]; /* Used for DNS lookup */
char username[USERLEN + 1]; /* Used for ident lookup */
bool providers_starting; /* Providers are still warming up */
bool providers_cancelled; /* Providers are being cancelled */
unsigned int providers_active; /* Number of active providers */
unsigned int refcount; /* Held references */
struct auth_client_data *data; /* Provider-specific data */
};
typedef bool (*provider_init_t)(void);
typedef void (*provider_destroy_t)(void);
typedef bool (*provider_start_t)(struct auth_client *);
typedef void (*provider_cancel_t)(struct auth_client *);
typedef void (*uint32_timeout_t)(struct auth_client *);
typedef void (*provider_complete_t)(struct auth_client *, uint32_t);
struct auth_stats_handler
{
const char letter;
authd_stat_handler handler;
};
struct auth_provider
{
rb_dlink_node node;
uint32_t id; /* Provider ID */
const char *name; /* Name of the provider */
char letter; /* Letter used on reject, etc. */
provider_init_t init; /* Initalise the provider */
provider_destroy_t destroy; /* Terminate the provider */
provider_start_t start; /* Perform authentication */
provider_cancel_t cancel; /* Authentication cancelled */
uint32_timeout_t timeout; /* Timeout callback */
provider_complete_t completed; /* Callback for when other performers complete (think dependency chains) */
struct auth_stats_handler stats_handler;
struct auth_opts_handler *opt_handlers;
};
extern struct auth_provider rdns_provider;
extern struct auth_provider ident_provider;
extern struct auth_provider dnsbl_provider;
extern struct auth_provider opm_provider;
extern rb_dlink_list auth_providers;
extern rb_dictionary *auth_clients;
void load_provider(struct auth_provider *provider);
void unload_provider(struct auth_provider *provider);
void init_providers(void);
void destroy_providers(void);
void cancel_providers(struct auth_client *auth);
void provider_done(struct auth_client *auth, uint32_t id);
void accept_client(struct auth_client *auth);
void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...);
void handle_new_connection(int parc, char *parv[]);
void handle_cancel_connection(int parc, char *parv[]);
void auth_client_free(struct auth_client *auth);
static inline void
auth_client_ref(struct auth_client *auth)
{
auth->refcount++;
}
static inline void
auth_client_unref(struct auth_client *auth)
{
auth->refcount--;
if (auth->refcount == 0)
auth_client_free(auth);
}
/* Get a provider by name */
static inline struct auth_provider *
find_provider(const char *name)
{
rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, auth_providers.head)
{
struct auth_provider *provider = ptr->data;
if(strcasecmp(provider->name, name) == 0)
return provider;
}
return NULL;
}
/* Get a provider's id by name */
static inline bool
get_provider_id(const char *name, uint32_t *id)
{
struct auth_provider *provider = find_provider(name);
if(provider != NULL)
{
*id = provider->id;
return true;
}
else
return false;
}
/* Get a provider's raw status */
static inline provider_status_t
get_provider_status(struct auth_client *auth, uint32_t provider)
{
return auth->data[provider].status;
}
/* Check if provider is operating on this auth client */
static inline bool
is_provider_running(struct auth_client *auth, uint32_t provider)
{
return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING;
}
/* Check if provider has finished on this client */
static inline bool
is_provider_done(struct auth_client *auth, uint32_t provider)
{
return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE;
}
/* Check if provider doesn't exist or has finished on this client */
static inline bool
run_after_provider(struct auth_client *auth, const char *name)
{
uint32_t id;
if (get_provider_id(name, &id)) {
return get_provider_status(auth, id) == PROVIDER_STATUS_DONE;
} else {
return true;
}
}
/* Get provider auth client data */
static inline void *
get_provider_data(struct auth_client *auth, uint32_t id)
{
return auth->data[id].data;
}
/* Set provider auth client data */
static inline void
set_provider_data(struct auth_client *auth, uint32_t id, void *data)
{
auth->data[id].data = data;
}
/* Set timeout relative to current time on provider
* When the timeout lapses, the provider's timeout call will execute */
static inline void
set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout)
{
auth->data[id].timeout = timeout + rb_current_time();
}
/* Set timeout value in absolute time (Unix timestamp)
* When the timeout lapses, the provider's timeout call will execute */
static inline void
set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout)
{
auth->data[id].timeout = timeout;
}
/* Get the timeout value for the provider */
static inline time_t
get_provider_timeout(struct auth_client *auth, uint32_t id)
{
return auth->data[id].timeout;
}
#endif /* __SOLANUM_AUTHD_PROVIDER_H__ */

608
authd/providers/dnsbl.c Normal file
View file

@ -0,0 +1,608 @@
/*
* Solanum: a slightly advanced ircd
* dnsbl.c: Manages DNSBL entries and lookups
*
* Copyright (C) 2006-2011 charybdis development team
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
* met:
*
* 1. Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* 3. The name of the author may not be used to endorse or promote products
* derived from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Originally written for charybdis circa 2006 (by nenolod?).
* Tweaked for authd. Some functions and structs renamed. Public/private
* interfaces have been shifted around. Some code has been cleaned up too.
* -- Elizafox 24 March 2016
*/
#include "authd.h"
#include "defaults.h"
#include "provider.h"
#include "notice.h"
#include "stdinc.h"
#include "dns.h"
#define SELF_PID (dnsbl_provider.id)
typedef enum filter_t
{
FILTER_ALL = 1,
FILTER_LAST = 2,
} filter_t;
/* dnsbl accepted IP types */
#define IPTYPE_IPV4 1
#define IPTYPE_IPV6 2
/* A configured DNSBL */
struct dnsbl
{
char host[IRCD_RES_HOSTLEN + 1];
char reason[BUFSIZE]; /* Reason template (ircd fills in the blanks) */
uint8_t iptype; /* IP types supported */
rb_dlink_list filters; /* Filters for queries */
bool delete; /* If true delete when no clients */
int refcount; /* When 0 and delete is set, remove this dnsbl */
unsigned int hits;
time_t lastwarning; /* Last warning about garbage replies sent */
};
/* A lookup in progress for a particular DNSBL for a particular client */
struct dnsbl_lookup
{
struct dnsbl *bl; /* dnsbl we're checking */
struct auth_client *auth; /* Client */
struct dns_query *query; /* DNS query pointer */
rb_dlink_node node;
};
/* A dnsbl filter */
struct dnsbl_filter
{
filter_t type; /* Type of filter */
char filter[HOSTIPLEN]; /* The filter itself */
rb_dlink_node node;
};
/* dnsbl user data attached to auth_client instance */
struct dnsbl_user
{
bool started;
rb_dlink_list queries; /* dnsbl queries in flight */
};
/* public interfaces */
static void dnsbls_destroy(void);
static bool dnsbls_start(struct auth_client *);
static inline void dnsbls_generic_cancel(struct auth_client *, const char *);
static void dnsbls_timeout(struct auth_client *);
static void dnsbls_cancel(struct auth_client *);
static void dnsbls_cancel_none(struct auth_client *);
/* private interfaces */
static void unref_dnsbl(struct dnsbl *);
static struct dnsbl *new_dnsbl(const char *, const char *, uint8_t, rb_dlink_list *);
static struct dnsbl *find_dnsbl(const char *);
static bool dnsbl_check_reply(struct dnsbl_lookup *, const char *);
static void dnsbl_dns_callback(const char *, bool, query_type, void *);
static void initiate_dnsbl_dnsquery(struct dnsbl *, struct auth_client *);
/* Variables */
static rb_dlink_list dnsbl_list = { NULL, NULL, 0 };
static int dnsbl_timeout = DNSBL_TIMEOUT_DEFAULT;
/* private interfaces */
static void
unref_dnsbl(struct dnsbl *bl)
{
rb_dlink_node *ptr, *nptr;
bl->refcount--;
if (bl->delete && bl->refcount <= 0)
{
RB_DLINK_FOREACH_SAFE(ptr, nptr, bl->filters.head)
{
rb_dlinkDelete(ptr, &bl->filters);
rb_free(ptr);
}
rb_dlinkFindDestroy(bl, &dnsbl_list);
rb_free(bl);
}
}
static struct dnsbl *
new_dnsbl(const char *name, const char *reason, uint8_t iptype, rb_dlink_list *filters)
{
struct dnsbl *bl;
if (name == NULL || reason == NULL || iptype == 0)
return NULL;
if((bl = find_dnsbl(name)) == NULL)
{
bl = rb_malloc(sizeof(struct dnsbl));
rb_dlinkAddAlloc(bl, &dnsbl_list);
}
else
bl->delete = false;
rb_strlcpy(bl->host, name, IRCD_RES_HOSTLEN + 1);
rb_strlcpy(bl->reason, reason, BUFSIZE);
bl->iptype = iptype;
rb_dlinkMoveList(filters, &bl->filters);
bl->lastwarning = 0;
return bl;
}
static struct dnsbl *
find_dnsbl(const char *name)
{
rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, dnsbl_list.head)
{
struct dnsbl *bl = (struct dnsbl *)ptr->data;
if (!strcasecmp(bl->host, name))
return bl;
}
return NULL;
}
static inline bool
dnsbl_check_reply(struct dnsbl_lookup *bllookup, const char *ipaddr)
{
struct dnsbl *bl = bllookup->bl;
const char *lastoctet;
rb_dlink_node *ptr;
/* No filters and entry found - thus positive match */
if (!rb_dlink_list_length(&bl->filters))
return true;
/* Below will prolly have to change if IPv6 address replies are sent back */
if ((lastoctet = strrchr(ipaddr, '.')) == NULL || *(++lastoctet) == '\0')
goto blwarn;
RB_DLINK_FOREACH(ptr, bl->filters.head)
{
struct dnsbl_filter *filter = ptr->data;
const char *cmpstr;
if (filter->type == FILTER_ALL)
cmpstr = ipaddr;
else if (filter->type == FILTER_LAST)
cmpstr = lastoctet;
else
{
warn_opers(L_CRIT, "dnsbl: Unknown dnsbl filter type (host %s): %d",
bl->host, filter->type);
exit(EX_PROVIDER_ERROR);
}
if (strcmp(cmpstr, filter->filter) == 0)
/* Match! */
return true;
}
return false;
blwarn:
if (bl->lastwarning + 3600 < rb_current_time())
{
warn_opers(L_WARN, "Garbage/undecipherable reply received from dnsbl %s (reply %s)",
bl->host, ipaddr);
bl->lastwarning = rb_current_time();
}
return false;
}
static void
dnsbl_dns_callback(const char *result, bool status, query_type type, void *data)
{
struct dnsbl_lookup *bllookup = (struct dnsbl_lookup *)data;
struct dnsbl_user *bluser;
struct dnsbl *bl;
struct auth_client *auth;
lrb_assert(bllookup != NULL);
lrb_assert(bllookup->auth != NULL);
bl = bllookup->bl;
auth = bllookup->auth;
if((bluser = get_provider_data(auth, SELF_PID)) == NULL)
return;
if (result != NULL && status && dnsbl_check_reply(bllookup, result))
{
/* Match found, so proceed no further */
bl->hits++;
reject_client(auth, SELF_PID, bl->host, bl->reason);
dnsbls_cancel(auth);
return;
}
unref_dnsbl(bl);
cancel_query(bllookup->query); /* Ignore future responses */
rb_dlinkDelete(&bllookup->node, &bluser->queries);
rb_free(bllookup);
if(!rb_dlink_list_length(&bluser->queries))
{
/* Done here */
notice_client(auth->cid, "*** No DNSBL entry found for this IP");
rb_free(bluser);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
}
static void
initiate_dnsbl_dnsquery(struct dnsbl *bl, struct auth_client *auth)
{
struct dnsbl_lookup *bllookup = rb_malloc(sizeof(struct dnsbl_lookup));
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
char buf[IRCD_RES_HOSTLEN + 1];
int aftype;
bllookup->bl = bl;
bllookup->auth = auth;
aftype = GET_SS_FAMILY(&auth->c_addr);
if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) ||
(aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0))
/* Incorrect dnsbl type for this IP... */
{
rb_free(bllookup);
return;
}
build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host);
bllookup->query = lookup_ip(buf, AF_INET, dnsbl_dns_callback, bllookup);
rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries);
bl->refcount++;
}
static inline bool
lookup_all_dnsbls(struct auth_client *auth)
{
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
rb_dlink_node *ptr;
int iptype;
if(GET_SS_FAMILY(&auth->c_addr) == AF_INET)
iptype = IPTYPE_IPV4;
else if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
iptype = IPTYPE_IPV6;
else
return false;
bluser->started = true;
notice_client(auth->cid, "*** Checking your IP against DNSBLs");
RB_DLINK_FOREACH(ptr, dnsbl_list.head)
{
struct dnsbl *bl = (struct dnsbl *)ptr->data;
if (!bl->delete && (bl->iptype & iptype))
initiate_dnsbl_dnsquery(bl, auth);
}
if(!rb_dlink_list_length(&bluser->queries))
/* None checked. */
return false;
set_provider_timeout_relative(auth, SELF_PID, dnsbl_timeout);
return true;
}
static inline void
delete_dnsbl(struct dnsbl *bl)
{
if (bl->refcount > 0)
bl->delete = true;
else
{
rb_dlinkFindDestroy(bl, &dnsbl_list);
rb_free(bl);
}
}
static void
delete_all_dnsbls(void)
{
rb_dlink_node *ptr, *nptr;
RB_DLINK_FOREACH_SAFE(ptr, nptr, dnsbl_list.head)
{
delete_dnsbl(ptr->data);
}
}
/* public interfaces */
static bool
dnsbls_start(struct auth_client *auth)
{
lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
if (!rb_dlink_list_length(&dnsbl_list)) {
/* Nothing to do... */
provider_done(auth, SELF_PID);
return true;
}
auth_client_ref(auth);
set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct dnsbl_user)));
if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
/* Start the lookup if ident and rdns are finished, or not loaded. */
if (!lookup_all_dnsbls(auth)) {
dnsbls_cancel_none(auth);
return true;
}
}
return true;
}
/* This is called every time a provider is completed as long as we are marked not done */
static void
dnsbls_initiate(struct auth_client *auth, uint32_t provider)
{
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
lrb_assert(provider != SELF_PID);
lrb_assert(!is_provider_done(auth, SELF_PID));
lrb_assert(rb_dlink_list_length(&dnsbl_list) > 0);
if (bluser == NULL || bluser->started) {
/* Nothing to do */
return;
} else if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
/* Start the lookup if ident and rdns are finished, or not loaded. */
if (!lookup_all_dnsbls(auth)) {
dnsbls_cancel_none(auth);
}
}
}
static inline void
dnsbls_generic_cancel(struct auth_client *auth, const char *message)
{
rb_dlink_node *ptr, *nptr;
struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
if(bluser == NULL)
return;
if(rb_dlink_list_length(&bluser->queries))
{
notice_client(auth->cid, message);
RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head)
{
struct dnsbl_lookup *bllookup = ptr->data;
cancel_query(bllookup->query);
unref_dnsbl(bllookup->bl);
rb_dlinkDelete(&bllookup->node, &bluser->queries);
rb_free(bllookup);
}
}
rb_free(bluser);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
static void
dnsbls_timeout(struct auth_client *auth)
{
dnsbls_generic_cancel(auth, "*** No response from DNSBLs");
}
static void
dnsbls_cancel(struct auth_client *auth)
{
dnsbls_generic_cancel(auth, "*** Aborting DNSBL checks");
}
static void
dnsbls_cancel_none(struct auth_client *auth)
{
dnsbls_generic_cancel(auth, "*** Could not check DNSBLs");
}
static void
dnsbls_destroy(void)
{
rb_dictionary_iter iter;
struct auth_client *auth;
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
dnsbls_cancel(auth);
/* auth is now invalid as we have no reference */
}
delete_all_dnsbls();
}
static void
add_conf_dnsbl(const char *key, int parc, const char **parv)
{
rb_dlink_list filters = { NULL, NULL, 0 };
char *tmp, *elemlist = rb_strdup(parv[2]);
uint8_t iptype;
if(*elemlist == '*')
goto end;
for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp))
{
struct dnsbl_filter *filter = rb_malloc(sizeof(struct dnsbl_filter));
int dot_c = 0;
filter_t type = FILTER_LAST;
/* Check dnsbl filter type and for validity */
for(char *c = elem; *c != '\0'; c++)
{
if(*c == '.')
{
if(++dot_c > 3)
{
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (too many octets)");
exit(EX_PROVIDER_ERROR);
}
type = FILTER_ALL;
}
else if(!isdigit(*c))
{
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (invalid character in dnsbl filter: %c)",
*c);
exit(EX_PROVIDER_ERROR);
}
}
if(dot_c > 0 && dot_c < 3)
{
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (insufficient octets)");
exit(EX_PROVIDER_ERROR);
}
filter->type = type;
rb_strlcpy(filter->filter, elem, sizeof(filter->filter));
rb_dlinkAdd(filter, &filter->node, &filters);
}
end:
rb_free(elemlist);
iptype = atoi(parv[1]) & 0x3;
if(new_dnsbl(parv[0], parv[3], iptype, &filters) == NULL)
{
warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a malformed dnsbl");
exit(EX_PROVIDER_ERROR);
}
}
static void
del_conf_dnsbl(const char *key, int parc, const char **parv)
{
struct dnsbl *bl = find_dnsbl(parv[0]);
if(bl == NULL)
{
/* Not fatal for now... */
warn_opers(L_WARN, "dnsbl: tried to remove nonexistent dnsbl %s", parv[0]);
return;
}
delete_dnsbl(bl);
}
static void
del_conf_dnsbl_all(const char *key, int parc, const char **parv)
{
delete_all_dnsbls();
}
static void
add_conf_dnsbl_timeout(const char *key, int parc, const char **parv)
{
int timeout = atoi(parv[0]);
if(timeout < 0)
{
warn_opers(L_CRIT, "dnsbl: dnsbl timeout < 0 (value: %d)", timeout);
exit(EX_PROVIDER_ERROR);
}
dnsbl_timeout = timeout;
}
#if 0
static void
dnsbl_stats(uint32_t rid, char letter)
{
rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, dnsbl_list.head)
{
struct dnsbl *bl = ptr->data;
if(bl->delete)
continue;
stats_result(rid, letter, "%s %hhu %u", bl->host, bl->iptype, bl->hits);
}
stats_done(rid, letter);
}
#endif
struct auth_opts_handler dnsbl_options[] =
{
{ "rbl", 4, add_conf_dnsbl },
{ "rbl_del", 1, del_conf_dnsbl },
{ "rbl_del_all", 0, del_conf_dnsbl_all },
{ "rbl_timeout", 1, add_conf_dnsbl_timeout },
{ NULL, 0, NULL },
};
struct auth_provider dnsbl_provider =
{
.name = "dnsbl",
.letter = 'B',
.destroy = dnsbls_destroy,
.start = dnsbls_start,
.cancel = dnsbls_cancel,
.timeout = dnsbls_timeout,
.completed = dnsbls_initiate,
.opt_handlers = dnsbl_options,
/* .stats_handler = { 'B', dnsbl_stats }, */
};

387
authd/providers/ident.c Normal file
View file

@ -0,0 +1,387 @@
/* authd/providers/ident.c - ident lookup provider for authd
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
* moved to its own provider.
*
* --Elizafox 13 March 2016
*/
#include "stdinc.h"
#include "defaults.h"
#include "match.h"
#include "authd.h"
#include "notice.h"
#include "provider.h"
#include "res.h"
#define SELF_PID (ident_provider.id)
#define IDENT_BUFSIZE 128
struct ident_query
{
rb_fde_t *F; /* Our FD */
};
/* Goinked from old s_auth.c --Elizafox */
static const char *messages[] =
{
"*** Checking Ident",
"*** Got Ident response",
"*** No Ident response",
"*** Cannot verify ident validity, ignoring ident",
"*** Ident disabled, not checking ident",
};
typedef enum
{
REPORT_LOOKUP,
REPORT_FOUND,
REPORT_FAIL,
REPORT_INVALID,
REPORT_DISABLED,
} ident_message;
static CNCB ident_connected;
static PF read_ident_reply;
static void client_fail(struct auth_client *auth, ident_message message);
static void client_success(struct auth_client *auth);
static char * get_valid_ident(char *buf);
static int ident_timeout = IDENT_TIMEOUT_DEFAULT;
static bool ident_enable = true;
/*
* ident_connected() - deal with the result of rb_connect_tcp()
*
* If the connection failed, we simply close the auth fd and report
* a failure. If the connection suceeded send the ident server a query
* giving "theirport , ourport". The write is only attempted *once* so
* it is deemed to be a fail if the entire write doesn't write all the
* data given. This shouldnt be a problem since the socket should have
* a write buffer far greater than this message to store it in should
* problems arise. -avalon
*/
static void
ident_connected(rb_fde_t *F __unused, int error, void *data)
{
struct auth_client *auth = data;
struct ident_query *query;
char authbuf[32];
int authlen;
lrb_assert(auth != NULL);
query = get_provider_data(auth, SELF_PID);
lrb_assert(query != NULL);
/* Check the error */
if(error != RB_OK)
{
/* We had an error during connection :( */
client_fail(auth, REPORT_FAIL);
return;
}
snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
auth->c_port, auth->l_port);
authlen = strlen(authbuf);
if(rb_write(query->F, authbuf, authlen) != authlen)
{
client_fail(auth, REPORT_FAIL);
return;
}
read_ident_reply(query->F, auth);
}
static void
read_ident_reply(rb_fde_t *F, void *data)
{
struct auth_client *auth = data;
char buf[IDENT_BUFSIZE + 1] = { 0 }; /* buffer to read auth reply into */
ident_message message = REPORT_FAIL;
char *s = NULL;
char *t = NULL;
ssize_t len;
int count;
len = rb_read(F, buf, IDENT_BUFSIZE);
if(len < 0 && rb_ignore_errno(errno))
{
rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
return;
}
if(len > 0)
{
if((s = get_valid_ident(buf)) != NULL)
{
t = auth->username;
while (*s == '~' || *s == '^')
s++;
for (count = USERLEN; *s && count; s++)
{
if(*s == '@' || *s == '\r' || *s == '\n')
break;
if(*s != ' ' && *s != ':' && *s != '[')
{
*t++ = *s;
count--;
}
}
*t = '\0';
}
else
message = REPORT_INVALID;
}
if (*auth->username == '\0')
{
auth->username[0] = '*';
auth->username[1] = '\0';
}
if(s == NULL)
client_fail(auth, message);
else
client_success(auth);
}
static void
client_fail(struct auth_client *auth, ident_message report)
{
struct ident_query *query = get_provider_data(auth, SELF_PID);
lrb_assert(query != NULL);
rb_strlcpy(auth->username, "*", sizeof(auth->username));
if(query->F != NULL)
rb_close(query->F);
rb_free(query);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
notice_client(auth->cid, messages[report]);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
static void
client_success(struct auth_client *auth)
{
struct ident_query *query = get_provider_data(auth, SELF_PID);
lrb_assert(query != NULL);
if(query->F != NULL)
rb_close(query->F);
rb_free(query);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
notice_client(auth->cid, messages[REPORT_FOUND]);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
/* get_valid_ident
* parse ident query reply from identd server
*
* Taken from old s_auth.c --Elizafox
*
* Inputs - pointer to ident buf
* Outputs - NULL if no valid ident found, otherwise pointer to name
* Side effects - None
*/
static char *
get_valid_ident(char *buf)
{
int remp = 0;
int locp = 0;
char *colon1Ptr;
char *colon2Ptr;
char *colon3Ptr;
char *commaPtr;
char *remotePortString;
/* All this to get rid of a sscanf() fun. */
remotePortString = buf;
colon1Ptr = strchr(remotePortString, ':');
if(!colon1Ptr)
return NULL;
*colon1Ptr = '\0';
colon1Ptr++;
colon2Ptr = strchr(colon1Ptr, ':');
if(!colon2Ptr)
return NULL;
*colon2Ptr = '\0';
colon2Ptr++;
commaPtr = strchr(remotePortString, ',');
if(!commaPtr)
return NULL;
*commaPtr = '\0';
commaPtr++;
remp = atoi(remotePortString);
if(!remp)
return NULL;
locp = atoi(commaPtr);
if(!locp)
return NULL;
/* look for USERID bordered by first pair of colons */
if(!strstr(colon1Ptr, "USERID"))
return NULL;
colon3Ptr = strchr(colon2Ptr, ':');
if(!colon3Ptr)
return NULL;
*colon3Ptr = '\0';
colon3Ptr++;
return (colon3Ptr);
}
static void
ident_destroy(void)
{
struct auth_client *auth;
rb_dictionary_iter iter;
/* Nuke all ident queries */
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
if(get_provider_data(auth, SELF_PID) != NULL)
client_fail(auth, REPORT_FAIL);
/* auth is now invalid as we have no reference */
}
}
static bool
ident_start(struct auth_client *auth)
{
struct ident_query *query = rb_malloc(sizeof(struct ident_query));
struct rb_sockaddr_storage l_addr, c_addr;
int family = GET_SS_FAMILY(&auth->c_addr);
lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
if(!ident_enable)
{
rb_free(query);
notice_client(auth->cid, messages[REPORT_DISABLED]);
provider_done(auth, SELF_PID);
return true;
}
auth_client_ref(auth);
notice_client(auth->cid, messages[REPORT_LOOKUP]);
set_provider_data(auth, SELF_PID, query);
set_provider_timeout_relative(auth, SELF_PID, ident_timeout);
if((query->F = rb_socket(family, SOCK_STREAM, auth->protocol, "ident")) == NULL)
{
warn_opers(L_WARN, "Could not create ident socket: %s", strerror(errno));
client_fail(auth, REPORT_FAIL);
return true; /* Not a fatal error */
}
/* Build sockaddr_storages for rb_connect_tcp below */
l_addr = auth->l_addr;
c_addr = auth->c_addr;
SET_SS_PORT(&l_addr, 0);
SET_SS_PORT(&c_addr, htons(113));
rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
(struct sockaddr *)&l_addr,
ident_connected,
auth, ident_timeout);
return true;
}
static void
ident_cancel(struct auth_client *auth)
{
struct ident_query *query = get_provider_data(auth, SELF_PID);
if(query != NULL)
client_fail(auth, REPORT_FAIL);
}
static void
add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
{
int timeout = atoi(parv[0]);
if(timeout < 0)
{
warn_opers(L_CRIT, "Ident: ident timeout < 0 (value: %d)", timeout);
exit(EX_PROVIDER_ERROR);
}
ident_timeout = timeout;
}
static void
set_ident_enabled(const char *key __unused, int parc __unused, const char **parv)
{
ident_enable = (*parv[0] == '1');
}
struct auth_opts_handler ident_options[] =
{
{ "ident_timeout", 1, add_conf_ident_timeout },
{ "ident_enabled", 1, set_ident_enabled },
{ NULL, 0, NULL },
};
struct auth_provider ident_provider =
{
.name = "ident",
.letter = 'I',
.start = ident_start,
.destroy = ident_destroy,
.cancel = ident_cancel,
.timeout = ident_cancel,
.opt_handlers = ident_options,
};

921
authd/providers/opm.c Normal file
View file

@ -0,0 +1,921 @@
/* authd/providers/opm.c - small open proxy monitor
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "stdinc.h"
#include "rb_lib.h"
#include "defaults.h"
#include "setup.h"
#include "authd.h"
#include "notice.h"
#include "provider.h"
#include <netinet/tcp.h> // TCP_NODELAY
#define SELF_PID (opm_provider.id)
#define OPM_READSIZE 128
typedef enum protocol_t
{
PROTO_NONE,
PROTO_SOCKS4,
PROTO_SOCKS5,
PROTO_HTTP_CONNECT,
PROTO_HTTPS_CONNECT,
} protocol_t;
/* Lookup data associated with auth client */
struct opm_lookup
{
rb_dlink_list scans; /* List of scans */
bool in_progress;
};
struct opm_scan;
typedef void (*opm_callback_t)(struct opm_scan *);
/* A proxy scanner */
struct opm_proxy
{
char note[16];
protocol_t proto;
uint16_t port;
bool ssl; /* Connect to proxy with SSL */
bool ipv6; /* Proxy supports IPv6 */
opm_callback_t callback;
rb_dlink_node node;
};
/* A listener for proxy replies */
struct opm_listener
{
char ip[HOSTIPLEN];
uint16_t port;
struct rb_sockaddr_storage addr;
rb_fde_t *F;
};
/* An individual proxy scan */
struct opm_scan
{
struct auth_client *auth;
rb_fde_t *F; /* fd for scan */
struct opm_proxy *proxy; /* Associated proxy */
struct opm_listener *listener; /* Associated listener */
rb_dlink_node node;
};
/* Proxies that we scan for */
static rb_dlink_list proxy_scanners;
static ACCB accept_opm;
static PF read_opm_reply;
static CNCB opm_connected;
static void opm_cancel(struct auth_client *auth);
static bool create_listener(const char *ip, uint16_t port);
static int opm_timeout = OPM_TIMEOUT_DEFAULT;
static bool opm_enable = false;
enum
{
LISTEN_IPV4,
LISTEN_IPV6,
LISTEN_LAST,
};
/* IPv4 and IPv6 */
static struct opm_listener listeners[LISTEN_LAST];
static inline protocol_t
get_protocol_from_string(const char *str)
{
if(strcasecmp(str, "socks4") == 0)
return PROTO_SOCKS4;
else if(strcasecmp(str, "socks5") == 0)
return PROTO_SOCKS5;
else if(strcasecmp(str, "httpconnect") == 0)
return PROTO_HTTP_CONNECT;
else if(strcasecmp(str, "httpsconnect") == 0)
return PROTO_HTTPS_CONNECT;
else
return PROTO_NONE;
}
static inline struct opm_proxy *
find_proxy_scanner(protocol_t proto, uint16_t port)
{
rb_dlink_node *ptr;
RB_DLINK_FOREACH(ptr, proxy_scanners.head)
{
struct opm_proxy *proxy = ptr->data;
if(proxy->proto == proto && proxy->port == port)
return proxy;
}
return NULL;
}
/* This is called when an open proxy connects to us */
static void
read_opm_reply(rb_fde_t *F, void *data)
{
rb_dlink_node *ptr;
struct auth_client *auth = data;
struct opm_lookup *lookup;
char readbuf[OPM_READSIZE];
ssize_t len;
lrb_assert(auth != NULL);
lookup = get_provider_data(auth, SELF_PID);
lrb_assert(lookup != NULL);
if((len = rb_read(F, readbuf, sizeof(readbuf))) < 0 && rb_ignore_errno(errno))
{
rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
return;
}
else if(len <= 0)
{
/* Dead */
rb_close(F);
return;
}
RB_DLINK_FOREACH(ptr, proxy_scanners.head)
{
struct opm_proxy *proxy = ptr->data;
if(strncmp(proxy->note, readbuf, strlen(proxy->note)) == 0)
{
rb_dlink_node *ptr, *nptr;
/* Cancel outstanding lookups */
RB_DLINK_FOREACH_SAFE(ptr, nptr, lookup->scans.head)
{
struct opm_scan *scan = ptr->data;
rb_close(scan->F);
rb_free(scan);
}
/* No longer needed, client is going away */
rb_free(lookup);
reject_client(auth, SELF_PID, readbuf, "Open proxy detected");
break;
}
}
rb_close(F);
}
static void
accept_opm(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
{
struct auth_client *auth = NULL;
struct opm_listener *listener = data;
struct rb_sockaddr_storage localaddr;
unsigned int llen = sizeof(struct rb_sockaddr_storage);
rb_dictionary_iter iter;
if(status != 0 || listener == NULL)
{
rb_close(F);
return;
}
if(getsockname(rb_get_fd(F), (struct sockaddr *)&localaddr, &llen))
{
/* This can happen if the client goes away after accept */
rb_close(F);
return;
}
/* Correlate connection with client(s) */
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
if(GET_SS_FAMILY(&auth->c_addr) != GET_SS_FAMILY(&localaddr))
continue;
/* Compare the addresses */
switch(GET_SS_FAMILY(&localaddr))
{
case AF_INET:
{
struct sockaddr_in *s = (struct sockaddr_in *)&localaddr, *c = (struct sockaddr_in *)&auth->c_addr;
if(s->sin_addr.s_addr == c->sin_addr.s_addr)
{
/* Match... check if it's real */
rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
return;
}
break;
}
case AF_INET6:
{
struct sockaddr_in6 *s = (struct sockaddr_in6 *)&localaddr, *c = (struct sockaddr_in6 *)&auth->c_addr;
if(IN6_ARE_ADDR_EQUAL(&s->sin6_addr, &c->sin6_addr))
{
rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
return;
}
break;
}
default:
warn_opers(L_CRIT, "OPM: unknown address type in listen function");
exit(EX_PROVIDER_ERROR);
}
}
/* We don't care about the socket if we get here */
rb_close(F);
}
/* Scanners */
static void
opm_connected(rb_fde_t *F, int error, void *data)
{
struct opm_scan *scan = data;
struct opm_proxy *proxy = scan->proxy;
struct auth_client *auth = scan->auth;
struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
if(error || !opm_enable)
{
//notice_client(scan->auth->cid, "*** Scan not connected: %s", proxy->note);
goto end;
}
switch(GET_SS_FAMILY(&auth->c_addr))
{
case AF_INET:
if(listeners[LISTEN_IPV4].F == NULL)
/* They cannot respond to us */
goto end;
break;
case AF_INET6:
if(!proxy->ipv6)
/* Welp, too bad */
goto end;
if(listeners[LISTEN_IPV6].F == NULL)
/* They cannot respond to us */
goto end;
break;
default:
goto end;
}
proxy->callback(scan);
end:
rb_close(scan->F);
rb_dlinkDelete(&scan->node, &lookup->scans);
rb_free(scan);
}
static void
socks4_connected(struct opm_scan *scan)
{
uint8_t sendbuf[9]; /* Size we're building */
uint8_t *c = sendbuf;
memcpy(c, "\x04\x01", 2); c += 2; /* Socks version 4, connect command */
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
*c = '\x00'; /* No userid */
/* Send header */
if(rb_write(scan->F, sendbuf, sizeof(sendbuf)) < 0)
return;
/* Send note */
if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) < 0)
return;
}
static void
socks5_connected(struct opm_scan *scan)
{
struct auth_client *auth = scan->auth;
uint8_t sendbuf[25]; /* Size we're building */
uint8_t *c = sendbuf;
/* Build the version header and socks request
* version header (3 bytes): version, number of auth methods, auth type (0 for none)
* connect req (3 bytes): version, command (1 = connect), reserved (0)
*/
memcpy(c, "\x05\x01\x00\x05\x01\x00", 6); c += 6;
switch(GET_SS_FAMILY(&auth->c_addr))
{
case AF_INET:
*(c++) = '\x01'; /* Address type (1 = IPv4) */
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
break;
case AF_INET6:
*(c++) = '\x04'; /* Address type (4 = IPv6) */
memcpy(c, ((struct sockaddr_in6 *)&scan->listener->addr)->sin6_addr.s6_addr, 16); c += 16; /* Address */
memcpy(c, &(((struct sockaddr_in6 *)&scan->listener->addr)->sin6_port), 2); c += 2; /* Port */
break;
default:
return;
}
/* Send header */
if(rb_write(scan->F, sendbuf, (size_t)(sendbuf - c)) <= 0)
return;
/* Now the note in a separate write */
if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
return;
}
static void
http_connect_connected(struct opm_scan *scan)
{
char sendbuf[128]; /* A bit bigger than we need but better safe than sorry */
/* Simple enough to build */
snprintf(sendbuf, sizeof(sendbuf), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", scan->listener->ip, scan->listener->port);
/* Send request */
if(rb_write(scan->F, sendbuf, strlen(sendbuf)) <= 0)
return;
/* Now the note in a separate write */
if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
return;
/* MiroTik needs this, and as a separate write */
if(rb_write(scan->F, "\r\n", 2) <= 0)
return;
}
/* Establish connections */
static inline void
establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
{
struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
struct opm_scan *scan = rb_malloc(sizeof(struct opm_scan));
struct opm_listener *listener;
struct rb_sockaddr_storage c_a, l_a;
int opt = 1;
lrb_assert(lookup != NULL);
if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
{
if(proxy->proto == PROTO_SOCKS4)
{
/* SOCKS4 doesn't support IPv6 */
rb_free(scan);
return;
}
listener = &listeners[LISTEN_IPV6];
}
else
listener = &listeners[LISTEN_IPV4];
if(listener->F == NULL)
{
/* We can't respond */
rb_free(scan);
return;
}
c_a = auth->c_addr; /* Client */
l_a = listener->addr; /* Listener (connect using its IP) */
scan->auth = auth;
scan->proxy = proxy;
scan->listener = listener;
if((scan->F = rb_socket(GET_SS_FAMILY(&auth->c_addr), SOCK_STREAM, 0, proxy->note)) == NULL)
{
warn_opers(L_WARN, "OPM: could not create OPM socket (proto %s): %s", proxy->note, strerror(errno));
rb_free(scan);
return;
}
/* Disable Nagle's algorithim - buffering could affect scans */
(void)setsockopt(rb_get_fd(scan->F), IPPROTO_TCP, TCP_NODELAY, (char *)&opt, sizeof(opt));
SET_SS_PORT(&l_a, 0);
SET_SS_PORT(&c_a, htons(proxy->port));
rb_dlinkAdd(scan, &scan->node, &lookup->scans);
if(!proxy->ssl)
rb_connect_tcp(scan->F,
(struct sockaddr *)&c_a,
(struct sockaddr *)&l_a,
opm_connected, scan, opm_timeout);
else
rb_connect_tcp_ssl(scan->F,
(struct sockaddr *)&c_a,
(struct sockaddr *)&l_a,
opm_connected, scan, opm_timeout);
}
static bool
create_listener(const char *ip, uint16_t port)
{
struct auth_client *auth;
struct opm_listener *listener;
struct rb_sockaddr_storage addr;
rb_dictionary_iter iter;
rb_fde_t *F;
int opt = 1;
if(!rb_inet_pton_sock(ip, &addr))
{
warn_opers(L_CRIT, "OPM: got a bad listener: %s:%hu", ip, port);
exit(EX_PROVIDER_ERROR);
}
SET_SS_PORT(&addr, htons(port));
if(GET_SS_FAMILY(&addr) == AF_INET6)
{
struct sockaddr_in6 *a1, *a2;
listener = &listeners[LISTEN_IPV6];
a1 = (struct sockaddr_in6 *)&addr;
a2 = (struct sockaddr_in6 *)&listener->addr;
if(IN6_ARE_ADDR_EQUAL(&a1->sin6_addr, &a2->sin6_addr) &&
GET_SS_PORT(&addr) == GET_SS_PORT(&listener->addr) &&
listener->F != NULL)
{
/* Listener already exists */
return false;
}
}
else
{
struct sockaddr_in *a1, *a2;
listener = &listeners[LISTEN_IPV4];
a1 = (struct sockaddr_in *)&addr;
a2 = (struct sockaddr_in *)&listener->addr;
if(a1->sin_addr.s_addr == a2->sin_addr.s_addr &&
GET_SS_PORT(&addr) == GET_SS_PORT(&listener->addr) &&
listener->F != NULL)
{
/* Listener already exists */
return false;
}
}
if((F = rb_socket(GET_SS_FAMILY(&addr), SOCK_STREAM, 0, "OPM listener socket")) == NULL)
{
/* This shouldn't fail, or we have big problems... */
warn_opers(L_CRIT, "OPM: cannot create socket: %s", strerror(errno));
exit(EX_PROVIDER_ERROR);
}
if(setsockopt(rb_get_fd(F), SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)))
{
/* This shouldn't fail either... */
warn_opers(L_CRIT, "OPM: cannot set options on socket: %s", strerror(errno));
exit(EX_PROVIDER_ERROR);
}
if(bind(rb_get_fd(F), (struct sockaddr *)&addr, GET_SS_LEN(&addr)))
{
/* Shit happens, let's not cripple authd over /this/ since it could be user error */
warn_opers(L_WARN, "OPM: cannot bind on socket: %s", strerror(errno));
rb_close(F);
return false;
}
if(rb_listen(F, SOMAXCONN, false)) /* deferred accept could interfere with detection */
{
/* Again, could be user error */
warn_opers(L_WARN, "OPM: cannot listen on socket: %s", strerror(errno));
rb_close(F);
return false;
}
/* From this point forward we assume we have a listener */
if(listener->F != NULL)
/* Close old listener */
rb_close(listener->F);
listener->F = F;
/* Cancel clients that may be on old listener
* XXX - should rescan clients that need it
*/
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
opm_cancel(auth);
/* auth is now invalid as we have no reference */
}
/* Copy data */
rb_strlcpy(listener->ip, ip, sizeof(listener->ip));
listener->port = port;
listener->addr = addr;
opm_enable = true; /* Implicitly set this to true for now if we have a listener */
rb_accept_tcp(listener->F, NULL, accept_opm, listener);
return true;
}
static void
opm_scan(struct auth_client *auth)
{
rb_dlink_node *ptr;
struct opm_lookup *lookup;
lrb_assert(auth != NULL);
lookup = get_provider_data(auth, SELF_PID);
set_provider_timeout_relative(auth, SELF_PID, opm_timeout);
lookup->in_progress = true;
RB_DLINK_FOREACH(ptr, proxy_scanners.head)
{
struct opm_proxy *proxy = ptr->data;
//notice_client(auth->cid, "*** Scanning for proxy type %s", proxy->note);
establish_connection(auth, proxy);
}
notice_client(auth->cid, "*** Scanning for open proxies...");
}
/* This is called every time a provider is completed as long as we are marked not done */
static void
opm_initiate(struct auth_client *auth, uint32_t provider)
{
struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
lrb_assert(provider != SELF_PID);
lrb_assert(!is_provider_done(auth, SELF_PID));
lrb_assert(rb_dlink_list_length(&proxy_scanners) > 0);
if (lookup == NULL || lookup->in_progress) {
/* Nothing to do */
return;
} else if (run_after_provider(auth, "rdns") && run_after_provider(auth,"ident")) {
/* Start scanning if ident and rdns are finished, or not loaded. */
opm_scan(auth);
}
}
static bool
opm_start(struct auth_client *auth)
{
lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
if (!opm_enable || rb_dlink_list_length(&proxy_scanners) == 0) {
/* Nothing to do... */
provider_done(auth, SELF_PID);
return true;
}
auth_client_ref(auth);
set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct opm_lookup)));
if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
/* Start scanning if ident and rdns are finished, or not loaded. */
opm_scan(auth);
}
return true;
}
static void
opm_cancel(struct auth_client *auth)
{
struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
if(lookup != NULL)
{
rb_dlink_node *ptr, *nptr;
notice_client(auth->cid, "*** Did not detect open proxies");
RB_DLINK_FOREACH_SAFE(ptr, nptr, lookup->scans.head)
{
struct opm_scan *scan = ptr->data;
rb_close(scan->F);
rb_free(scan);
}
rb_free(lookup);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
}
static void
opm_destroy(void)
{
struct auth_client *auth;
rb_dictionary_iter iter;
/* Nuke all opm lookups */
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
opm_cancel(auth);
/* auth is now invalid as we have no reference */
}
}
static void
add_conf_opm_timeout(const char *key __unused, int parc __unused, const char **parv)
{
int timeout = atoi(parv[0]);
if(timeout < 0)
{
warn_opers(L_CRIT, "opm: opm timeout < 0 (value: %d)", timeout);
return;
}
opm_timeout = timeout;
}
static void
set_opm_enabled(const char *key __unused, int parc __unused, const char **parv)
{
bool enable = (*parv[0] == '1');
if(!enable)
{
if(listeners[LISTEN_IPV4].F != NULL || listeners[LISTEN_IPV6].F != NULL)
{
struct auth_client *auth;
rb_dictionary_iter iter;
/* Close the listening socket */
if(listeners[LISTEN_IPV4].F != NULL)
rb_close(listeners[LISTEN_IPV4].F);
if(listeners[LISTEN_IPV6].F != NULL)
rb_close(listeners[LISTEN_IPV6].F);
listeners[LISTEN_IPV4].F = listeners[LISTEN_IPV6].F = NULL;
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
opm_cancel(auth);
/* auth is now invalid as we have no reference */
}
}
}
else
{
if(listeners[LISTEN_IPV4].ip[0] != '\0' && listeners[LISTEN_IPV4].port != 0)
{
if(listeners[LISTEN_IPV4].F == NULL)
/* Pre-configured IP/port, just re-establish */
create_listener(listeners[LISTEN_IPV4].ip, listeners[LISTEN_IPV4].port);
}
if(listeners[LISTEN_IPV6].ip[0] != '\0' && listeners[LISTEN_IPV6].port != 0)
{
if(listeners[LISTEN_IPV6].F == NULL)
/* Pre-configured IP/port, just re-establish */
create_listener(listeners[LISTEN_IPV6].ip, listeners[LISTEN_IPV6].port);
}
}
opm_enable = enable;
}
static void
set_opm_listener(const char *key __unused, int parc __unused, const char **parv)
{
const char *ip = parv[0];
int iport = atoi(parv[1]);
if(iport > 65535 || iport <= 0)
{
warn_opers(L_CRIT, "OPM: got a bad listener: %s:%s", parv[0], parv[1]);
exit(EX_PROVIDER_ERROR);
}
create_listener(ip, (uint16_t)iport);
}
static void
create_opm_scanner(const char *key __unused, int parc __unused, const char **parv)
{
int iport = atoi(parv[1]);
struct opm_proxy *proxy = rb_malloc(sizeof(struct opm_proxy));
if(iport <= 0 || iport > 65535)
{
warn_opers(L_CRIT, "OPM: got a bad scanner: %s (port %s)", parv[0], parv[1]);
exit(EX_PROVIDER_ERROR);
}
proxy->port = (uint16_t)iport;
switch((proxy->proto = get_protocol_from_string(parv[0])))
{
case PROTO_SOCKS4:
snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
proxy->ssl = false;
proxy->callback = socks4_connected;
break;
case PROTO_SOCKS5:
snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
proxy->ssl = false;
proxy->callback = socks5_connected;
break;
case PROTO_HTTP_CONNECT:
snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
proxy->ssl = false;
proxy->callback = http_connect_connected;
break;
case PROTO_HTTPS_CONNECT:
snprintf(proxy->note, sizeof(proxy->note), "httpsconnect:%hu", proxy->port);
proxy->callback = http_connect_connected;
proxy->ssl = true;
break;
default:
warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);
exit(EX_PROVIDER_ERROR);
}
if(find_proxy_scanner(proxy->proto, proxy->port) != NULL)
{
warn_opers(L_CRIT, "OPM: got a duplicate scanner: %s (port %hu)", parv[0], proxy->port);
rb_free(proxy);
return;
}
rb_dlinkAdd(proxy, &proxy->node, &proxy_scanners);
}
static void
delete_opm_scanner(const char *key __unused, int parc __unused, const char **parv)
{
struct auth_client *auth;
struct opm_proxy *proxy;
protocol_t proto = get_protocol_from_string(parv[0]);
int iport = atoi(parv[1]);
rb_dictionary_iter iter;
if(iport <= 0 || iport > 65535)
{
warn_opers(L_CRIT, "OPM: got a bad scanner to delete: %s (port %s)", parv[0], parv[1]);
exit(EX_PROVIDER_ERROR);
}
if(proto == PROTO_NONE)
{
warn_opers(L_CRIT, "OPM: got an unknown proxy type to delete: %s (port %d)", parv[0], iport);
exit(EX_PROVIDER_ERROR);
}
if((proxy = find_proxy_scanner(proto, (uint16_t)iport)) == NULL)
{
warn_opers(L_CRIT, "OPM: cannot find proxy to delete: %s (port %d)", parv[0], iport);
exit(EX_PROVIDER_ERROR);
}
/* Abort remaining clients on this scanner */
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
rb_dlink_node *ptr;
struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
if(lookup == NULL)
continue;
auth_client_ref(auth);
RB_DLINK_FOREACH(ptr, lookup->scans.head)
{
struct opm_scan *scan = ptr->data;
if(scan->proxy->port == proxy->port && scan->proxy->proto == proxy->proto)
{
/* Match */
rb_dlinkDelete(&scan->node, &lookup->scans);
rb_free(scan);
if(rb_dlink_list_length(&lookup->scans) == 0)
opm_cancel(auth);
break;
}
}
auth_client_unref(auth);
}
rb_dlinkDelete(&proxy->node, &proxy_scanners);
rb_free(proxy);
if(rb_dlink_list_length(&proxy_scanners) == 0)
opm_enable = false;
}
static void
delete_opm_scanner_all(const char *key __unused, int parc __unused, const char **parv __unused)
{
struct auth_client *auth;
rb_dlink_node *ptr, *nptr;
rb_dictionary_iter iter;
RB_DLINK_FOREACH_SAFE(ptr, nptr, proxy_scanners.head)
{
rb_free(ptr->data);
rb_dlinkDelete(ptr, &proxy_scanners);
}
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
opm_cancel(auth);
/* auth is now invalid as we have no reference */
}
opm_enable = false;
}
static void
delete_opm_listener_all(const char *key __unused, int parc __unused, const char **parv __unused)
{
if(listeners[LISTEN_IPV4].F != NULL)
rb_close(listeners[LISTEN_IPV4].F);
if(listeners[LISTEN_IPV6].F != NULL)
rb_close(listeners[LISTEN_IPV6].F);
memset(&listeners, 0, sizeof(listeners));
}
struct auth_opts_handler opm_options[] =
{
{ "opm_timeout", 1, add_conf_opm_timeout },
{ "opm_enabled", 1, set_opm_enabled },
{ "opm_listener", 2, set_opm_listener },
{ "opm_listener_del_all", 0, delete_opm_listener_all },
{ "opm_scanner", 2, create_opm_scanner },
{ "opm_scanner_del", 2, delete_opm_scanner },
{ "opm_scanner_del_all", 0, delete_opm_scanner_all },
{ NULL, 0, NULL },
};
struct auth_provider opm_provider =
{
.name = "opm",
.letter = 'O',
.destroy = opm_destroy,
.start = opm_start,
.cancel = opm_cancel,
.timeout = opm_cancel,
.completed = opm_initiate,
.opt_handlers = opm_options,
};

181
authd/providers/rdns.c Normal file
View file

@ -0,0 +1,181 @@
/* authd/providers/rdns.c - rDNS lookup provider for authd
* Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice is present in all copies.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "stdinc.h"
#include "rb_commio.h"
#include "authd.h"
#include "provider.h"
#include "notice.h"
#include "res.h"
#include "dns.h"
#define SELF_PID (rdns_provider.id)
struct user_query
{
struct dns_query *query; /* Pending DNS query */
};
/* Goinked from old s_auth.c --Elizabeth */
static const char *messages[] =
{
"*** Looking up your hostname...",
"*** Couldn't look up your hostname",
"*** Your hostname is too long, ignoring hostname",
};
typedef enum
{
REPORT_LOOKUP,
REPORT_FAIL,
REPORT_TOOLONG,
} dns_message;
static void client_fail(struct auth_client *auth, dns_message message);
static void client_success(struct auth_client *auth);
static void dns_answer_callback(const char *res, bool status, query_type type, void *data);
static int rdns_timeout = RDNS_TIMEOUT_DEFAULT;
static void
dns_answer_callback(const char *res, bool status, query_type type, void *data)
{
struct auth_client *auth = data;
if(res == NULL || status == false)
client_fail(auth, REPORT_FAIL);
else if(strlen(res) > HOSTLEN)
client_fail(auth, REPORT_TOOLONG);
else
{
rb_strlcpy(auth->hostname, res, HOSTLEN + 1);
client_success(auth);
}
}
static void
client_fail(struct auth_client *auth, dns_message report)
{
struct user_query *query = get_provider_data(auth, SELF_PID);
lrb_assert(query != NULL);
rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname));
notice_client(auth->cid, messages[report]);
cancel_query(query->query);
rb_free(query);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
static void
client_success(struct auth_client *auth)
{
struct user_query *query = get_provider_data(auth, SELF_PID);
lrb_assert(query != NULL);
notice_client(auth->cid, "*** Found your hostname: %s", auth->hostname);
cancel_query(query->query);
rb_free(query);
set_provider_data(auth, SELF_PID, NULL);
set_provider_timeout_absolute(auth, SELF_PID, 0);
provider_done(auth, SELF_PID);
auth_client_unref(auth);
}
static void
rdns_destroy(void)
{
struct auth_client *auth;
rb_dictionary_iter iter;
RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
{
if(get_provider_data(auth, SELF_PID) != NULL)
client_fail(auth, REPORT_FAIL);
/* auth is now invalid as we have no reference */
}
}
static bool
rdns_start(struct auth_client *auth)
{
struct user_query *query = rb_malloc(sizeof(struct user_query));
auth_client_ref(auth);
set_provider_data(auth, SELF_PID, query);
set_provider_timeout_relative(auth, SELF_PID, rdns_timeout);
query->query = lookup_hostname(auth->c_ip, dns_answer_callback, auth);
notice_client(auth->cid, messages[REPORT_LOOKUP]);
return true;
}
static void
rdns_cancel(struct auth_client *auth)
{
struct user_query *query = get_provider_data(auth, SELF_PID);
if(query != NULL)
client_fail(auth, REPORT_FAIL);
}
static void
add_conf_dns_timeout(const char *key, int parc, const char **parv)
{
int timeout = atoi(parv[0]);
if(timeout < 0)
{
warn_opers(L_CRIT, "rDNS: DNS timeout < 0 (value: %d)", timeout);
exit(EX_PROVIDER_ERROR);
}
rdns_timeout = timeout;
}
struct auth_opts_handler rdns_options[] =
{
{ "rdns_timeout", 1, add_conf_dns_timeout },
{ NULL, 0, NULL },
};
struct auth_provider rdns_provider =
{
.name = "rdns",
.letter = 'R',
.destroy = rdns_destroy,
.start = rdns_start,
.cancel = rdns_cancel,
.timeout = rdns_cancel,
.opt_handlers = rdns_options,
};

View file

@ -7,9 +7,6 @@
* The authors takes no responsibility for any damage or loss
* of property which results from the use of this software.
*
* $Id: res.c 3301 2007-03-28 15:04:06Z jilles $
* from Hybrid Id: res.c 459 2006-02-12 22:21:37Z db $
*
* July 1999 - Rewrote a bunch of stuff here. Change hostent builder code,
* added callbacks and reference counting of returned hostents.
* --Bleep (Thomas Helvey <tomh@inxpress.net>)
@ -29,20 +26,16 @@
* responses.
*
* October 2012 --mr_flea
*
* ircd-ratbox changes for random IDs merged back in.
*
* January 2016 --kaniini
*/
#include "stdinc.h"
#include "ircd_defs.h"
#include "common.h"
#include "ircd.h"
#include <rb_lib.h>
#include "setup.h"
#include "res.h"
#include "reslib.h"
#include "match.h"
#include "numeric.h"
#include "client.h" /* SNO_* */
#include "s_assert.h"
#include "logger.h"
#include "send.h"
#if (CHAR_BIT != 8)
#error this code needs to be able to address individual octets
@ -51,8 +44,6 @@
static PF res_readreply;
#define MAXPACKET 1024 /* rfc sez 512 but we expand names so ... */
#define RES_MAXALIASES 35 /* maximum aliases allowed */
#define RES_MAXADDRS 35 /* maximum addresses allowed */
#define AR_TTL 600 /* TTL in seconds for dns cache entries */
/* RFC 1104/1105 wasn't very helpful about what these fields
@ -65,6 +56,9 @@ static PF res_readreply;
#define RDLENGTH_SIZE (size_t)2
#define ANSWER_FIXED_SIZE (TYPE_SIZE + CLASS_SIZE + TTL_SIZE + RDLENGTH_SIZE)
struct in6_addr ipv6_addr;
struct in_addr ipv4_addr;
struct reslist
{
rb_dlink_node node;
@ -100,6 +94,7 @@ static int check_question(struct reslist *request, HEADER * header, char *buf, c
static int proc_answer(struct reslist *request, HEADER * header, char *, char *);
static struct reslist *find_id(int id);
static struct DNSReply *make_dnsreply(struct reslist *request);
static uint16_t generate_random_id(void);
/*
* int
@ -112,59 +107,48 @@ static struct DNSReply *make_dnsreply(struct reslist *request);
* revised for ircd, cryogen(stu) may03
* slightly modified for charybdis, mr_flea oct12
*/
static int res_ourserver(const struct rb_sockaddr_storage *inp)
static int
res_ourserver(const struct rb_sockaddr_storage *inp)
{
#ifdef RB_IPV6
const struct sockaddr_in6 *v6;
const struct sockaddr_in6 *v6in = (const struct sockaddr_in6 *)inp;
#endif
const struct sockaddr_in *v4;
const struct sockaddr_in *v4in = (const struct sockaddr_in *)inp;
int ns;
for (ns = 0; ns < irc_nscount; ns++)
for(ns = 0; ns < irc_nscount; ns++)
{
const struct rb_sockaddr_storage *srv = &irc_nsaddr_list[ns];
if (srv->ss_family != inp->ss_family)
continue;
#ifdef RB_IPV6
v6 = (const struct sockaddr_in6 *)srv;
#endif
v4 = (const struct sockaddr_in *)srv;
/* could probably just memcmp(srv, inp, srv.ss_len) here
* but we'll err on the side of caution - stu
* but we'll air on the side of caution - stu
*/
switch (srv->ss_family)
switch (GET_SS_FAMILY(srv))
{
#ifdef RB_IPV6
case AF_INET6:
if (v6->sin6_port == v6in->sin6_port)
if ((memcmp(&v6->sin6_addr.s6_addr, &v6in->sin6_addr.s6_addr,
sizeof(struct in6_addr)) == 0) ||
(memcmp(&v6->sin6_addr.s6_addr, &in6addr_any,
sizeof(struct in6_addr)) == 0))
{
return ns;
}
break;
#endif
case AF_INET:
if (v4->sin_port == v4in->sin_port)
if ((v4->sin_addr.s_addr == INADDR_ANY)
|| (v4->sin_addr.s_addr == v4in->sin_addr.s_addr))
{
return ns;
}
break;
default:
break;
case AF_INET6:
if(GET_SS_FAMILY(srv) == GET_SS_FAMILY(inp))
if(v6->sin6_port == v6in->sin6_port)
if((memcmp(&v6->sin6_addr.s6_addr, &v6in->sin6_addr.s6_addr,
sizeof(struct in6_addr)) == 0) ||
(memcmp(&v6->sin6_addr.s6_addr, &in6addr_any,
sizeof(struct in6_addr)) == 0))
return 1;
break;
case AF_INET:
if(GET_SS_FAMILY(srv) == GET_SS_FAMILY(inp))
if(v4->sin_port == v4in->sin_port)
if((v4->sin_addr.s_addr == INADDR_ANY)
|| (v4->sin_addr.s_addr == v4in->sin_addr.s_addr))
return 1;
break;
default:
break;
}
}
return -1;
return 0;
}
/*
@ -225,7 +209,7 @@ static void start_resolver(void)
if (res_fd == NULL)
{
if ((res_fd = rb_socket(irc_nsaddr_list[0].ss_family, SOCK_DGRAM, 0,
if ((res_fd = rb_socket(GET_SS_FAMILY(&irc_nsaddr_list[0]), SOCK_DGRAM, 0,
"UDP resolver socket")) == NULL)
return;
@ -261,7 +245,7 @@ void restart_resolver(void)
* add_local_domain - Add the domain to hostname, if it is missing
* (as suggested by eps@TOASTER.SFSU.EDU)
*/
void add_local_domain(char *hname, size_t size)
static void add_local_domain(char *hname, size_t size)
{
/* try to fix up unqualified names */
if (strchr(hname, '.') == NULL)
@ -312,65 +296,33 @@ static struct reslist *make_request(struct DNSQuery *query)
* we generate an id per request now (instead of per send) to allow
* late replies to be used.
*/
#ifdef HAVE_LRAND48
do
{
request->id = (request->id + lrand48()) & 0xffff;
} while (find_id(request->id));
#else
int k = 0;
struct timeval tv;
gettimeofday(&tv, NULL);
do
{
request->id = (request->id + k + tv.tv_usec) & 0xffff;
k++;
} while (find_id(request->id));
#endif /* HAVE_LRAND48 */
request->id = generate_random_id();
rb_dlinkAdd(request, &request->node, &request_list);
return request;
}
/*
* delete_resolver_queries - cleanup outstanding queries
* for which there no longer exist clients or conf lines.
*/
void delete_resolver_queries(const struct DNSQuery *query)
{
rb_dlink_node *ptr;
rb_dlink_node *next_ptr;
struct reslist *request;
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, request_list.head)
{
if ((request = ptr->data) != NULL)
{
if (query == request->query)
rem_request(request);
}
}
}
/*
* retryfreq - determine how many queries to wait before resending
* if there have been that many consecutive timeouts
*
* This is a cubic backoff btw, if anyone didn't pick up on it. --Elizafox
*/
static int retryfreq(int timeouts)
{
switch (timeouts)
{
case 1:
return 3;
case 2:
return 9;
case 3:
return 27;
case 4:
return 81;
default:
return 243;
case 1:
return 3;
case 2:
return 9;
case 3:
return 27;
case 4:
return 81;
default:
return 243;
}
}
@ -436,6 +388,21 @@ static struct reslist *find_id(int id)
return (NULL);
}
static uint16_t
generate_random_id(void)
{
uint16_t id;
do
{
rb_get_random(&id, sizeof(id));
if(id == 0xffff)
continue;
}
while(find_id(id));
return id;
}
/*
* gethost_byname_type - get host address from name, adding domain if needed
*/
@ -484,14 +451,62 @@ static void do_query_name(struct DNSQuery *query, const char *name, struct resli
query_name(request);
}
/* Build an rDNS style query - if suffix is NULL, use the appropriate .arpa zone */
void build_rdns(char *buf, size_t size, const struct rb_sockaddr_storage *addr, const char *suffix)
{
const unsigned char *cp;
if (GET_SS_FAMILY(addr) == AF_INET)
{
const struct sockaddr_in *v4 = (const struct sockaddr_in *)addr;
cp = (const unsigned char *)&v4->sin_addr.s_addr;
(void) snprintf(buf, size, "%u.%u.%u.%u.%s",
(unsigned int)(cp[3]),
(unsigned int)(cp[2]),
(unsigned int)(cp[1]),
(unsigned int)(cp[0]),
suffix == NULL ? "in-addr.arpa" : suffix);
}
else if (GET_SS_FAMILY(addr) == AF_INET6)
{
const struct sockaddr_in6 *v6 = (const struct sockaddr_in6 *)addr;
cp = (const unsigned char *)&v6->sin6_addr.s6_addr;
#define HI_NIBBLE(x) (unsigned int)((x) >> 4)
#define LO_NIBBLE(x) (unsigned int)((x) & 0xf)
(void) snprintf(buf, size,
"%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%s",
LO_NIBBLE(cp[15]), HI_NIBBLE(cp[15]),
LO_NIBBLE(cp[14]), HI_NIBBLE(cp[14]),
LO_NIBBLE(cp[13]), HI_NIBBLE(cp[13]),
LO_NIBBLE(cp[12]), HI_NIBBLE(cp[12]),
LO_NIBBLE(cp[11]), HI_NIBBLE(cp[11]),
LO_NIBBLE(cp[10]), HI_NIBBLE(cp[10]),
LO_NIBBLE(cp[9]), HI_NIBBLE(cp[9]),
LO_NIBBLE(cp[8]), HI_NIBBLE(cp[8]),
LO_NIBBLE(cp[7]), HI_NIBBLE(cp[7]),
LO_NIBBLE(cp[6]), HI_NIBBLE(cp[6]),
LO_NIBBLE(cp[5]), HI_NIBBLE(cp[5]),
LO_NIBBLE(cp[4]), HI_NIBBLE(cp[4]),
LO_NIBBLE(cp[3]), HI_NIBBLE(cp[3]),
LO_NIBBLE(cp[2]), HI_NIBBLE(cp[2]),
LO_NIBBLE(cp[1]), HI_NIBBLE(cp[1]),
LO_NIBBLE(cp[0]), HI_NIBBLE(cp[0]),
suffix == NULL ? "ip6.arpa" : suffix);
}
#undef HI_NIBBLE
#undef LO_NIBBLE
}
/*
* do_query_number - Use this to do reverse IP# lookups.
*/
static void do_query_number(struct DNSQuery *query, const struct rb_sockaddr_storage *addr,
struct reslist *request)
{
const unsigned char *cp;
if (request == NULL)
{
request = make_request(query);
@ -499,40 +514,7 @@ static void do_query_number(struct DNSQuery *query, const struct rb_sockaddr_sto
request->name = (char *)rb_malloc(IRCD_RES_HOSTLEN + 1);
}
if (addr->ss_family == AF_INET)
{
const struct sockaddr_in *v4 = (const struct sockaddr_in *)addr;
cp = (const unsigned char *)&v4->sin_addr.s_addr;
rb_sprintf(request->queryname, "%u.%u.%u.%u.in-addr.arpa", (unsigned int)(cp[3]),
(unsigned int)(cp[2]), (unsigned int)(cp[1]), (unsigned int)(cp[0]));
}
#ifdef RB_IPV6
else if (addr->ss_family == AF_INET6)
{
const struct sockaddr_in6 *v6 = (const struct sockaddr_in6 *)addr;
cp = (const unsigned char *)&v6->sin6_addr.s6_addr;
(void)sprintf(request->queryname, "%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x."
"%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa",
(unsigned int)(cp[15] & 0xf), (unsigned int)(cp[15] >> 4),
(unsigned int)(cp[14] & 0xf), (unsigned int)(cp[14] >> 4),
(unsigned int)(cp[13] & 0xf), (unsigned int)(cp[13] >> 4),
(unsigned int)(cp[12] & 0xf), (unsigned int)(cp[12] >> 4),
(unsigned int)(cp[11] & 0xf), (unsigned int)(cp[11] >> 4),
(unsigned int)(cp[10] & 0xf), (unsigned int)(cp[10] >> 4),
(unsigned int)(cp[9] & 0xf), (unsigned int)(cp[9] >> 4),
(unsigned int)(cp[8] & 0xf), (unsigned int)(cp[8] >> 4),
(unsigned int)(cp[7] & 0xf), (unsigned int)(cp[7] >> 4),
(unsigned int)(cp[6] & 0xf), (unsigned int)(cp[6] >> 4),
(unsigned int)(cp[5] & 0xf), (unsigned int)(cp[5] >> 4),
(unsigned int)(cp[4] & 0xf), (unsigned int)(cp[4] >> 4),
(unsigned int)(cp[3] & 0xf), (unsigned int)(cp[3] >> 4),
(unsigned int)(cp[2] & 0xf), (unsigned int)(cp[2] >> 4),
(unsigned int)(cp[1] & 0xf), (unsigned int)(cp[1] >> 4),
(unsigned int)(cp[0] & 0xf), (unsigned int)(cp[0] >> 4));
}
#endif
build_rdns(request->queryname, sizeof request->queryname, addr, NULL);
request->type = T_PTR;
query_name(request);
@ -573,17 +555,15 @@ static void resend_query(struct reslist *request)
switch (request->type)
{
case T_PTR:
do_query_number(NULL, &request->addr, request);
break;
case T_A:
#ifdef RB_IPV6
case T_AAAA:
#endif
do_query_name(NULL, request->name, request, request->type);
break;
default:
break;
case T_PTR:
do_query_number(NULL, &request->addr, request);
break;
case T_A:
case T_AAAA:
do_query_name(NULL, request->name, request, request->type);
break;
default:
break;
}
}
@ -605,7 +585,7 @@ static int check_question(struct reslist *request, HEADER * header, char *buf, c
sizeof(hostbuf));
if (n <= 0)
return 0;
if (strcasecmp(hostbuf, request->queryname))
if (rb_strcasecmp(hostbuf, request->queryname))
return 0;
return 1;
}
@ -621,9 +601,7 @@ static int proc_answer(struct reslist *request, HEADER * header, char *buf, char
int n; /* temp count */
int rd_length;
struct sockaddr_in *v4; /* conversion */
#ifdef RB_IPV6
struct sockaddr_in6 *v6;
#endif
current = (unsigned char *)buf + sizeof(HEADER);
for (; header->qdcount > 0; --header->qdcount)
@ -687,61 +665,46 @@ static int proc_answer(struct reslist *request, HEADER * header, char *buf, char
*/
switch (type)
{
case T_A:
if (request->type != T_A)
return (0);
case T_A:
if (request->type != T_A)
return (0);
/*
* check for invalid rd_length or too many addresses
*/
if (rd_length != sizeof(struct in_addr))
return (0);
v4 = (struct sockaddr_in *)&request->addr;
SET_SS_LEN(&request->addr, sizeof(struct sockaddr_in));
v4->sin_family = AF_INET;
memcpy(&v4->sin_addr, current, sizeof(struct in_addr));
return (1);
break;
#ifdef RB_IPV6
case T_AAAA:
if (request->type != T_AAAA)
return (0);
if (rd_length != sizeof(struct in6_addr))
return (0);
SET_SS_LEN(&request->addr, sizeof(struct sockaddr_in6));
v6 = (struct sockaddr_in6 *)&request->addr;
v6->sin6_family = AF_INET6;
memcpy(&v6->sin6_addr, current, sizeof(struct in6_addr));
return (1);
break;
#endif
case T_PTR:
if (request->type != T_PTR)
return (0);
n = irc_dn_expand((unsigned char *)buf, (unsigned char *)eob, current,
hostbuf, sizeof(hostbuf));
if (n < 0)
return (0); /* broken message */
else if (n == 0)
return (0); /* no more answers left */
/*
* check for invalid rd_length or too many addresses
*/
if (rd_length != sizeof(struct in_addr))
return (0);
v4 = (struct sockaddr_in *)&request->addr;
SET_SS_LEN(&request->addr, sizeof(struct sockaddr_in));
v4->sin_family = AF_INET;
memcpy(&v4->sin_addr, current, sizeof(struct in_addr));
return (1);
case T_AAAA:
if (request->type != T_AAAA)
return (0);
if (rd_length != sizeof(struct in6_addr))
return (0);
SET_SS_LEN(&request->addr, sizeof(struct sockaddr_in6));
v6 = (struct sockaddr_in6 *)&request->addr;
v6->sin6_family = AF_INET6;
memcpy(&v6->sin6_addr, current, sizeof(struct in6_addr));
return (1);
case T_PTR:
if (request->type != T_PTR)
return (0);
n = irc_dn_expand((unsigned char *)buf, (unsigned char *)eob, current,
hostbuf, sizeof(hostbuf));
if (n < 0)
return (0); /* broken message */
else if (n == 0)
return (0); /* no more answers left */
rb_strlcpy(request->name, hostbuf, IRCD_RES_HOSTLEN + 1);
rb_strlcpy(request->name, hostbuf, IRCD_RES_HOSTLEN + 1);
return (1);
break;
case T_CNAME:
/* real answer will follow */
current += rd_length;
break;
default:
/* XXX I'd rather just throw away the entire bogus thing
* but its possible its just a broken nameserver with still
* valid answers. But lets do some rudimentary logging for now...
*/
ilog(L_MAIN, "irc_res.c bogus type %d", type);
break;
return (1);
}
/* skip any other record type e.g. CNAME, DNAME; real answer should follow */
current += rd_length;
}
return (1);
@ -872,11 +835,9 @@ static int res_read_single_reply(rb_fde_t *F, void *data)
* Lookup the 'authoritative' name that we were given for the
* ip#.
*/
#ifdef RB_IPV6
if (request->addr.ss_family == AF_INET6)
if (GET_SS_FAMILY(&request->addr) == AF_INET6)
gethost_byname_type_fqdn(request->name, request->query, T_AAAA);
else
#endif
gethost_byname_type_fqdn(request->name, request->query, T_A);
rem_request(request);
}
@ -902,17 +863,19 @@ static int res_read_single_reply(rb_fde_t *F, void *data)
return 1;
}
static void res_readreply(rb_fde_t *F, void *data)
static void
res_readreply(rb_fde_t *F, void *data)
{
while (res_read_single_reply(F, data))
;
rb_setselect(F, RB_SELECT_READ, res_readreply, NULL);
}
static struct DNSReply *make_dnsreply(struct reslist *request)
static struct DNSReply *
make_dnsreply(struct reslist *request)
{
struct DNSReply *cp;
s_assert(request != 0);
lrb_assert(request != 0);
cp = (struct DNSReply *)rb_malloc(sizeof(struct DNSReply));
@ -920,18 +883,3 @@ static struct DNSReply *make_dnsreply(struct reslist *request)
memcpy(&cp->addr, &request->addr, sizeof(cp->addr));
return (cp);
}
void report_dns_servers(struct Client *source_p)
{
int i;
char ipaddr[128];
for (i = 0; i < irc_nscount; i++)
{
if (!rb_inet_ntop_sock((struct sockaddr *)&(irc_nsaddr_list[i]),
ipaddr, sizeof ipaddr))
rb_strlcpy(ipaddr, "?", sizeof ipaddr);
sendto_one_numeric(source_p, RPL_STATSDEBUG,
"A %s %d", ipaddr, ns_failure_count[i]);
}
}

View file

@ -1,23 +1,17 @@
/*
* res.h for referencing functions in res.c, reslib.c
*
* $Id: res.h 2023 2006-09-02 23:47:27Z jilles $
*/
#ifndef _CHARYBDIS_RES_H
#define _CHARYBDIS_RES_H
#include "ircd_defs.h"
#include "common.h"
#include "reslib.h"
#include "match.h"
#include "ircd.h"
#ifndef _SOLANUM_RES_H
#define _SOLANUM_RES_H
/* Maximum number of nameservers in /etc/resolv.conf we care about
* In hybrid, this was 2 -- but in Charybdis, we want to track
* In hybrid, this was 2 -- but in Solanum, we want to track
* a few more than that ;) --nenolod
*/
#define IRCD_MAXNS 10
#define RESOLVER_HOSTLEN 255
struct DNSReply
{
@ -36,10 +30,8 @@ extern int irc_nscount;
extern void init_resolver(void);
extern void restart_resolver(void);
extern void delete_resolver_queries(const struct DNSQuery *);
extern void gethost_byname_type(const char *, struct DNSQuery *, int);
extern void gethost_byaddr(const struct rb_sockaddr_storage *, struct DNSQuery *);
extern void add_local_domain(char *, size_t);
extern void report_dns_servers(struct Client *);
extern void build_rdns(char *, size_t, const struct rb_sockaddr_storage *, const char *);
#endif

View file

@ -76,9 +76,10 @@
* - Dianora
*/
#include <rb_lib.h>
#include <netdb.h>
#include "stdinc.h"
#include "ircd_defs.h"
#include "common.h"
#include "ircd.h"
#include "res.h"
#include "reslib.h"
@ -89,9 +90,6 @@
#define DNS_LABELTYPE_BITSTRING 0x41
#define DNS_MAXLINE 128
/* $Id: reslib.c 1695 2006-06-27 15:11:23Z jilles $ */
/* from Hybrid Id: reslib.c 177 2005-10-22 09:05:05Z michael $ */
struct rb_sockaddr_storage irc_nsaddr_list[IRCD_MAXNS];
int irc_nscount = 0;
char irc_domain[IRCD_RES_HOSTLEN + 1];
@ -115,10 +113,10 @@ static const char digitvalue[256] = {
-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, /*256*/
};
static const char digits[] = "0123456789";
static int parse_resvconf(void);
static void add_nameserver(const char *);
static const char digits[] = "0123456789";
static int labellen(const unsigned char *lp);
static int special(int ch);
static int printable(int ch);
@ -163,9 +161,6 @@ parse_resvconf(void)
char input[DNS_MAXLINE];
FILE *file;
/* XXX "/etc/resolv.conf" should be from a define in setup.h perhaps
* for cygwin support etc. this hardcodes it to unix for now -db
*/
if ((file = fopen("/etc/resolv.conf", "r")) == NULL)
return -1;
@ -177,7 +172,7 @@ parse_resvconf(void)
p = input;
/* skip until something thats not a space is seen */
while (IsSpace(*p))
while (isspace(*p))
p++;
/* if at this point, have a '\0' then continue */
if (*p == '\0')
@ -189,7 +184,7 @@ parse_resvconf(void)
/* skip until a space is found */
opt = p;
while (!IsSpace(*p) && *p != '\0')
while (!isspace(*p) && *p != '\0')
p++;
if (*p == '\0')
continue; /* no arguments?.. ignore this line */
@ -197,16 +192,16 @@ parse_resvconf(void)
*p++ = '\0';
/* skip these spaces that are before the argument */
while (IsSpace(*p))
while (isspace(*p))
p++;
/* Now arg should be right where p is pointing */
arg = p;
if ((p = strpbrk(arg, " \t")) != NULL)
*p = '\0'; /* take the first word */
if (irccmp(opt, "domain") == 0)
if (rb_strcasecmp(opt, "domain") == 0)
rb_strlcpy(irc_domain, arg, sizeof(irc_domain));
else if (irccmp(opt, "nameserver") == 0)
else if (rb_strcasecmp(opt, "nameserver") == 0)
add_nameserver(arg);
}
@ -228,10 +223,7 @@ add_nameserver(const char *arg)
/* Done max number of nameservers? */
if (irc_nscount >= IRCD_MAXNS)
{
ilog (L_MAIN, "Too many nameservers, ignoring %s", arg);
return;
}
memset(&hints, 0, sizeof(hints));
hints.ai_family = PF_UNSPEC;
@ -1117,9 +1109,9 @@ irc_dn_find(const unsigned char *domain, const unsigned char *msg,
}
/*
* * Thinking in noninternationalized USASCII (per the DNS spec),
* * convert this character to lower case if it's upper case.
* */
* Thinking in noninternationalized USASCII (per the DNS spec),
* convert this character to lower case if it's upper case.
*/
static int
mklower(int ch)
{

View file

@ -1,11 +1,10 @@
/*
* include/irc_reslib.h
*
* $Id: reslib.h 446 2006-02-12 02:46:54Z db $
*/
#ifndef _CHARYBDIS_RESLIB_H
#define _CHARYBDIS_RESLIB_H
#ifndef _SOLANUM_RESLIB_H
#define _SOLANUM_RESLIB_H
/* Longest hostname we're willing to work with.
* Due to DNSBLs this is more than HOSTLEN.
@ -79,24 +78,24 @@ typedef struct
*/
#define IRC_NS_GET16(s, cp) { \
const unsigned char *t_cp = (const unsigned char *)(cp); \
(s) = ((u_int16_t)t_cp[0] << 8) \
| ((u_int16_t)t_cp[1]) \
(s) = ((uint16_t)t_cp[0] << 8) \
| ((uint16_t)t_cp[1]) \
; \
(cp) += NS_INT16SZ; \
}
#define IRC_NS_GET32(l, cp) { \
const unsigned char *t_cp = (const unsigned char *)(cp); \
(l) = ((u_int32_t)t_cp[0] << 24) \
| ((u_int32_t)t_cp[1] << 16) \
| ((u_int32_t)t_cp[2] << 8) \
| ((u_int32_t)t_cp[3]) \
(l) = ((uint32_t)t_cp[0] << 24) \
| ((uint32_t)t_cp[1] << 16) \
| ((uint32_t)t_cp[2] << 8) \
| ((uint32_t)t_cp[3]) \
; \
(cp) += NS_INT32SZ; \
}
#define IRC_NS_PUT16(s, cp) { \
u_int16_t t_s = (u_int16_t)(s); \
uint16_t t_s = (uint16_t)(s); \
unsigned char *t_cp = (unsigned char *)(cp); \
*t_cp++ = t_s >> 8; \
*t_cp = t_s; \
@ -104,7 +103,7 @@ typedef struct
}
#define IRC_NS_PUT32(l, cp) { \
u_int32_t t_l = (u_int32_t)(l); \
uint32_t t_l = (uint32_t)(l); \
unsigned char *t_cp = (unsigned char *)(cp); \
*t_cp++ = t_l >> 24; \
*t_cp++ = t_l >> 16; \

96
autogen.sh Executable file
View file

@ -0,0 +1,96 @@
#! /bin/sh
TOP_DIR=$(dirname $0)
LAST_DIR=$PWD
if test ! -f $TOP_DIR/configure.ac ; then
echo "You must execute this script from the top level directory."
exit 1
fi
AUTOCONF=${AUTOCONF:-autoconf}
ACLOCAL=${ACLOCAL:-aclocal}
AUTOMAKE=${AUTOMAKE:-automake}
AUTOHEADER=${AUTOHEADER:-autoheader}
LIBTOOLIZE=${LIBTOOLIZE:-libtoolize}
#SHTOOLIZE=${SHTOOLIZE:-shtoolize}
dump_help_screen ()
{
echo "Usage: $0 [options]"
echo
echo "options:"
echo " -n skip CVS changelog creation"
echo " -h,--help show this help screen"
echo
exit 0
}
parse_options ()
{
while test "$1" != "" ; do
case $1 in
-h|--help)
dump_help_screen
;;
-n)
SKIP_CVS_CHANGELOG=yes
;;
*)
echo Invalid argument - $1
dump_help_screen
;;
esac
shift
done
}
run_or_die ()
{
COMMAND=$1
# check for empty commands
if test -z "$COMMAND" ; then
echo "*warning* no command specified"
return 1
fi
shift;
OPTIONS="$@"
# print a message
echo -n "*info* running $COMMAND"
if test -n "$OPTIONS" ; then
echo " ($OPTIONS)"
else
echo
fi
# run or die
$COMMAND $OPTIONS ; RESULT=$?
if test $RESULT -ne 0 ; then
echo "*error* $COMMAND failed. (exit code = $RESULT)"
exit 1
fi
return 0
}
parse_options "$@"
echo "Building librb autotools files."
cd "$TOP_DIR"/librb
sh autogen.sh
echo "Building main autotools files."
cd "$LAST_DIR"
run_or_die $ACLOCAL -I m4
run_or_die $LIBTOOLIZE --force --copy
run_or_die $AUTOHEADER
run_or_die $AUTOCONF
run_or_die $AUTOMAKE --add-missing --copy
#run_or_die $SHTOOLIZE all

11
bandb/Makefile.am Normal file
View file

@ -0,0 +1,11 @@
pkglibexec_PROGRAMS = bandb
bin_PROGRAMS = solanum-bantool
AM_CFLAGS=$(WARNFLAGS)
AM_CPPFLAGS = -I../include -I../librb/include @SQLITE_INCLUDES@
bandb_SOURCES = bandb.c rsdb_sqlite3.c rsdb_snprintf.c
bandb_LDADD = ../librb/src/librb.la @SQLITE_LD@
solanum_bantool_SOURCES = bantool.c rsdb_sqlite3.c rsdb_snprintf.c
solanum_bantool_LDADD = ../librb/src/librb.la @SQLITE_LD@

View file

@ -1,110 +0,0 @@
#
# Makefile.in for bandb/src
#
# $Id: Makefile.in 1285 2006-05-05 15:03:53Z nenolod $
#
CC = @CC@
INSTALL = @INSTALL@
INSTALL_BIN = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755
RM = @RM@
LEX = @LEX@
LEXLIB = @LEXLIB@
CFLAGS = @IRC_CFLAGS@ -DIRCD_PREFIX=\"@prefix@\"
LDFLAGS = @LDFLAGS@
MKDEP = @MKDEP@ -DIRCD_PREFIX=\"@prefix@\"
MV = @MV@
RM = @RM@
prefix = @prefix@
exec_prefix = @exec_prefix@
bindir = @bindir@
libdir = @libdir@
libexecdir = @libexecdir@
pkglibexecdir = @pkglibexecdir@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PROGRAM_PREFIX = @PROGRAM_PREFIX@
SQLITE_LIBS = @SQLITE_LD@
SQLITE_INCLUDES = @SQLITE_INCLUDES@
ZIP_LIB = @ZLIB_LD@
IRCDLIBS = @MODULES_LIBS@ -L../libratbox/src/.libs -lratbox @LIBS@ $(SSL_LIBS) $(ZIP_LIB) $(SQLITE_LIBS)
INCLUDES = -I. -I../include -I../libratbox/include $(SSL_INCLUDES) $(SQLITE_INCLUDES)
CPPFLAGS = ${INCLUDES} @CPPFLAGS@
CFLAGS += -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION=1
pkglibexec_PROGS = bandb
bin_PROGS = bantool
PROGS = $(pkglibexec_PROGS) $(bin_PROGS)
BANDB_SOURCES = \
bandb.c \
rsdb_snprintf.c \
rsdb_sqlite3.c \
@SQLITE_SRC@
BANDB_OBJECTS = ${BANDB_SOURCES:.c=.o}
BANTOOL_SOURCES = \
bantool.c \
rsdb_snprintf.c \
rsdb_sqlite3.c \
@SQLITE_SRC@
BANTOOL_OBJECTS = ${BANTOOL_SOURCES:.c=.o}
all: bandb bantool
build: all
bandb: ${BANDB_OBJECTS}
${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${BANDB_OBJECTS} ${IRCDLIBS}
bantool: ${BANTOOL_OBJECTS}
${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${BANTOOL_OBJECTS} ${IRCDLIBS}
install: build
@echo "ircd: installing bandb ($(PROGS))"
@for i in $(bin_PROGS); do \
if test -f $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i; then \
$(MV) $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i.old; \
fi; \
$(INSTALL_BIN) $$i $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i; \
done
@for i in $(pkglibexec_PROGS); do \
if test -f '$(DESTDIR)$(pkglibexecdir)/'$$i; then \
$(MV) '$(DESTDIR)$(pkglibexecdir)/'$$i '$(DESTDIR)$(pkglibexecdir)/'$$i.old; \
fi; \
$(INSTALL_BIN) $$i '$(DESTDIR)$(pkglibexecdir)/'$$i; \
done
.c.o:
${CC} ${CPPFLAGS} ${CFLAGS} -c $<
.PHONY: depend clean distclean
depend:
@${MKDEP} ${CPPFLAGS} ${SOURCES} > .depend.tmp
@sed -e '/^# DO NOT DELETE THIS LINE/,$$d' <Makefile >Makefile.depend
@echo '# DO NOT DELETE THIS LINE!!!' >>Makefile.depend
@echo '# make depend needs it.' >>Makefile.depend
@cat .depend.tmp >>Makefile.depend
@mv Makefile.depend Makefile
@rm -f .depend.tmp
clean:
${RM} -f *.o *~ *.core core bandb bantool
lint:
lint -aacgprxhH $(CPPFLAGS) -DIRCD_PREFIX=\"@prefix@\" $(SOURCES) >>../lint.out
distclean: clean
${RM} -f Makefile
# End of Makefile

View file

@ -26,14 +26,12 @@
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $Id: bandb.c 26094 2008-09-19 15:33:46Z androsyn $
*/
#include "setup.h"
#include <ratbox_lib.h>
#include <rb_lib.h>
#include <stdio.h>
#include "rsdb.h"
#include "common.h"
#include "ircd_defs.h"
#define MAXPARA 10
@ -161,11 +159,11 @@ list_bans(void)
for(j = 0; j < table.row_count; j++)
{
if(i == BANDB_KLINE)
rb_snprintf(buf, sizeof(buf), "%c %s %s %s :%s",
snprintf(buf, sizeof(buf), "%c %s %s %s :%s",
bandb_letter[i], table.row[j][0],
table.row[j][1], table.row[j][2], table.row[j][3]);
else
rb_snprintf(buf, sizeof(buf), "%c %s %s :%s",
snprintf(buf, sizeof(buf), "%c %s %s :%s",
bandb_letter[i], table.row[j][0],
table.row[j][2], table.row[j][3]);
@ -238,6 +236,9 @@ parse_request(rb_helper *helper)
}
static void
error_cb(rb_helper *helper) __attribute__((noreturn));
static void
error_cb(rb_helper *helper)
{
@ -246,18 +247,15 @@ error_cb(rb_helper *helper)
exit(1);
}
#ifndef WINDOWS
static void
dummy_handler(int sig)
{
return;
}
#endif
static void
setup_signals(void)
{
#ifndef WINDOWS
struct sigaction act;
act.sa_flags = 0;
@ -280,17 +278,19 @@ setup_signals(void)
act.sa_handler = dummy_handler;
sigaction(SIGALRM, &act, 0);
#endif
}
static void
db_error_cb(const char *errstr) __attribute__((noreturn));
static void
db_error_cb(const char *errstr)
{
char buf[256];
rb_snprintf(buf, sizeof(buf), "! :%s", errstr);
snprintf(buf, sizeof(buf), "! :%s", errstr);
rb_helper_write(bandb_helper, "%s", buf);
rb_sleep(2 << 30, 0);
rb_sleep(1 << 30, 0);
exit(1);
}
@ -302,10 +302,9 @@ main(int argc, char *argv[])
if(bandb_helper == NULL)
{
fprintf(stderr,
"This is ircd-ratbox bandb. You aren't supposed to run me directly. Maybe you want bantool?\n");
"This is the solanum bandb for internal ircd use.\n");
fprintf(stderr,
"However I will print my Id tag $Id: bandb.c 26094 2008-09-19 15:33:46Z androsyn $\n");
fprintf(stderr, "Have a nice day\n");
"You aren't supposed to run me directly (did you want solanum-bantool?). Exiting.\n");
exit(1);
}
rsdb_init(db_error_cb);

View file

@ -22,9 +22,6 @@
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
* $Id: bantool.c 26164 2008-10-26 19:52:43Z androsyn $
*
*
* The following server admins have either contributed various configs to test against,
* or helped with debugging and feature requests. Many thanks to them.
* stevoo / efnet.port80.se
@ -43,11 +40,9 @@
#include <time.h>
#include "stdinc.h"
#include "common.h"
#include "rsdb.h"
#define EmptyString(x) ((x == NULL) || (*(x) == '\0'))
#define CheckEmpty(x) EmptyString(x) ? "" : x
#define BT_VERSION "0.4.1"
@ -96,16 +91,16 @@ struct counter
/* flags set by command line options */
struct flags
{
int none;
int export;
int import;
int verify;
int vacuum;
int pretend;
int verbose;
int wipe;
int dupes_ok;
} flag = {YES, NO, NO, NO, NO, NO, NO, NO, NO};
bool none;
bool export;
bool import;
bool verify;
bool vacuum;
bool pretend;
bool verbose;
bool wipe;
bool dupes_ok;
} flag = {true, false, false, false, false, false, false, false, false};
/* *INDENT-ON* */
static int table_has_rows(const char *table);
@ -123,7 +118,7 @@ static void db_reclaim_slack(void);
static void export_config(const char *conf, int id);
static void import_config(const char *conf, int id);
static void check_schema(void);
static void print_help(int i_exit);
static void print_help(int i_exit) __attribute__((noreturn));
static void wipe_schema(void);
static void drop_dupes(const char *user, const char *host, const char *t);
@ -148,32 +143,32 @@ main(int argc, char *argv[])
print_help(EXIT_SUCCESS);
break;
case 'i':
flag.none = NO;
flag.import = YES;
flag.none = false;
flag.import = true;
break;
case 'e':
flag.none = NO;
flag.export = YES;
flag.none = false;
flag.export = true;
break;
case 'u':
flag.none = NO;
flag.verify = YES;
flag.none = false;
flag.verify = true;
break;
case 's':
flag.none = NO;
flag.vacuum = YES;
flag.none = false;
flag.vacuum = true;
break;
case 'p':
flag.pretend = YES;
flag.pretend = true;
break;
case 'v':
flag.verbose = YES;
flag.verbose = true;
break;
case 'w':
flag.wipe = YES;
flag.wipe = true;
break;
case 'd':
flag.dupes_ok = YES;
flag.dupes_ok = true;
break;
default: /* '?' */
print_help(EXIT_FAILURE);
@ -201,10 +196,9 @@ main(int argc, char *argv[])
rb_strlcpy(etc, ETCPATH, sizeof(ETCPATH));
fprintf(stdout,
"* ircd-ratbox bantool v.%s ($Id: bantool.c 26164 2008-10-26 19:52:43Z androsyn $)\n",
BT_VERSION);
"* solanum bantool v.%s\n", BT_VERSION);
if(flag.pretend == NO)
if(flag.pretend == false)
{
if(rsdb_init(db_error_cb) == -1)
{
@ -218,7 +212,7 @@ main(int argc, char *argv[])
if(flag.import && flag.wipe)
{
flag.dupes_ok = YES; /* dont check for dupes if we are wiping the db clean */
flag.dupes_ok = true; /* dont check for dupes if we are wiping the db clean */
for(i = 0; i < 3; i++)
fprintf(stdout,
"* WARNING: YOU ARE ABOUT TO WIPE YOUR DATABASE!\n");
@ -230,16 +224,19 @@ main(int argc, char *argv[])
wipe_schema();
}
}
if(flag.verbose && flag.dupes_ok == YES)
if(flag.verbose && flag.dupes_ok == true)
fprintf(stdout, "* Allowing duplicate bans...\n");
/* checking for our files to import or export */
for(i = 0; i < LAST_BANDB_TYPE; i++)
{
rb_snprintf(conf, sizeof(conf), "%s/%s.conf%s",
etc, bandb_table[i], bandb_suffix[i]);
if (snprintf(conf, sizeof(conf), "%s/%s.conf%s",
etc, bandb_table[i], bandb_suffix[i]) >= sizeof(conf)) {
fprintf(stderr, "* Error: Config filename too long\n");
exit(EXIT_FAILURE);
}
if(flag.import && flag.pretend == NO)
if(flag.import && flag.pretend == false)
rsdb_transaction(RSDB_TRANS_START);
if(flag.import)
@ -248,7 +245,7 @@ main(int argc, char *argv[])
if(flag.export)
export_config(conf, i);
if(flag.import && flag.pretend == NO)
if(flag.import && flag.pretend == false)
rsdb_transaction(RSDB_TRANS_END);
}
@ -297,11 +294,11 @@ export_config(const char *conf, int id)
return;
if(strstr(conf, ".perm") != 0)
rb_snprintf(sql, sizeof(sql),
snprintf(sql, sizeof(sql),
"SELECT DISTINCT mask1,mask2,reason,oper,time FROM %s WHERE perm = 1 ORDER BY time",
bandb_table[id]);
else
rb_snprintf(sql, sizeof(sql),
snprintf(sql, sizeof(sql),
"SELECT DISTINCT mask1,mask2,reason,oper,time FROM %s WHERE perm = 0 ORDER BY time",
bandb_table[id]);
@ -330,7 +327,7 @@ export_config(const char *conf, int id)
{
case BANDB_DLINE:
case BANDB_DLINE_PERM:
rb_snprintf(buf, sizeof(buf),
snprintf(buf, sizeof(buf),
"\"%s\",\"%s\",\"\",\"%s\",\"%s\",%s\n",
table.row[j][mask1],
mangle_reason(table.row[j][reason]),
@ -340,7 +337,7 @@ export_config(const char *conf, int id)
case BANDB_XLINE:
case BANDB_XLINE_PERM:
rb_snprintf(buf, sizeof(buf),
snprintf(buf, sizeof(buf),
"\"%s\",\"0\",\"%s\",\"%s\",%s\n",
escape_quotes(table.row[j][mask1]),
mangle_reason(table.row[j][reason]),
@ -349,7 +346,7 @@ export_config(const char *conf, int id)
case BANDB_RESV:
case BANDB_RESV_PERM:
rb_snprintf(buf, sizeof(buf),
snprintf(buf, sizeof(buf),
"\"%s\",\"%s\",\"%s\",%s\n",
table.row[j][mask1],
mangle_reason(table.row[j][reason]),
@ -358,7 +355,7 @@ export_config(const char *conf, int id)
default: /* Klines */
rb_snprintf(buf, sizeof(buf),
snprintf(buf, sizeof(buf),
"\"%s\",\"%s\",\"%s\",\"\",\"%s\",\"%s\",%s\n",
table.row[j][mask1], table.row[j][mask2],
mangle_reason(table.row[j][reason]),
@ -497,13 +494,13 @@ import_config(const char *conf, int id)
/* append operreason_field to reason_field */
if(!EmptyString(f_oreason))
rb_snprintf(newreason, sizeof(newreason), "%s | %s", f_reason, f_oreason);
snprintf(newreason, sizeof(newreason), "%s | %s", f_reason, f_oreason);
else
rb_snprintf(newreason, sizeof(newreason), "%s", f_reason);
snprintf(newreason, sizeof(newreason), "%s", f_reason);
if(flag.pretend == NO)
if(flag.pretend == false)
{
if(flag.dupes_ok == NO)
if(flag.dupes_ok == false)
drop_dupes(f_mask1, f_mask2, bandb_table[id]);
rsdb_exec(NULL,
@ -746,7 +743,7 @@ check_schema(void)
NULL
};
for(i = 0; i < LAST_BANDB_TYPE; i++)
for(i = 0; i < LAST_BANDB_TYPE; i += 2 /* skip over _PERM */)
{
if(!table_exists(bandb_table[i]))
{
@ -773,8 +770,6 @@ check_schema(void)
columns[j], type);
}
}
i++; /* skip over .perm */
}
}
@ -812,17 +807,16 @@ table_has_rows(const char *dbtab)
}
/**
* completly wipes out an existing ban.db of all entries.
* completely wipes out an existing ban.db of all entries.
*/
static void
wipe_schema(void)
{
int i;
rsdb_transaction(RSDB_TRANS_START);
for(i = 0; i < LAST_BANDB_TYPE; i++)
for(i = 0; i < LAST_BANDB_TYPE; i += 2 /* double increment to skip over _PERM */)
{
rsdb_exec(NULL, "DROP TABLE %s", bandb_table[i]);
i++; /* double increment to skip over .perm */
}
rsdb_transaction(RSDB_TRANS_END);
@ -859,7 +853,7 @@ bt_smalldate(const char *string)
lt = gmtime(&t);
if(lt == NULL)
return NULL;
rb_snprintf(buf, sizeof(buf), "%d/%d/%d %02d.%02d",
snprintf(buf, sizeof(buf), "%d/%d/%d %02d.%02d",
lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday, lt->tm_hour, lt->tm_min);
return buf;
}
@ -870,9 +864,8 @@ bt_smalldate(const char *string)
void
print_help(int i_exit)
{
fprintf(stderr, "bantool v.%s - the ircd-ratbox database tool.\n", BT_VERSION);
fprintf(stderr, "bantool v.%s - the solanum database tool.\n", BT_VERSION);
fprintf(stderr, "Copyright (C) 2008 Daniel J Reidy <dubkat@gmail.com>\n");
fprintf(stderr, "$Id: bantool.c 26164 2008-10-26 19:52:43Z androsyn $\n\n");
fprintf(stderr, "This program is distributed in the hope that it will be useful,\n"
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
@ -887,15 +880,15 @@ print_help(int i_exit)
fprintf(stderr, " -s : Reclaim empty slack space the database may be taking up.\n");
fprintf(stderr, " -u : Update the database tables to support any new features.\n");
fprintf(stderr,
" This is automaticlly done if you are importing or exporting\n");
" This is automatically done if you are importing or exporting\n");
fprintf(stderr, " but should be run whenever you upgrade the ircd.\n");
fprintf(stderr,
" -p : pretend, checks for the configs, and parses them, then tells you some data...\n");
fprintf(stderr, " but does not touch your database.\n");
fprintf(stderr,
" -v : Be verbose... and it *is* very verbose! (intended for debugging)\n");
fprintf(stderr, " -d : Enable checking for redunant entries.\n");
fprintf(stderr, " -w : Completly wipe your database clean. May be used with -i \n");
fprintf(stderr, " -d : Enable checking for redundant entries.\n");
fprintf(stderr, " -w : Completely wipe your database clean. May be used with -i \n");
fprintf(stderr,
" path : An optional directory containing old ratbox configs for import, or export.\n");
fprintf(stderr, " If not specified, it looks in PREFIX/etc.\n");

View file

@ -1,4 +1,3 @@
/* $Id: rsdb.h 26164 2008-10-26 19:52:43Z androsyn $ */
#ifndef INCLUDED_rsdb_h
#define INCLUDED_rsdb_h

View file

@ -5,8 +5,6 @@
* Should you choose to use and/or modify this source code, please
* do so under the terms of the GNU General Public License under which
* this library is distributed.
*
* $Id: rsdb_snprintf.c 26094 2008-09-19 15:33:46Z androsyn $
*/
#include "stdinc.h"
#include "rsdb.h"

View file

@ -27,8 +27,6 @@
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* $Id: rsdb_sqlite3.c 26182 2008-11-11 02:52:41Z androsyn $
*/
#include "stdinc.h"
#include "rsdb.h"
@ -47,7 +45,7 @@ mlog(const char *errstr, ...)
char buf[256];
va_list ap;
va_start(ap, errstr);
rb_vsnprintf(buf, sizeof(buf), errstr, ap);
vsnprintf(buf, sizeof(buf), errstr, ap);
va_end(ap);
error_cb(buf);
}
@ -73,14 +71,14 @@ rsdb_init(rsdb_error_cb * ecb)
if(sqlite3_open(dbpath, &rb_bandb) != SQLITE_OK)
{
rb_snprintf(errbuf, sizeof(errbuf), "Unable to open sqlite database: %s",
snprintf(errbuf, sizeof(errbuf), "Unable to open sqlite database: %s",
sqlite3_errmsg(rb_bandb));
mlog(errbuf);
return -1;
}
if(access(dbpath, W_OK))
{
rb_snprintf(errbuf, sizeof(errbuf), "Unable to open sqlite database for write: %s", strerror(errno));
snprintf(errbuf, sizeof(errbuf), "Unable to open sqlite database for write: %s", strerror(errno));
mlog(errbuf);
return -1;
}

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

11358
configure vendored

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -1,316 +0,0 @@
$Id: CIDR.txt 6 2005-09-10 01:02:21Z nenolod $
CIDR Information
----------------
Presently, we all use IPv4. The format of IPv4 is the following:
A.B.C.D
Where letters 'A' through 'D' are 8-bit values. In English, this
means each digit can have a value of 0 to 255. Example:
129.56.4.234
Digits are called octets. Oct meaning 8, hence 8-bit values. An
octet cannot be greater than 255, and cannot be less than 0 (eg. a
negative number).
CIDR stands for "classless inter domain routing", details covered
in RFC's 1518 and 1519. It was introduced mainly due to waste within
A and B classes space. The goal was to make it possible to use
smaller nets than it would seem from (above) IP classes, for instance
by dividing one B class into 256 "C like" classes. The other goal was
to allow aggregation of routing information, so that routers could use
one aggregated route (like 194.145.96.0/20) instead of
advertising 16 C classes.
Class A are all these addresses which first bit is "0",
bitmap: 0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh (n=net, h=host)
IP range is 0.0.0.0 - 127.255.255.255
Class B are all these addresses which first two bits are "10",
bitmap: 10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh (n=net, h=host)
IP range is 128.0.0.0 - 191.255.255.255
Class C are all these addresses which first three bits are "110",
bitmap: 110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh (n=net, h=host)
IP range is 192.0.0.0 - 223.255.255.255
Class D are all these addresses which first four bits are "1110",
this is multicast class and net/host bitmap doesn't apply here
IP range is 224.0.0.0 - 239.255.255.255
I bet they will never IRC, unless someone creates multicast IRC :)
Class E are all these addresses which first five bits are "11110",
this class is reserved for future use
IP range is 240.0.0.0 - 247.255.255.255
So, here is how CIDR notation comes into play.
For those of you who have real basic exposure to how networks are
set up, you should be aware of the term "netmask." Basically, this
is a IPv4 value which specifies the "size" of a network. You can
assume the word "size" means "range" if you want.
A chart describing the different classes in CIDR format and their
wildcard equivalents would probably help at this point:
CIDR version dot notation (netmask) Wildcard equivalent
-----------------------------------------------------------------
A.0.0.0/8 A.0.0.0/255.0.0.0 A.*.*.* or A.*
A.B.0.0/16 A.B.0.0/255.255.0.0 A.B.*.* or A.B.*
A.B.C.0/24 A.B.C.0/255.255.255.0 A.B.C.* or A.B.C.*
A.B.C.D/32 A.B.C.D/255.255.255.255 A.B.C.D
The question on any newbies mind at this point is "So what do all
of those values & numbers actually mean?"
Everything relating to computers is based on binary values (1s and
zeros). Binary plays a *tremendous* role in CIDR notation. Let's
break it down to the following table:
A B C D
-------- -------- -------- --------
/8 == 11111111 . 00000000 . 00000000 . 00000000 == 255.0.0.0
/16 == 11111111 . 11111111 . 00000000 . 00000000 == 255.255.0.0
/24 == 11111111 . 11111111 . 11111111 . 00000000 == 255.255.255.0
/32 == 11111111 . 11111111 . 11111111 . 11111111 == 255.255.255.255
The above is basically a binary table for the most common netblock
sizes. The "1"s you see above are the 8-bit values for each octet.
If you split an 8-bit value into each of it's bits, you find the
following:
00000000
^^^^^^^^_ 1sts place (1)
|||||||__ 2nds place (2)
||||||___ 3rds place (4)
|||||____ 4ths place (8)
||||_____ 5ths place (16)
|||______ 6ths place (32)
||_______ 7ths place (64)
|________ 8ths place (128)
Now, since computers consider zero a number, you pretty much have
to subtract one (so-to-speak; this is not really how its done, but
just assume it's -1 :-) ) from all the values possible. Some
examples of decimal values in binary:
15 == 00001111 (from left to right: 8+4+2+1)
16 == 00010000 (from left to right: 16)
53 == 00110101 (from left to right: 32+16+4+1)
79 == 01001111 (from left to right: 64+8+4+1)
254 == 11111110 (from left to right: 128+64+32+16+8+4+2)
So, with 8 bits, the range (as I said before) is zero to 255.
If none of this is making sense to you at this point, you should
back up and re-read all of the above. I realize it's a lot, but
it'll do you some good to re-read it until you understand :-).
So, let's modify the original table a bit by providing CIDR info
for /1 through /8:
A B C D
-------- -------- -------- --------
/1 == 10000000 . 00000000 . 00000000 . 00000000 == 128.0.0.0
/2 == 11000000 . 00000000 . 00000000 . 00000000 == 192.0.0.0
/3 == 11100000 . 00000000 . 00000000 . 00000000 == 224.0.0.0
/4 == 11110000 . 00000000 . 00000000 . 00000000 == 240.0.0.0
/5 == 11111000 . 00000000 . 00000000 . 00000000 == 248.0.0.0
/6 == 11111100 . 00000000 . 00000000 . 00000000 == 252.0.0.0
/7 == 11111110 . 00000000 . 00000000 . 00000000 == 254.0.0.0
/8 == 11111111 . 00000000 . 00000000 . 00000000 == 255.0.0.0
At this point, all of this should making a lot of sense, and you
should be able to see the precision that you can get by using CIDR
at this point. If not, well, I guess the best way to put it would
be that wildcards always assume /8, /16, or /24 (yes hello Piotr,
we can argue this later: I am referring to IPs *ONLY*, not domains
or FQDNs :-) ).
This table will provide a reference to all of the IPv4 CIDR values
cidr|netmask (dot notation)
----+---------------------
/1 | 128.0.0.0
/2 | 192.0.0.0
/3 | 224.0.0.0
/4 | 240.0.0.0
/5 | 248.0.0.0
/6 | 252.0.0.0
/7 | 254.0.0.0
/8 | 255.0.0.0
/9 | 255.128.0.0
/10 | 255.192.0.0
/11 | 255.224.0.0
/12 | 255.240.0.0
/13 | 255.248.0.0
/14 | 255.252.0.0
/15 | 255.254.0.0
/16 | 255.255.0.0
/17 | 255.255.128.0
/18 | 255.255.192.0
/19 | 255.255.224.0
/20 | 255.255.240.0
/21 | 255.255.248.0
/22 | 255.255.252.0
/23 | 255.255.254.0
/24 | 255.255.255.0
/25 | 255.255.255.128
/26 | 255.255.255.192
/27 | 255.255.255.224
/28 | 255.255.255.240
/29 | 255.255.255.248
/30 | 255.255.255.252
/31 | 255.255.255.254
/32 | 255.255.255.255
So, let's take all of the information above, and apply it to a
present-day situation on IRC.
Let's say you have a set of flooding clients who all show up from
the following hosts. For lack-of a better example, I'll use a
subnet here at Best:
nick1 (xyz@shell9.ba.best.com) [206.184.139.140]
nick2 (abc@shell8.ba.best.com) [206.184.139.139]
nick3 (foo@shell12.ba.best.com) [206.184.139.143]
Most people will assume the they were all in the same class C
(206.184.139.0/24 or 206.184.139.*).
This, as a matter of fact, is not true. Now, the reason *I* know
this is solely because I work on the network here; those IPs are
not delegated to a class C, but two portions of a class C (128 IPs
each). That means the class C is actually split into these two
portions:
Netblock IP range
-------- --------
206.184.139.0/25 206.184.139.0 to 206.184.139.127
206.184.139.128/25 206.184.139.128 to 206.184.139.255
For the record, 206.184.139.0 and 206.184.139.128 are both known as
"network addresses" (not to be confused with "netblocks" or "Ethernet
hardware addresses" or "MAC addresses"). Network addresses are
*ALWAYS EVEN*.
206.184.139.127 and 206.184.139.255 are what are known as broadcast
addresses. Broadcast addresses are *ALWAYS ODD*.
Now, the aforementioned list of clients are in the 2nd subnet shown
above, not the first. The reason for this should be obvious.
The remaining question is, "Well that's nice, you know what the netblock
is for Best. What about us? We don't know that!"
Believe it or not, you can find out the network block size by using
whois -h WHOIS.ARIN.NET on the IP in question. ARIN keeps a list of
all network blocks and who owns them -- quite useful, trust me. I
think I use ARIN 5 or 6 times a day, especially when dealing with
D-lines. Example:
$ whois -h whois.arin.net 206.184.139.140
Best Internet Communications, Inc. (NETBLK-NBN-206-184-BEST)
345 East Middlefield Road
Mountain View, CA 94043
Netname: NBN-206-184-BEST
Netblock: 206.184.0.0 - 206.184.255.255
Maintainer: BEST
Does this mean you should D-line 206.184.0.0/16? Probably not.
That's an entire class B-sized block, while you're only trying
to deny access to a subnetted class C.
So then how do you get the *real* info? Well, truth is, you don't.
You have to pretty much take a guess at what it is, if ARIN reports
something that's overly vague. Best, for example, was assigned the
above class B-sized block. We can subnet it however we want without
reporting back to ARIN how we have it subnetted. We own the block,
and that's all that matters (to ARIN).
Not all subnets are like this, however. Smaller subnets you may
find partitioned and listed on ARIN; I've seen /29 blocks for DSL
customers show up in ARIN before.
So, use ARIN any chance you get. The more precision the better!
Now, there is a small issue I want to address regarding use of CIDR
notation. Let's say you D-line the following in CIDR format (hi
sion ;-) ):
205.100.132.18/24
Entries like this really makes my blood boil, solely because it adds
excessive confusion and is just basically pointless. If you
examine the above, you'll see the /24 is specifying an entire
class C -- so then what's the purpose of using .18 versus .0?
There IS no purpose. The netmask itself will mask out the .18 and
continue to successfully use 205.100.132.0/24.
Doing things this way just adds confusion, especially on non-octet-
aligned subnets (such as /8, /16, /24, or /32). Seeing that on a
/27 or a /19 might make people go "wtf?"
I know for a fact this doc lacks a lot of necessary information,
like how the actual netmask/CIDR value play a role in "masking out"
the correct size, and what to do is WHOIS.ARIN.NET returns no
netblock information but instead a few different company names with
NIC handles. I'm sure you can figure this stuff out on your own,
or just ask an administrator friend of yours who DOES know. A lot
of us admins are BOFH types, but if you ask us the right questions,
you'll benefit from the answer quite thoroughly.
Oh, I almost forgot. Most Linux systems use a different version of
"whois" than FreeBSD does. The syntax for whois on Linux is
"whois <INFO>@whois.arin.net", while under FreeBSD it is
"whois -h whois.arin.net <INFO>" Debian uses yet another version
of whois that is incompatible with the above syntax options.
Note that the FreeBSD whois client has shortcuts for the most commonly
used whois servers. "whois -a <INFO>" is the shortcut for ARIN.
Also note that ARIN is not authoritative for all IP blocks on the
Internet. Take for example 212.158.123.66. A whois query to ARIN
will return the following information:
$ whois -h whois.arin.net 212.158.123.66
European Regional Internet Registry/RIPE NCC (NET-RIPE-NCC-)
These addresses have been further assigned to European users.
Contact information can be found in the RIPE database, via the
WHOIS and TELNET servers at whois.ripe.net, and at
http://www.ripe.net/db/whois.html
Netname: RIPE-NCC-212
Netblock: 212.0.0.0 - 212.255.255.255
Maintainer: RIPE
This query tells us that it is a European IP block, and is further
handled by RIPE's whois server. We must then query whois.ripe.net
to get more information.
$ whois -h whois.ripe.net 212.158.123.66
% Rights restricted by copyright. See
http://www.ripe.net/ripencc/pub-services/db/copyright.html
inetnum: 212.158.120.0 - 212.158.123.255
netname: INSNET-P2P
descr: Point to Point Links for for London Nodes
country: GB
--snip--
This tells us the actual IP block that the query was a part of.
Other whois servers that you may see blocks referred to are:
whois.ripn.net for Russia, whois.apnic.net for Asia, Australia, and
the Pacific, and whois.6bone.net for IPv6 blocks.
Contributed by Jeremy Chadwick <jdc@best.net>
Piotr Kucharski <chopin@sgh.waw.pl>
W. Campbell <wcampbel@botbay.net> and
Ariel Biener <ariel@fireball.tau.ac.il>

View file

@ -1,61 +0,0 @@
$Id: Hybrid-team 54 2005-09-10 05:12:55Z nenolod $
The hybrid team is a group of ircd coders who were frustrated
with the instability and all-out "dirtiness" of the EFnet ircd's
available. "hybrid" is the name for the collective efforts of a group
of people, all of us.
Anyone is welcome to contribute to this effort. You are encouraged
to participate in the Hybrid mailing list. To subscribe to the
Hybrid List, use this link:
https://lists.ircd-hybrid.org/mailman/listinfo/hybrid
The core team as, of this major release:
adx, Piotr Nizynski <adx@irc7.pl>
billy-jon, William Bierman III <bill@mu.org>
cryogen, Stuart Walsh <stu@ipng.org.uk>
Dianora, Diane Bruce <db@db.net>
joshk, Joshua Kwan <joshk@triplehelix.org>
kire, Erik Small <smalle@hawaii.edu>
knight, Alan LeVee <alan.levee@prometheus-designs.net>
metalrock, Jack Low <jclow@csupomona.edu>
Michael, Michael Wobst <michael.wobst@gmail.com>
Rodder, Jon Lusky <lusky@blown.net>
Wohali, Joan Touzet <joant@ieee.org>
The following people have contributed blood, sweat, and/or code to
recent releases of Hybrid, in nick alphabetical order:
A1kmm, Andrew Miller <a1kmm@mware.virtualave.net>
AndroSyn, Aaron Sethman <androsyn@ratbox.org>
bane, Dragan Dosen <bane@idolnet.org>
bysin, Ben Kittridge <bkittridge@cfl.rr.com>
cosine, Patrick Alken <wnder@uwns.underworld.net>
David-T, David Taylor <davidt@yadt.co.uk>
fl, Lee Hardy <lee@leeh.co.uk>
Garion, Joost Vunderink <garion@efnet.nl>
Habeeb, David Supuran <habeeb@cfl.rr.com>
Hwy101, W. Campbell <wcampbel@botbay.net>
jmallett, Juli Mallett <jmallett@FreeBSD.org>
jv, Jakub Vlasek <jv@pilsedu.cz>
k9, Jeremy Chadwick <ircd@jdc.parodius.com>
kre, Dinko Korunic <kreator@fly.srk.fer.hr>
madmax, Paul Lomax <madmax@efnet.org>
nenolod, William Pitcock <nenolod@nenolod.net>
Riedel, Dennis Vink, <riedel@chaotic.nl>
scuzzy, David Todd <scuzzy@aniverse.net>
spookey, David Colburn <spookey@spookey.org>
TimeMr14C, Yusuf Iskenderoglu <uhc0@stud.uni-karlsruhe.de>
toot, Toby Verrall <to7@antipope.fsnet.co.uk>
vx0, Mark Miller <mark@oc768.net>
wiz, Jason Dambrosio <jason@wiz.cx>
Xride, Søren Straarup <xride@x12.dk>
zb^3, Alfred Perlstein <alfred@freebsd.org>
Others are welcome. Always. And if we left anyone off the above list,
be sure to let us know that too. Many others have contributed to
previous versions of this ircd and its ancestors, too many to list
here.
Send bug fixes/complaints/rotten tomatoes to bugs@ircd-hybrid.org.

36
doc/Makefile.am Normal file
View file

@ -0,0 +1,36 @@
prefix = @prefix@
exec_prefix = @exec_prefix@
exec_suffix = @exec_suffix@
bindir = @bindir@
libexecdir = @libexecdir@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
# Local to the etc Makefile
CONFS = ircd.conf.example reference.conf
install-mkdirs:
-@if test ! -d $(DESTDIR)$(sysconfdir); then \
echo "mkdir -p $(sysconfdir)"; \
mkdir -p $(DESTDIR)$(sysconfdir); \
fi
install: install-mkdirs
@echo "ircd: installing example config files ($(CONFS))"
@for i in $(CONFS); do \
if test -f $(DESTDIR)$(sysconfdir)/$$i; then \
$(MV) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$i.old; \
fi; \
$(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \
done
-@if test ! -f $(DESTDIR)$(sysconfdir)/ircd.motd; then \
echo "ircd: installing motd file (ircd.motd)"; \
$(INSTALL_DATA) ircd.motd $(DESTDIR)$(sysconfdir); \
fi
-@if test -f $(DESTDIR)$(sysconfdir)/links.txt; then \
$(RM) $(DESTDIR)$(sysconfdir)/links.txt; \
fi

View file

@ -1,92 +0,0 @@
# $Id: Makefile.in 3376 2007-04-03 11:37:39Z nenolod $
CC = @CC@
INSTALL = @INSTALL@
INSTALL_BIN = @INSTALL_PROGRAM@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_SUID = @INSTALL_PROGRAM@ -o root -m 4755
RM = @RM@
LEX = @LEX@
LEXLIB = @LEXLIB@
CFLAGS = @IRC_CFLAGS@ -DIRCD_PREFIX=\"@prefix@\"
LDFLAGS = @LDFLAGS@
MKDEP = ${CC} -MM
MV = @MV@
RM = @RM@
CP = @CP@
TOUCH = @TOUCH@
PROGRAM_PREFIX = @PROGRAM_PREFIX@
prefix = @prefix@
exec_prefix = @exec_prefix@
exec_suffix = @exec_suffix@
bindir = @bindir@
libexecdir = @libexecdir@
sysconfdir = @sysconfdir@
localstatedir = @localstatedir@
# Change this later! -- adrian
moduledir = @moduledir@
automoduledir = @moduledir@/autoload
# Local to the etc Makefile
mandir = @mandir@/man8
MANPAGES = ircd.8
CONFS = ircd.conf.example reference.conf
SSL_LIBS = @SSL_LIBS@
SSL_INCLUDES = @SSL_INCLUDES@
IRCDLIBS = @LIBS@ $(SSL_LIBS)
INCLUDES = -I../include $(SSL_INCLUDES)
CPPFLAGS = ${INCLUDES} @CPPFLAGS@
all: build
install-mkdirs:
-@if test ! -d $(DESTDIR)$(sysconfdir); then \
echo "mkdir -p $(sysconfdir)"; \
mkdir -p $(DESTDIR)$(sysconfdir); \
fi
-@if test ! -d $(DESTDIR)$(mandir); then \
echo "mkdir -p $(mandir)"; \
mkdir -p $(DESTDIR)$(mandir); \
fi
install: install-mkdirs build
@echo "ircd: installing example config files ($(CONFS))"
@for i in $(CONFS); do \
if test -f $(DESTDIR)$(sysconfdir)/$$i; then \
$(MV) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$i.old; \
fi; \
$(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \
done
-@if test ! -f $(DESTDIR)$(sysconfdir)/ircd.motd; then \
echo "ircd: installing motd file (ircd.motd)"; \
$(INSTALL_DATA) ircd.motd $(DESTDIR)$(sysconfdir); \
fi
-@if test -f $(DESTDIR)$(sysconfdir)/links.txt; then \
$(RM) $(DESTDIR)$(sysconfdir)/links.txt; \
fi
@echo "ircd: installing manpage"
@for i in $(MANPAGES); do \
if test ! -f $(DESTDIR)$(mandir)/$(PROGRAM_PREFIX)$$i; then \
$(INSTALL_DATA) $$i $(DESTDIR)$(mandir)/$(PROGRAM_PREFIX)$$i; \
fi; \
done
build:
clean:
depend:
lint:
distclean:
${RM} -f Makefile

View file

@ -1,17 +0,0 @@
$Id: README.cidr_bans 6 2005-09-10 01:02:21Z nenolod $
Basically what this patch does is allow for users to use cidr masks when
setting bans, exceptions, and invite invex(modes beI respectively). This
works for both IPv4 and IPv6 addresses.
I won't go into details of how cidr works here, but to use them, you could
do something like:
/mode #foo +b *!*@10.0.0.0/8
/mode #foo +e *!*@10.0.10.0/24
Aaron Sethman <androsyn@ratbox.org>
August 06, 2002

View file

@ -1,18 +0,0 @@
$Id: Ratbox-team 1640 2006-06-05 00:02:19Z jilles $
ircd-ratbox is an evolution where ircd-hybrid left off around version 7-rc1.
Currently the ircd-ratbox team consists of the following developers:
AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
anfl, Lee Hardy <lee -at- leeh.co.uk>
Special thanks for support, code and ideas to:
Hwy, W. Campbell <wcampbel -at- botbay.net>
jilles, Jilles Tjoelker <jilles -at- stack.nl>
larne, Edward Brocklesby <ejb -at- sdf.lonestar.org>
Of course our work is based on the work of many, many others over the past
10 or so years since irc has existed, including the work done by the Hybrid
team, our thanks goes to them.

View file

@ -1,272 +0,0 @@
The Tao of Internet Relay Chat
Copyright (C) Ove Ruben R Olsen 1994
Version of 940110
Contributing masters: Master ScottM
-----
Something is formed by the electrons, born in the silent cable. Shaping
and growing and ungrowing. It is there yet not there. It is the source of
Internet Relay Chat. I do not know the name, thus I will call it the Tao
of Internet Relay Chat.
If the Tao is great, then the IRC is running ceaselessly. If the IRC is
great then the server is running without ever stoping. If the server is
great then the client will always be the server. The luser is then pleased
and there is Chat in the world.
The Tao of IRC squits far away and connects on returning.
-----
The genetic potential of birth, a lot to know, yet unknown.
In the begining there was nothing.
Out of nothing the Tao gave birth to tolsun.oulu.fi. tolsun gave birth to
OuluBox.
OuluBox gave birth to rmsg.
rmsg was not Tao, so MUT gave birth to IRC.
No one knows when IRC came into existance, the mighty master WiZ have it
to be at the end of the eight month in the year of the Dragon.
-----
Each channel has its purpose, however humble. Each channel is the Yin and
Yang of IRC. Each channels has it's place within the IRC.
In the beginning there was only channel 0, thus channel 0 is the soil of
IRC.
Channel 1 to channel 10 then was open as the sea. Channel 11 to 999 was the
trees and forests of IRC. Channels above 999 should not be mentioned, and
channels below 0 were unborn and contained many secrets.
This was not the right Tao, so IRC gave birth to +channels.
+channels had the yin and yang. Mode does not.
This was not the right Tao still, so IRC gave birth to #channels.
#channels have the yin and yang.
Only channel 0 is the right path to Tao, but avoid speaking on channel 0.
-----
There was a great dispute among the Broom-Walkers of the Relay. Some of them
wanted neither yin nor yang. Out of this Eris came into existance. Some of the
Broom-Walkers then created Eris Free-net.
This was the right Tao.
Kind Gentle and Boring Net was another wrong path to the Tao of Internet Relay
Chat.
Some time later there was a quantity of some lusers who wanted to be
Broom-Walkers also. The Eris Free Broom-Walkers did not agree with them,
thus a new IRC was born. This IRC is called the Undernet.
But this is not the right Tao, either.
-----
There will always be disputes among the Broom-Walkers of Internet Relay Chat.
This is the very nature of the IRC.
-----
Lusers that do not understand the Tao is always using the yang of Mode on
their channels. Lusers that do understand the Tao are always using Ignore
on their channels.
How could this not be so ?
-----
The wise sage luser is told about the Chat and uses it. The luser is told
about the IRC and is looking for it. The flock are told about the Tao and
make a fool of the IRC.
If there was no laughter, there would be no Tao.
-----
The master says:
"Without the Tao of Internet Relay Chat, life becomes meaningless."
The Relay of the old time was mysterious and sacred. We can neither imagine
its thoughts nor path; we are left but to describe.
-----
The sage luser must be aware like a frog crossing the highway.
-----
The great master Wumpus once dreamed that he was an automaton. When he awoke
he exclaimed:
"I don't know whether I am Wumpus dreaming that I am a client,
or a client dreaming that I am Wumpus!"
So was the first Automata born.
The master Nap then said:
"Any automata should not speak unless spoken to.
Any automata shall only whisper when spoken to."
Thus replied the master Gnarfer:
"The lusers shall keep in mind that a automata can be either good or
bad. Create good automata, and the IRC will hail you and you will
gain fame and fortune. Create bad automata and people will start to
hate you, and finaly you will be /KILLed to ethernal damnation"
Many lusers have fallen into the clutches of ethernal damnation. They where
not following the Tao.
-----
There once was a luser who went to #BotSex. Each day he saw the automatons.
The luser decided that he also would have such a automata.
He asked another luser for his automata. The other luser gave his automata
away.
The luser was not within the Tao, so he just started the automata. The automata
had only Yang inside so all the lusers files where deleted.
Some moons laither the same luser then had become a sage luser, and did create
his automata from the very grounds with materials found inside the IRC.
The luser was now within the Tao and his automata lived happily ever after.
-----
There once was a master who wrote automatons without the help of master Phone.
A novice luser, seeking to imitate him, began with the help of master Phone.
When the novice luser asked the master to evaluate his automata the master
replied: "What is a working automata for the master is not for the luser.
You must must BE the IRC before automating."
-----
Master BigCheese gave birth to master Troy; his duty clear. Master Troy gave
birth to master Phone, for the Tao of Irc must be eternal and must flow as the
ceaseless river of Time itself.
-----
Master Phone once said about the ircII client:
"public_msg is for a message from someone NOT on the channel
public_other is for a message on a channel that doesn't belong to
a window. public is for a message on a channel that belongs to a
window!"
Out of this raised the mighty chaos.
-----
The sage luser came to the master who wrote automata without the help of
master Phone. The sage luser asked the master who wrote automata: "Which is
easiest to make. A automata with the help of master Phone or an automata
made with the help of a language ?"
The master who wrote automata then replied:
"With the help of a language."
The sage luser was disapointed and exclaimed: "But, with master Phone you
do not need to know anything about the soil of IRC. Is not that the easiet
way ?"
"Not really" said the master who wrote automata, "when using master Phone
you are closed inside a box. For sure, it is a great box for the lusers,
but the master will need more power, thus a language is the only path to go.
With the language the master will never have to limit himself. When using
such a language the master will seek the best between the need and the
availibility."
"I see", said the sage luser.
This is the essence of Tao of IRC automatas.
-----
A client should be light and be used for communication. The spirit of a good
client is that it should be very convinient for the luser to use, but hard
for the luser who want to create automata.
There should never ever be too many functions or too few functions.
There should always be a ignore.
Without ignore the client is not within the Tao of Chating.
The client should always respond the luser with messages that will not
astnonish him too much. The server likewise. If the server does not, then it
is the clients job to explain what the server says.
A client which fails this, will be useless and cause confusion for the lusers.
The only way to correct this is to use another client or to write a new one.
-----
A luser asked the masters on #IrcHelp: "My client does not work".
The masters replied: "Upgrade your client".
The luser then wondered why the master knew. The master then told him about
the Protocol.
"Your client does not work beaucse it does not understand the server. Why
should it always work ? Only a fool would expect such. But, clients are made
by humans, and humans are not perfect. Only Tao is.
The IRC is solid. The IRC is floating, and will always be dynamic. Live with
that or /quit."
-----
The luser came to the masters of #IrcHelp, asking about the Tao of IRC within
the client.
The masters then said that the Tao of IRC always lies inside the client
regardless of how the client connects to the server.
"Is the Tao in irc ?" asked the luser.
"It so is" replied the masters of #IrcHelp.
"Is the Tao in the ircII, Kiwi, rxirc, vms, rockers and msa ?" asked the
luser.
"In all of them and in the TPC, irchat, zenirc, zircon X11-irc and even the
dos irc has the Tao" said the master quietly.
"Is the Tao in a telnet connection directly to the server ?"
The master then was quiet for a long time and said. "Please leave, such
questions are not within the Tao of IRC".
-----
The master says: "Without the Protocol of TCP the messages will not travel.
Without the client, the server is useless."
-----
There once was a luser who used the ircII client. "ircII can do anything I
ever need for using IRC" said the emacs client user, "I have /ON's, I have
assignments, I have aliasing. Why don't you use this instead of the huge
emacs client, which also has a messy screen?"
The emacs client user then replied by saying that "it is better to have a
scripting language that is the client instead of have a client that has
a scripting language." Upon hearing this, the ircII client luser fell silent.
-----
The master Wumpus said: "Time for you to leave. I did, now I'm happy."
The master Gnarfer replied: "Use, but never overuse IRC, then you will also
be happy within IRC"
-----
A luser came unto the masters of #EU-Opers and asked, "How can I be, yet not
be, a user@host within the IRC?"
The masters of #EU-Opers replied: "To be Tao is to be ones true self. To hide
ones self is not Tao, and is not IRC, you have much to learn before you shall
be at rest within the Flow of Irc. Please leave"

129
doc/connecting-servers.rst Normal file
View file

@ -0,0 +1,129 @@
Connecting servers
==================
Servers can be connected together to improve redundancy, distribute bandwidth,
lower latency, and connect network services.
This document is an introduction to connecting servers. It assumes you are
already somewhat familiar with Solanum's configuration (if not, read
:file:`ircd.conf.example`, and set up your own server by editing it
and running Solanum).
Solanum uses the TS6 protocol, and can only be connected with other servers
using this protocol. We recommend you only connect Solanum with other Solanum
instances.
Unlike some other IRCd implementations, all connections are reciprocal in
Solanum, which means a single configuration block is used for both incoming
and outgoing connections.
Additionally, the same ports are used for server and client connections.
Creating servers
----------------
If you already have a server running, copy its configuration to a new machine,
and edit ``serverinfo`` for the new server. In particular, you must change the
``name`` and ``sid``, but keep the same ``network_name``.
We recommend you keep both configurations in sync using some external
configuration management systems, so server configurations do not drift apart
over time, as you change them.
For each of the two servers, you must create a ``connect`` block to represent
the connection with the other server. For example, if you have servers A and B
respectively at a.example.org and b.example.org, use respectively::
serverinfo {
name = "a.example.org";
// ...
};
connect "b.example.org" {
host = "203.0.113.2";
port = 6666;
send_password = "password";
accept_password = "anotherpassword";
flags = topicburst, autoconn;
class = "server";
};
and::
serverinfo {
name = "b.example.org";
// ...
};
connect "a.example.org" {
host = "203.0.113.1";
port = 6666;
send_password = "anotherpassword";
accept_password = "password";
flags = topicburst, autoconn;
class = "server";
};
Note the reversed passwords.
The ports should be any of the ports defined in a ``listen {}`` block of the
other server.
The ``autoconn`` flag indicates a server should automatically connect using
this ``connect {}`` block. At least one of the two servers should have it,
or the servers won't try to connect.
If you are connecting servers over an unencrypted link, you should use SSL/TLS
for the connection; see :file:`reference.conf`.
Connecting services
-------------------
In addition to regular servers, you can also connect service packages such
as atheme-services.
These services typically do not accept incoming connections, and connect to
one of the existing servers of the network.
To allow connections from such a service server, you should create
a new ``connect {}`` block for this package, on the server the services
will connect to::
connect "services.example.org" {
host = "localhost";
port = 6666;
send_password = "password";
accept_password = "anotherpassword";
flags = topicburst; // No autoconn, services don't accept incoming connections
class = "server";
};
And create the appropriate config in your services' configuration so that
they connect to your server on the configured port, and from the configured
hostname.
For example, with atheme::
loadmodule "modules/protocol/solanum";
uplink "a.example.org" {
host = "localhost";
port = 6666;
send_password = "anotherpassword";
receive_password = "password"
};
Finally, you must configure all servers in your network to recognize the
services server::
service {
name = "services.example.org";
};

276
doc/credits-past.txt Normal file
View file

@ -0,0 +1,276 @@
===============================================================================
IRCD 2.8 CREDITS
===============================================================================
/************************************************************************
* IRC - Internet Relay Chat, doc/AUTHORS
* Copyright (C) 1990
*
* AUTHORS FILE:
* This file attempts to remember all contributors to the IRC
* developement. Names can be only added this file, no name
* should never be removed. This file must be included into all
* distributions of IRC and derived works.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
IRC was conceived of and written by Jarkko Oikarinen <jto@tolsun.oulu.fi>.
IRC was originally written in University of Oulu, Computing Center.
Jan 1991 - IRC 2.6 jto@tolsun.oulu.fi
- Multiple Channels and protocol changes
Contributions were made by a cast of dozens, including the following:
Markku Jarvinen <mta@tut.fi>: Emacs-like editing facility for the client
Kimmo Suominen <kim@kannel.lut.fi>: HP-UX port
Jeff Trim <jtrim@orion.cair.du.edu>: enhancements and advice
Vijay Subramaniam <vijay@lll-winken.llnl.gov>: advice and ruthless publicity
Karl Kleinpaste <karl@cis.ohio-state.edu>: user's manual
Greg Lindahl <gl8f@virginia.edu>: AUTOMATON code, the Wumpus GM automaton,
myriad bug fixes
Bill Wisner <wisner@hayes.fai.alaska.edu>: numerous bug fixes and code
enhancements
Tom Davis <conslt16@zeus.unl.edu> and Tim Russell <russell@zeus.unl.edu>:
VMS modifications
Markku Savela <msa@tel4.tel.vtt.fi>: advice, support, and being the
incentive to do some of our *own* coding. :)
Tom Hopkins <hoppie@buengf.bu.edu>: bug fixes, quarantine lines,
consolidation of various patches.
Christopher Davis <ckd@cs.bu.edu>: EFnet/Anet gateway coding,
many automata ;), documentation fixing.
Helen Rose <hrose@cs.bu.edu>: documentation updating, and fixing.
Tom Hinds <rocker@bucsf.bu.edu>: emacs client updating.
Tim Miller <cerebus@bu-pub.bu.edu>: various server and client-breaking
features.
Darren Reed <avalon@coombs.anu.edu.au>: various bug fixes and enhancements.
Introduced nickname and channelname hash tables into the server.
The version 2.2 release was coordinated by Mike Bolotski
<mikeb@salmon.ee.ubc.ca>.
The version 2.4 release was coordinated by Markku Savela and
Chelsea Ashley Dyerman
The version 2.5.2 release was coordinated by Christopher Davis, Helen Rose,
and Tom Hopkins.
The versions 2.6.2, 2.7 and 2.8 releases were coordinated by Darren Reed.
Contributions for the 2.8 release from the following people:
Matthew Green <phone@coombs.anu.edu.au>
Chuck Kane <ckane@ece.uiuc.edu>
Matt Lyle <matt@oc.com>
Vesa Ruokonen <ruokonen@lut.fi>
Markku Savela <Markku.Savela@vtt.fi> / April 1990
Fixed various bugs in 2.2PL1 release server (2.2msa.4) and changed
sockets to use non-blocking mode (2.2msa.9). [I have absolutely
nothing to do with clients :-]
Chelsea Ashley Dyerman <chelsea@earth.cchem.berkeley.edu> / April 1990
Rewrote the Makefiles, restructuring of source tree. Added libIrcd.a to
the Makefile macros, numerous reformatting of server text messages, and
added mkversion.sh to keep track of compilation statistics. Numerous
bug fixes and enhancements, and co-coordinator of the 2.4 release.
jarlek@ifi.uio.no added mail functions to irc.
Armin Gruner <gruner@informatik.tu-muenchen.de> / May, June 1990:
* Patched KILL-line feature for ircd.conf, works now.
Enhancement: Time intervals can be specified in passwd-field.
Result: KILL-Line is only active during these intervals
* Patched PRIVMSG handling, now OPER can specify masks for sending
private messages, advantage: msg to all at a specified server or host.
* Little tests on irc 2.5 alpha, fixed some little typos in client code.
Change: common/debug.c has been moved to ircd/s_debug.c, and a
irc/c_debug.c has been created, for the benefit that wrong server msg
are displayed if client does not recognize them. (strange, if a server
sends an 'unknown command', isn't it?)
Tom Hopkins <hoppie@buengf.bu.edu> / September, October 1990:
* Patched msa's K lines for servers (Q lines).
* Consolidated several patches, including Stealth's logging patch.
* Fixed several minor bugs.
* Has done lots of other stuff that I can't seem to remember, but he
always works on code, so he has to have done alot more than three
lines worth. :)
Thanks go to those persons not mentioned here who have added their advice,
opinions, and code to IRC.
Various modifications, bugreports, cleanups and testing by:
Hugo Calendar <hugo@ucscb.ucsc.edu>
Bo Adler <adler@csvax.cs.caltech.edu>
Michael Sandrof <ms5n+@andrew.cmu.edu>
Jon Solomon <jsol@cs.bu.edu>
Jan Peterson <jlp@hamblin.math.byu.edu>
Nathan Glasser <nathan@brokaw.lcs.mit.edu>
Helen Rose <hrose@eff.org>
Mike Pelletier <stealth@caen.engin.umich.edu>
Basalat Ali Raja <gwydion@tavi.rice.edu>
Eric P. Scott <eps@toaster.sfsu.edu>
Dan Goodwin <fornax@wpi.wpi.edu>
Noah Friedman <friedman@ai.mit.edu>
===============================================================================
IRCD-HYBRID CREDITS
===============================================================================
The hybrid team is a group of ircd coders who were frustrated
with the instability and all-out "dirtiness" of the EFnet ircd's
available. "hybrid" is the name for the collective efforts of a group
of people, all of us.
Anyone is welcome to contribute to this effort. You are encouraged
to participate in the Hybrid mailing list. To subscribe to the
Hybrid List, use this link:
https://lists.ircd-hybrid.org/mailman/listinfo/hybrid
The core team as, of this major release:
adx, Piotr Nizynski <adx@irc7.pl>
billy-jon, William Bierman III <bill@mu.org>
cryogen, Stuart Walsh <stu@ipng.org.uk>
Dianora, Diane Bruce <db@db.net>
joshk, Joshua Kwan <joshk@triplehelix.org>
kire, Erik Small <smalle@hawaii.edu>
knight, Alan LeVee <alan.levee@prometheus-designs.net>
metalrock, Jack Low <jclow@csupomona.edu>
Michael, Michael Wobst <michael.wobst@gmail.com>
Rodder, Jon Lusky <lusky@blown.net>
Wohali, Joan Touzet <joant@ieee.org>
The following people have contributed blood, sweat, and/or code to
recent releases of Hybrid, in nick alphabetical order:
A1kmm, Andrew Miller <a1kmm@mware.virtualave.net>
AndroSyn, Aaron Sethman <androsyn@ratbox.org>
Ariadne, Ariadne Conill <ariadne@dereferenced.org>
bane, Dragan Dosen <bane@idolnet.org>
bysin, Ben Kittridge <bkittridge@cfl.rr.com>
cosine, Patrick Alken <wnder@uwns.underworld.net>
David-T, David Taylor <davidt@yadt.co.uk>
fl, Lee Hardy <lee@leeh.co.uk>
Garion, Joost Vunderink <garion@efnet.nl>
Habeeb, David Supuran <habeeb@cfl.rr.com>
Hwy101, W. Campbell <wcampbel@botbay.net>
jmallett, Juli Mallett <jmallett@FreeBSD.org>
jv, Jakub Vlasek <jv@pilsedu.cz>
k9, Jeremy Chadwick <ircd@jdc.parodius.com>
kre, Dinko Korunic <kreator@fly.srk.fer.hr>
madmax, Paul Lomax <madmax@efnet.org>
Riedel, Dennis Vink, <riedel@chaotic.nl>
scuzzy, David Todd <scuzzy@aniverse.net>
spookey, David Colburn <spookey@spookey.org>
TimeMr14C, Yusuf Iskenderoglu <uhc0@stud.uni-karlsruhe.de>
toot, Toby Verrall <to7@antipope.fsnet.co.uk>
vx0, Mark Miller <mark@oc768.net>
wiz, Jason Dambrosio <jason@wiz.cx>
Xride, Søren Straarup <xride@x12.dk>
zb^3, Alfred Perlstein <alfred@freebsd.org>
Others are welcome. Always. And if we left anyone off the above list,
be sure to let us know that too. Many others have contributed to
previous versions of this ircd and its ancestors, too many to list
here.
Send bug fixes/complaints/rotten tomatoes to bugs@ircd-hybrid.org.
===============================================================================
IRCD-RATBOX CREDITS
===============================================================================
ircd-ratbox is an evolution where ircd-hybrid left off around version 7-rc1.
Currently the ircd-ratbox team consists of the following developers:
AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
anfl, Lee Hardy <lee -at- leeh.co.uk>
Special thanks for support, code and ideas to:
Hwy, W. Campbell <wcampbel -at- botbay.net>
jilles, Jilles Tjoelker <jilles -at- stack.nl>
larne, Edward Brocklesby <ejb -at- sdf.lonestar.org>
Of course our work is based on the work of many, many others over the past
10 or so years since irc has existed, including the work done by the Hybrid
team, our thanks goes to them.
===============================================================================
CHARYBDIS CREDITS
===============================================================================
Charybdis started as an evolution from ircd-ratbox. Its development
is led by a team of dedicated developers who have put a lot of time
into the project and it has seen use on a variety of different
network configurations.
The Charybdis core team, listed in nick-alphabetical order:
amdj, Aaron Jones <aaronmdjones -at- gmail.com>
Ariadne, Ariadne Conill <ariadne -at- dereferenced.org>
Elizafox, Elizabeth Myers <elizabeth -at- interlinked.me>
jilles, Jilles Tjoelker <jilles -at- stack.nl>
mr_flea, Keith Buck <mr_flea -at- esper.net>
The following people are also project members, listed in nick-alphabetical
order:
jdhore, JD Horelick <jdhore1 -at- gmail.com>
viatsko, Valerii Iatsko <dwr -at- codingbox.io>
The following people have made contributions to the Charybdis releases,
in nick-alphabetical order:
AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
anfl, Lee Hardy <lee -at- leeh.co.uk>
beu, Elfyn McBratney <elfyn.mcbratney -at- gmail.com>
BlindSight, Matt Ullman <matt -at- airraidsirens.com>
Entrope, Michael Poole <mdpoole -at- trolius.org>
grawity, Mantas Mikulėnas <grawity -at- gmail.com>
gxti, Michael Tharp <gxti -at- partiallystapled.com>
mniip <mniip -at- mniip.com>
Simon, Simon Arlott
spb, Stephen Bennett <spb -at- attenuate.org>
Taros, Brett Greenham <taros -at- shadowircd.net>
ThaPrince, Jon Christopherson <jon -at- vile.com>
twincest, River Tarnell <river -at- attenuate.org>
w00t, Robin Burchell <surreal.w00t -at- gmail.com>
For a list of contributors to ircd-ratbox, ircd-hybrid, and ircd2.8 (the
predecessors to Charybdis), see the doc/credits-past.txt file in the Charybdis
distribution.
Visit the Charybdis website at: http://www.charybdis.io/
Visit us on IRC at: irc.charybdis.io #charybdis

View file

@ -1,7 +1,7 @@
account-notify client capability specification
----------------------------------------------
Copyright (c) 2010 William Pitcock <nenolod@atheme.org>.
Copyright (c) 2010 Ariadne Conill <ariadne@dereferenced.org>.
Unlimited redistribution and modification of this document is allowed
provided that the above copyright notice and this permission notice

View file

@ -51,9 +51,6 @@ If aes256 is not available, the following is used instead:
- Building ratbox-respond -
---------------------------
If you are using the unix based ratbox-respond this must be built. For the
windows version, ratbox-winrespond, please see http://respond.ircd-ratbox.org
ratbox-respond takes the challenge from the server, and together with your
private key file generates a response to be sent back. ratbox-respond
requires the openssl headers (ie, development files) and openssl libraries
@ -82,5 +79,3 @@ ratbox-respond/README for more information.
A number of scripts for clients have already been written to automate this
process, see client-scripts/README for more information.
--
$Id: challenge.txt 678 2006-02-03 20:25:01Z jilles $

View file

@ -43,5 +43,3 @@ the same on all servers for each nick-user pair, also if a user with a UID
nick changes their nick but is collided again (the server detecting the
collision will not propagate the nick change further).
--
$Id: collision_fnc.txt 3422 2007-04-22 14:35:28Z jilles $

View file

@ -42,6 +42,10 @@ exists and is not +s or +p. (The ops of the channel the ban is on cannot
necessarily see whether the user is in the target channel, so it should not
influence whether they can join either.)
extb_canjoin.so
$j:<channel>
matches users who are or are not banned from a specified channel
extb_oper.so
$o
matches opers (most useful with +I)
@ -56,6 +60,14 @@ extb_server.so
matches users connected to a server matching the mask (* and ? wildcards);
this can only be used with +b and +q
extb_extgecos.so
$x:<mask>
bans all users with matching nick!user@host#gecos
extb_ssl.so
$z
matches all SSL users
Comparisons:
+b $~a is similar to +r but also prevents not logged in users talking or
@ -88,5 +100,3 @@ The function is called whenever a (local) client needs to be checked against
a +bqeI entry of the given extban type, and whenever a local client tries to
add such an entry. (Clients are allowed to add bans matching themselves.)
--
$Id: extban.txt 1639 2006-06-04 23:26:47Z jilles $

59
doc/features/filter.txt Normal file
View file

@ -0,0 +1,59 @@
extensions/filter module documentation
--------------------------------------
The filter extension implements message content filtering using
solanum's hook framework and Intel's Hyperscan regular expression
matching library.
It requires an x86_64 processor with SSSE3 extensions.
To operate, the filter requires a database of regular expessions
that have been compiled using the Hyperscan library's
hs_compile_multi() or hs_compile_ext_multi() functions.
The command SETFILTER is used to manage operation of the filter and to
load compiled Hyperscan databases.
General documenation of SETFILTER is available using the 'HELP SETFILTER'
command.
For each expression in the database, the three least significant bits
of the expression ID are used to indicate which action the ircd should
take in the event of a match:
001 (1) DROP - The message will be dropped and the client will be sent
an ERR_CANNOTSENDTOCHAN message.
010 (2) KILL - The connection from which the message was recevied will
be closed.
100 (4) ALARM - A Server Notice will be generated indicating that an
expression was matched. The nick, user, hostname and
IP address will be reported. For privacy, the expression
that has been matched will not be disclosed.
Messages are passed to the filter module in a format similar to an
IRC messages:
0:nick!user@host#1 PRIVMSG #help :hello!
The number at the start of the line indicates the scanning pass:
Messages are scanned twice, once as they were received (0), and once
with any formatting or unprintable characters stripped (1).
By default, 'nick', 'user' and 'host' will contain *. This behaviour
can be changed at build time if filtering on these fields is required.
The number after the # will be 0 or 1 depending on whether the sending
client was identified to a NickServ account.
The process for loading filters is as follows:
1. The Hyperscan database is serialized using hs_serialize_database().
2. A 'SETFILTER NEW' command is sent.
3. The serialized data is split into chunks and base64 encoded.
The chunk size needs to be chosen to ensure that the resuliting
strings are short enough to fit into a 510 byte IRC line, taking
into account space needed for the 'SETFILTER +' command, check field,
server mask, and base64 overhead.
4. The encoded chunks are sent using 'SETFILTER +' commands
5. Once the entire database has been sent, a 'SETFILTER APPLY' command
is sent to commit it.

15
doc/features/index.txt Normal file
View file

@ -0,0 +1,15 @@
Here is an overview of the docs in the doc/features directory.
account-notify.txt - Description of the account-notify system
away-notify.txt - Description of the away-notify system
challenge.txt - Overview of the challenge/response system for
obtaining operator status
collision_fnc.txt - Overview of the SAVE nick collision method
extban.txt - Description of extended bans
extended-join.txt - Description of the extended-join system
modeg.txt - Description of UMODE +g, the caller ID system
monitor.txt - Description of the MONITOR system
sasl.txt - Description of the SASL services authentication
system
services.txt - Overview of features added by services
tgchange.txt - Overview of the target change system

View file

@ -78,7 +78,7 @@ Note that some clients may have to use /quote ACCEPT instead of /accept.
--
Client Hwy101: /msg Hwy-LL hi
Hwy101 will see: -!- Hwy-LL is in +g mode (server-side ignore.)
Hwy101 will see: -!- Hwy-LL is in +g mode and must manually allow you to message them.
-!- Hwy-LL has been informed that you messaged them.
Hwy-LL will see: -!- Hwy101 wcampbel@admin.irc.monkie.org is messaging you, and you have umode +g.
@ -86,7 +86,7 @@ Hwy-LL will see: -!- Hwy101 wcampbel@admin.irc.monkie.org is messaging you, and
--
If Hwy101 sends another message to Hwy-LL (before the minute expires), he will
see: -!- Hwy-LL is in +g mode (server-side ignore.)
see: -!- Hwy-LL is in +g mode and must manually allow you to message them.
and will not receive the second notice
Hwy-LL will NOT see any notice. This also applies if the second message comes
@ -189,7 +189,7 @@ their accept list.
716 - ERR_TARGUMODEG
--------------------
:<server> 716 <nick> <target> :is in +g mode (server-side ignore.)
:<server> 716 <nick> <target> :is in +g mode and must manually allow you to message them.
This numeric is used to indicate that a message (PRIVMSG) the client sent
could not be delivered because of CallerID restrictions. The <target>
@ -215,4 +215,3 @@ which is ambiguous if the user may contain a [ and in the author's opinion ugly.
--
W. Campbell
updated by J. Tjoelker
$Id: modeg.txt 3556 2007-08-18 14:45:10Z jilles $

View file

@ -1,6 +1,5 @@
MONITOR - Protocol for notification of when clients become online/offline
Lee Hardy <lee -at- leeh.co.uk>
$Id: monitor.txt 3520 2007-06-30 22:15:35Z jilles $
-------------------------------------------------------------------------
Currently, ISON requests by clients use a large amount of bandwidth. It is

View file

@ -127,4 +127,3 @@ Kucharski (IRCnet), IRC Client Capabilities Extension. March 2005.
This internet-draft has expired; it can still be found on
http://www.leeh.co.uk/draft-mitchell-irc-capabilities-02.html
$Id: sasl.txt 3169 2007-01-28 22:13:18Z jilles $

View file

@ -1,9 +1,12 @@
ratbox-services compatibility documentation - Lee H <lee -at- leeh.co.uk>
-------------------------------------------------------------------------
Services compatibility documentation
------------------------------------
Compatibility with ratbox-services is always enabled. Note that some or
all of this is also used by atheme-services and anope. It will add the
following features to ircd:
Originally written by Lee Hardy for ircd-ratbox. Minor changes by Elizabeth
Myers for modern services.
Compatibility with services is always enabled. Supported services include
atheme and anope. They add the following features to Charybdis:
1. Channel mode +r
@ -17,8 +20,8 @@ following features to ircd:
Ability to specify the names of services servers in ircd.conf:
service {
name = "services.ircd-ratbox.org";
name = "backup-services.ircd-ratbox.org";
name = "services.charybdis.io";
name = "backup-services.charybdis.io";
};
These must be specified for certain features to work. You may specify as
@ -60,4 +63,3 @@ following features to ircd:
Gives numeric 486 to users sending a PRIVMSG who are not logged in:
:<server> 486 <nick> <targetnick> :You must log in with services to message this user
# $Id: services.txt 6 2005-09-10 01:02:21Z nenolod $

View file

@ -41,6 +41,3 @@ you are messaging that channel or a client within that channel. The latter
can be done explicitly using the CNOTICE and CPRIVMSG commands, see
/quote help cnotice and /quote help cprivmsg, but is also implicit in a
normal /msg, /notice or /invite.
--
$Id: tgchange.txt 6 2005-09-10 01:02:21Z nenolod $

View file

@ -1,29 +0,0 @@
# $Id: index.txt 6 2005-09-10 01:02:21Z nenolod $
Here is the overview of the documents in the doc/ directory.
CIDR.txt - Description of CIDR in IPv4
Tao-of-IRC.940110 - No comment...
challenge.txt - Overview of the challenge/response system for
obtaining operator status
ircd.conf.example - An example ircd.conf file describing most of the
user settable options
guidelines.txt - Documentation guidelines
hooks.txt - Overview of the hooks available
index.txt - This file
ircd.8 - The new revised manpage, read with the following
commands in the prefix directory:
man -M . ircd
ircd.motd - A default ircd.motd used by make install
logfiles.txt - Description of formatting of some logfiles
modeg.txt - An in depth description of the server side silence
user mode (+g)
modes.txt - A list of all user and channel modes
operguide.txt - EFnet operator's guide
opermyth.txt - Oper myth's, describes what opers can and cannot do
server-version-info - Overview of the flags shown in /version
whats-new.txt - What new features are available
Also in the contrib/ directory you will find:
example_module.c - An example module, detailing what the code in a module
does. Useful for building your own modules.

View file

@ -1,120 +0,0 @@
.\" @(#)ircd.8 2.0 22 April 2004
.\" $Id: ircd.8 6 2005-09-10 01:02:21Z nenolod $
.TH IRCD 8 "ircd-ratbox" 22 April 2004
.SH NAME
ircd \- The Internet Relay Chat Program Server
.SH SYNOPSIS
.hy 0
.IP \fBircd\fP
[-dlinefile filename] [-configfile filename] [-klinefile filename]
[-logfile filename] [-pidfile filename] [-resvfile filename]
[-xlinefile filename] [-conftest] [-foreground] [-version]
.SH DESCRIPTION
.LP
\fIircd\fP is the server (daemon) program for the Internet Relay Chat
Program. The \fIircd\fP is a server in that its function is to "serve"
the client program \fIirc(1)\fP with messages and commands. All commands
and user messages are passed directly to the \fIircd\fP for processing
and relaying to other ircd sites.
.SH OPTIONS
.TP
.B \-dlinefile filename
Specifies the D-line file to be used. This file is used for both reading
D-lines at startup, and writing to while \fIircd\fP is running.
.TP
.B \-configfile filename
Specifies the ircd.conf file to be used for this ircdaemon. The option
is used to override the default ircd.conf given at compile time.
.TP
.B \-klinefile filename
Specifies the K-line file to be used. This file is used for both reading
K-lines at startup, and writing to while \fIircd\fP is running.
.TP
.B \-logfile filename
Specifies an alternative logfile to be used than that specified in config.h
.TP
.B \-pidfile filename
Specifies the ircd.pid used. The option is used to override the default
ircd.pid given at compile time.
.TP
.B \-resvfile filename
Specifies the resv.conf file to be used for this ircdaemon. The option
is used to override the default resv.conf given at compile time.
.TP
.B \-xlinefile filename
Specifies the xline.conf file to be used for this ircdaemon. The option
is used to override the default xline.conf given at compile time.
.TP
.B \-conftest
Makes \fIircd\fP check the ircd.conf for errors
.TP
.B \-foreground
Makes \fIircd\fP run in the foreground
.TP
.B \-version
Makes \fIircd\fP print its version, and exit.
.SH USAGE
If you plan to connect your \fIircd\fP server to an existing Irc-Network,
you will need to alter your local IRC configuration file (typically named
"ircd.conf") so that it will accept and make connections to other \fIircd\fP
servers. This file contains the hostnames, Network Addresses, and sometimes
passwords for connections to other ircds around the world. Because
description of the actual file format of the "ircd.conf" file is beyond the
scope of this document, please refer to the file INSTALL in the IRC source
files documentation directory.
.LP
.SH BOOTING THE SERVER
The \fIircd\fP server can be started as part of the
Unix boot procedure or just by placing the server into Unix Background.
Keep in mind that if it is \fBnot\fP part of your Unix's boot-up procedure
then you will have to manually start the \fIircd\fP server each time your
Unix is rebooted. This means if your Unix is prone to crashing
or going for for repairs a lot it would make sense to start the \fIircd\fP
server as part of your UNIX bootup procedure.
.SH EXAMPLE
.RS
.nf
tolsun% \fBbin/ircd\fP
.fi
.RE
.LP
Places \fIircd\fP into Unix background and starts up the server for use.
Note: You do not have to add the "&" to this command, the program will
automatically detach itself from tty.
.RS
.nf
leguin% \fBbin/ircd -foreground\fP
.fi
.RE
.LP
Runs ircd in the foreground.
.RS
.nf
.SH COPYRIGHT
(c) 1988,1989 University of Oulu, Computing Center, Finland,
.LP
(c) 1988,1989 Department of Information Processing Science,
University of Oulu, Finland
.LP
(c) 1988,1989,1990,1991 Jarkko Oikarinen
.LP
(c) 1997,1998,1999,2000,2001 The IRCD-Hybrid project.
.LP
For full COPYRIGHT see LICENSE file with IRC package.
.LP
.RE
.SH FILES
"ircd.conf"
.SH BUGS
None... ;-) if somebody finds one, please inform author
.SH AUTHOR
irc2.8 and earlier: Jarkko Oikarinen, currently jto@tolsun.oulu.fi.
.LP
ircd-hybrid-7: IRCD-Hybrid Project, ircd-hybrid@the-project.org.
.LP
manual page written by Jeff Trim, jtrim@orion.cair.du.edu,
later modified by jto@tolsun.oulu.fi.
.LP
modified for ircd-hybrid-7 by Edward Brocklesby, ejb@klamath.uucp.leguin.org.uk.
.LP
updated by W. Campbell, wcampbel@botbay.net

243
doc/ircd.conf.example Executable file → Normal file
View file

@ -4,53 +4,51 @@
* Copyright (C) 2002-2005 ircd-ratbox development team
* Copyright (C) 2005-2006 charybdis development team
*
* $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
*
* See reference.conf for more information.
*/
/* Extensions */
#loadmodule "extensions/chm_operonly_compat.so";
#loadmodule "extensions/chm_quietunreg_compat.so";
#loadmodule "extensions/chm_sslonly_compat.so";
#loadmodule "extensions/createauthonly.so";
#loadmodule "extensions/extb_account.so";
#loadmodule "extensions/extb_canjoin.so";
#loadmodule "extensions/extb_channel.so";
#loadmodule "extensions/extb_combi.so";
#loadmodule "extensions/extb_extgecos.so";
#loadmodule "extensions/extb_hostmask.so";
#loadmodule "extensions/extb_oper.so";
#loadmodule "extensions/extb_realname.so";
#loadmodule "extensions/extb_server.so";
#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/hurt.so";
#loadmodule "extensions/m_findforwards.so";
#loadmodule "extensions/m_identify.so";
#loadmodule "extensions/no_oper_invis.so";
#loadmodule "extensions/sno_farconnect.so";
#loadmodule "extensions/sno_globalkline.so";
#loadmodule "extensions/sno_globaloper.so";
#loadmodule "extensions/sno_whois.so";
#loadmodule "extensions/override.so";
#loadmodule "extensions/no_kill_services.so";
#loadmodule "extensions/chm_nonotice";
#loadmodule "extensions/chm_operpeace";
#loadmodule "extensions/createauthonly";
#loadmodule "extensions/extb_account";
#loadmodule "extensions/extb_canjoin";
#loadmodule "extensions/extb_channel";
#loadmodule "extensions/extb_combi";
#loadmodule "extensions/extb_extgecos";
#loadmodule "extensions/extb_hostmask";
#loadmodule "extensions/extb_oper";
#loadmodule "extensions/extb_realname";
#loadmodule "extensions/extb_server";
#loadmodule "extensions/extb_ssl";
#loadmodule "extensions/extb_usermode";
#loadmodule "extensions/hurt";
#loadmodule "extensions/m_extendchans";
#loadmodule "extensions/m_findforwards";
#loadmodule "extensions/m_identify";
#loadmodule "extensions/m_locops";
#loadmodule "extensions/no_oper_invis";
#loadmodule "extensions/sno_farconnect";
#loadmodule "extensions/sno_globalnickchange";
#loadmodule "extensions/sno_globaloper";
#loadmodule "extensions/override";
#loadmodule "extensions/no_kill_services";
/*
* IP cloaking extensions: use ip_cloaking_4.0
* if you're linking 3.2 and later, otherwise use
* ip_cloaking.so, for compatibility with older 3.x
* ip_cloaking, for compatibility with older 3.x
* releases.
*/
#loadmodule "extensions/ip_cloaking_4.0.so";
#loadmodule "extensions/ip_cloaking.so";
#loadmodule "extensions/ip_cloaking_4.0";
#loadmodule "extensions/ip_cloaking";
serverinfo {
name = "hades.arpa";
sid = "42X";
description = "charybdis test server";
description = "solanum test server";
network_name = "StaticBox";
hub = yes;
/* On multi-homed hosts you may need the following. These define
* the addresses we connect from to other servers. */
@ -59,18 +57,20 @@ serverinfo {
/* for IPv6 */
#vhost6 = "2001:db8:2::6";
/* ssl_private_key: our ssl private key */
ssl_private_key = "etc/ssl.key";
/* ssl_cert: certificate for our ssl server */
/* ssl_cert: certificate (and optionally key) for our ssl server */
ssl_cert = "etc/ssl.pem";
/* ssl_private_key: our ssl private key (if not contained in ssl_cert file) */
#ssl_private_key = "etc/ssl.key";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 2048
* In general, the DH parameters size should be the same as your key's size.
* However it has been reported that some clients have broken TLS implementations which may
* choke on keysizes larger than 2048-bit, so we would recommend using 2048-bit DH parameters
* for now if your keys are larger than 2048-bit.
*/
*
* If you do not provide parameters, some TLS backends will fail on DHE- ciphers,
* and some will succeed but use weak, common DH groups! */
ssl_dh_params = "etc/dh.pem";
/* ssld_count: number of ssld processes you want to start, if you
@ -159,7 +159,13 @@ listen {
/* Listen on IPv6 (if you used host= above). */
#host = "2001:db8:2::6";
#port = 5000, 6665 .. 6669;
#sslport = 9999;
#sslport = 6697;
/* wsock: listeners defined with this option enabled will be websocket listeners,
* and will not accept normal clients.
*/
wsock = yes;
sslport = 9999;
};
/* auth {}: allow users to connect to the ircd (OLD I:)
@ -194,15 +200,17 @@ auth {
* encrypted | password is encrypted with mkpasswd
* spoof_notice | give a notice when spoofing hosts
* exceed_limit (old > flag) | allow user to exceed class user limits
* kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
* dnsbl_exempt | exempt this user from dnsbls
* spambot_exempt | exempt this user from spambot checks
* shide_exempt | exempt this user from serverhiding
* kline_exempt (old ^ flag) | exempt this user from k/g/xlines,
* | dnsbls, and proxies
* proxy_exempt | exempt this user from proxies
* dnsbl_exempt | exempt this user from dnsbls
* spambot_exempt | exempt this user from spambot checks
* shide_exempt | exempt this user from serverhiding
* jupe_exempt | exempt this user from generating
* warnings joining juped channels
* resv_exempt | exempt this user from resvs
* resv_exempt | exempt this user from resvs
* flood_exempt | exempt this user from flood limits
* USE WITH CAUTION.
* USE WITH CAUTION.
* no_tilde (old - flag) | don't prefix ~ to username if no ident
* need_ident (old + flag) | require ident for user in this class
* need_ssl | require SSL/TLS for user in this class
@ -223,7 +231,8 @@ auth {
* means they must be defined before operator {}.
*/
privset "local_op" {
privs = oper:local_kill, oper:operwall;
privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
};
privset "server_bot" {
@ -233,13 +242,14 @@ privset "server_bot" {
privset "global_op" {
extends = "local_op";
privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:mass_notice, oper:remoteban;
privs = oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy;
privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
};
operator "god" {
@ -296,20 +306,17 @@ operator "god" {
privset = "admin";
};
/* See connecting-servers.rst for an introduction to using these files. */
connect "irc.uplink.com" {
host = "203.0.113.3";
send_password = "password";
accept_password = "anotherpassword";
port = 6666;
hub_mask = "*";
class = "server";
flags = compressed, topicburst;
flags = topicburst;
#fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
/* If the connection is IPv6, uncomment below.
* Use 0::1, not ::1, for IPv6 localhost. */
#aftype = ipv6;
};
connect "ssl.uplink.com" {
@ -317,7 +324,6 @@ connect "ssl.uplink.com" {
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
@ -331,9 +337,8 @@ cluster {
flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
};
shared {
oper = "*@*", "*";
flags = all, rehash;
secure {
ip = "127.0.0.1";
};
/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
@ -349,6 +354,7 @@ channel {
knock_delay = 5 minutes;
knock_delay_channel = 1 minute;
max_chans_per_user = 15;
max_chans_per_user_large = 60;
max_bans = 100;
max_bans_large = 500;
default_split_user_count = 0;
@ -363,6 +369,9 @@ channel {
disable_local_channels = no;
autochanmodes = "+nt";
displayed_usercount = 3;
strip_topic_colors = no;
opmod_send_statusmsg = no;
invite_notify_notice = yes;
};
serverhide {
@ -372,15 +381,14 @@ serverhide {
disable_hidden = no;
};
/* These are the blacklist settings.
/* These are the DNSBL settings.
* You can have multiple combinations of host and rejection reasons.
* They are used in pairs of one host/rejection reason.
*
* These settings should be adequate for most networks, and are (presently)
* required for use on StaticBox.
* The default settings should be adequate for most networks.
*
* Word to the wise: Do not use blacklists like SPEWS for blocking IRC
* connections.
* It is not recommended to use DNSBL services designed for e-mail spam
* prevention, such as SPEWS for blocking IRC connections.
*
* As of charybdis 2.2, you can do some keyword substitution on the rejection
* reason. The available keyword substitutions are:
@ -400,13 +408,13 @@ serverhide {
* is considered a match. If included, a comma-separated list of *quoted*
* strings is allowed to match queries. They may be of the format "0" to "255"
* to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match
* an A record. The blacklist is only applied if it matches anything in the
* an A record. The DNSBL match is only applied if it matches anything in the
* list. You may freely mix full IP's and final octets.
*
* Consult your blacklist provider for the meaning of these parameters; they
* are usually used to denote different ban types.
* Consult your DNSBL provider for the meaning of these parameters; they
* are usually used to denote different block reasons.
*/
blacklist {
dnsbl {
host = "rbl.efnetrbl.org";
type = ipv4;
reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
@ -418,6 +426,78 @@ blacklist {
# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
};
/* These are the OPM settings.
* This is similar to the functionality provided by BOPM. It will scan incoming
* connections for open proxies by connecting to clients and attempting several
* different open proxy handshakes. If they connect back to us (via a dedicated
* listening port), and send back the data we send them, they are considered
* an open proxy. For politeness reasons (users may be confused by the incoming
* connection attempts if they are logging incoming connections), the user is
* notified upon connect if they are being scanned.
*
* WARNING:
* These settings are considered experimental. Only the most common proxy types
* are checked for (Charybdis is immune from POST and GET proxies). If you are
* not comfortable with experimental code, do not use this feature.
*/
#opm {
/* IPv4 address to listen on. This must be a publicly facing IP address
* to be effective.
* If omitted, it defaults to serverinfo::vhost.
*/
#listen_ipv4 = "127.0.0.1";
/* IPv4 port to listen on.
* This should not be the same as any existing listeners.
*/
#port_v4 = 32000;
/* IPv6 address to listen on. This must be a publicly facing IP address
* to be effective.
* If omitted, it defaults to serverinfo::vhost6.
*/
#listen_ipv6 = "::1";
/* IPv6 port to listen on.
* This should not be the same as any existing listeners.
*/
#port_v6 = 32000;
/* You can also set the listen_port directive which will set both the
* IPv4 and IPv6 ports at once.
*/
#listen_port = 32000;
/* This sets the timeout in seconds before ending open proxy scans.
* Values less than 1 or greater than 60 are ignored.
* It is advisable to keep it as short as feasible, so clients do not
* get held up by excessively long scan times.
*/
#timeout = 5;
/* These are the ports to scan for SOCKS4 proxies on. They may overlap
* with other scan types. Sensible defaults are given below.
*/
#socks4_ports = 1080, 10800, 443, 80, 8080, 8000;
/* These are the ports to scan for SOCKS5 proxies on. They may overlap
* with other scan types. Sensible defaults are given below.
*/
#socks5_ports = 1080, 10800, 443, 80, 8080, 8000;
/* These are the ports to scan for HTTP connect proxies on (plaintext).
* They may overlap with other scan types. Sensible defaults are given
* below.
*/
#httpconnect_ports = 80, 8080, 8000;
/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
* They may overlap with other scan types. Sensible defaults are given
* below.
*/
#httpsconnect_ports = 443, 4443;
#};
alias "NickServ" {
target = "NickServ";
};
@ -481,7 +561,7 @@ general {
tkline_expire_notices = no;
default_floodcount = 10;
failed_oper_notice = yes;
dots_in_ident=2;
dots_in_ident = 2;
min_nonwildcard = 4;
min_nonwildcard_simple = 3;
max_accept = 100;
@ -497,22 +577,30 @@ general {
resv_fnc = yes;
global_snotices = yes;
dline_with_reason = yes;
kline_delay = 0 seconds;
kline_with_reason = yes;
hide_tkdline_duration = no;
kline_reason = "K-Lined";
sasl_only_client_message = "You need to identify via SASL to use this server.";
identd_only_client_message = "You need to install identd to use this server.";
sctp_forbidden_client_message = "You are not allowed to use SCTP on this server.";
ssltls_only_client_message = "You need to use SSL/TLS to use this server.";
not_authorised_client_message = "You are not authorised to access this server.";
illegal_hostname_client_message = "You have an illegal character in your hostname.";
server_full_client_message = "Sorry, server is full - try later";
illegal_name_long_client_message = "Your username is invalid. Please make sure that your username contains only alphanumeric characters.";
illegal_name_short_client_message = "Invalid username";
identify_service = "NickServ@services.int";
identify_command = "IDENTIFY";
non_redundant_klines = yes;
warn_no_nline = yes;
use_propagated_bans = yes;
stats_e_disabled = no;
stats_c_oper_only=no;
stats_h_oper_only=no;
stats_y_oper_only=no;
stats_o_oper_only=yes;
stats_P_oper_only=no;
stats_i_oper_only=masked;
stats_k_oper_only=masked;
stats_c_oper_only = no;
stats_y_oper_only = no;
stats_o_oper_only = yes;
stats_P_oper_only = no;
stats_i_oper_only = masked;
stats_k_oper_only = masked;
map_oper_only = no;
operspy_admin_only = no;
operspy_dont_care_user_info = no;
@ -527,6 +615,7 @@ general {
no_oper_flood = yes;
max_targets = 4;
client_flood_max_lines = 20;
post_registration_delay = 0 seconds;
use_whois_actually = no;
oper_only_umodes = operwall, locops, servnotice;
oper_umodes = locops, servnotice, operwall, wallop;
@ -540,7 +629,9 @@ general {
throttle_count = 4;
max_ratelimit_tokens = 30;
away_interval = 30;
certfp_method = sha1;
certfp_method = spki_sha256;
hide_opers_in_whois = no;
tls_ciphers_oper_only = no;
};
modules {

View file

@ -1,2 +1,2 @@
This is charybdis MOTD you might replace it, but if not your friends will
This is solanum MOTD you might replace it, but if not your friends will
laugh at you.

View file

@ -1,5 +1,4 @@
ircd-ratbox logfiles - Lee H <lee -at- leeh.co.uk>
$Id: logfiles.txt 6 2005-09-10 01:02:21Z nenolod $
Charybdis logfiles - Lee H <lee -at- leeh.co.uk>
---------------------------
fname_killlog

View file

@ -4,7 +4,6 @@ Standard channel modes are listed in help/opers/cmode
The sgml docs have more detailed descriptions.
User mode +h (hide hostname) is provided by contrib/ip_cloaking.so
User mode +x (hide hostname) is provided by contrib/ip_cloaking.so
Server notice mask +F (far connects) is provided by contrib/sno_farconnect.so
# $Id: modes.txt 996 2006-03-09 01:14:34Z jilles $
Information on the caller ID system can be found in doc/features/modeg.txt

View file

@ -1,137 +0,0 @@
/************************************************************************
* IRC - Internet Relay Chat, doc/AUTHORS
* Copyright (C) 1990
*
* AUTHORS FILE:
* This file attempts to remember all contributors to the IRC
* developement. Names can be only added this file, no name
* should never be removed. This file must be included into all
* distributions of IRC and derived works.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
IRC was conceived of and written by Jarkko Oikarinen <jto@tolsun.oulu.fi>.
IRC was originally written in University of Oulu, Computing Center.
Jan 1991 - IRC 2.6 jto@tolsun.oulu.fi
- Multiple Channels and protocol changes
Contributions were made by a cast of dozens, including the following:
Markku Jarvinen <mta@tut.fi>: Emacs-like editing facility for the client
Kimmo Suominen <kim@kannel.lut.fi>: HP-UX port
Jeff Trim <jtrim@orion.cair.du.edu>: enhancements and advice
Vijay Subramaniam <vijay@lll-winken.llnl.gov>: advice and ruthless publicity
Karl Kleinpaste <karl@cis.ohio-state.edu>: user's manual
Greg Lindahl <gl8f@virginia.edu>: AUTOMATON code, the Wumpus GM automaton,
myriad bug fixes
Bill Wisner <wisner@hayes.fai.alaska.edu>: numerous bug fixes and code
enhancements
Tom Davis <conslt16@zeus.unl.edu> and Tim Russell <russell@zeus.unl.edu>:
VMS modifications
Markku Savela <msa@tel4.tel.vtt.fi>: advice, support, and being the
incentive to do some of our *own* coding. :)
Tom Hopkins <hoppie@buengf.bu.edu>: bug fixes, quarantine lines,
consolidation of various patches.
Christopher Davis <ckd@cs.bu.edu>: EFnet/Anet gateway coding,
many automata ;), documentation fixing.
Helen Rose <hrose@cs.bu.edu>: documentation updating, and fixing.
Tom Hinds <rocker@bucsf.bu.edu>: emacs client updating.
Tim Miller <cerebus@bu-pub.bu.edu>: various server and client-breaking
features.
Darren Reed <avalon@coombs.anu.edu.au>: various bug fixes and enhancements.
Introduced nickname and channelname hash tables into the server.
The version 2.2 release was coordinated by Mike Bolotski
<mikeb@salmon.ee.ubc.ca>.
The version 2.4 release was coordinated by Markku Savela and
Chelsea Ashley Dyerman
The version 2.5.2 release was coordinated by Christopher Davis, Helen Rose,
and Tom Hopkins.
The versions 2.6.2, 2.7 and 2.8 releases were coordinated by Darren Reed.
Contributions for the 2.8 release from the following people:
Matthew Green <phone@coombs.anu.edu.au>
Chuck Kane <ckane@ece.uiuc.edu>
Matt Lyle <matt@oc.com>
Vesa Ruokonen <ruokonen@lut.fi>
Markku Savela <Markku.Savela@vtt.fi> / April 1990
Fixed various bugs in 2.2PL1 release server (2.2msa.4) and changed
sockets to use non-blocking mode (2.2msa.9). [I have absolutely
nothing to do with clients :-]
Chelsea Ashley Dyerman <chelsea@earth.cchem.berkeley.edu> / April 1990
Rewrote the Makefiles, restructuring of source tree. Added libIrcd.a to
the Makefile macros, numerous reformatting of server text messages, and
added mkversion.sh to keep track of compilation statistics. Numerous
bug fixes and enhancements, and co-coordinator of the 2.4 release.
jarlek@ifi.uio.no added mail functions to irc.
Armin Gruner <gruner@informatik.tu-muenchen.de> / May, June 1990:
* Patched KILL-line feature for ircd.conf, works now.
Enhancement: Time intervals can be specified in passwd-field.
Result: KILL-Line is only active during these intervals
* Patched PRIVMSG handling, now OPER can specify masks for sending
private messages, advantage: msg to all at a specified server or host.
* Little tests on irc 2.5 alpha, fixed some little typos in client code.
Change: common/debug.c has been moved to ircd/s_debug.c, and a
irc/c_debug.c has been created, for the benefit that wrong server msg
are displayed if client does not recognize them. (strange, if a server
sends an 'unknown command', isn't it?)
Tom Hopkins <hoppie@buengf.bu.edu> / September, October 1990:
* Patched msa's K lines for servers (Q lines).
* Consolidated several patches, including Stealth's logging patch.
* Fixed several minor bugs.
* Has done lots of other stuff that I can't seem to remember, but he
always works on code, so he has to have done alot more than three
lines worth. :)
Thanks go to those persons not mentioned here who have added their advice,
opinions, and code to IRC.
Various modifications, bugreports, cleanups and testing by:
Hugo Calendar <hugo@ucscb.ucsc.edu>
Bo Adler <adler@csvax.cs.caltech.edu>
Michael Sandrof <ms5n+@andrew.cmu.edu>
Jon Solomon <jsol@cs.bu.edu>
Jan Peterson <jlp@hamblin.math.byu.edu>
Nathan Glasser <nathan@brokaw.lcs.mit.edu>
Helen Rose <hrose@eff.org>
Mike Pelletier <stealth@caen.engin.umich.edu>
Basalat Ali Raja <gwydion@tavi.rice.edu>
Eric P. Scott <eps@toaster.sfsu.edu>
Dan Goodwin <fornax@wpi.wpi.edu>
Noah Friedman <friedman@ai.mit.edu>

1
doc/oper-guide/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
_build

225
doc/oper-guide/Makefile Normal file
View file

@ -0,0 +1,225 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = _build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " applehelp to make an Apple Help Book"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " epub3 to make an epub3"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
@echo " coverage to run coverage check of the documentation (if enabled)"
@echo " dummy to check syntax errors of document sources"
.PHONY: clean
clean:
rm -rf $(BUILDDIR)/*
.PHONY: html
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
.PHONY: dirhtml
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
.PHONY: singlehtml
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
.PHONY: pickle
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
.PHONY: json
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
.PHONY: htmlhelp
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
.PHONY: qthelp
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Charybdisoperatorguide.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Charybdisoperatorguide.qhc"
.PHONY: applehelp
applehelp:
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
@echo
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
@echo "N.B. You won't be able to view it unless you put it in" \
"~/Library/Documentation/Help or install it in your application" \
"bundle."
.PHONY: devhelp
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/Charybdisoperatorguide"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Charybdisoperatorguide"
@echo "# devhelp"
.PHONY: epub
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
.PHONY: epub3
epub3:
$(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3
@echo
@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
.PHONY: latex
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
.PHONY: latexpdf
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: latexpdfja
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: text
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
.PHONY: man
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
.PHONY: texinfo
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
.PHONY: info
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
.PHONY: gettext
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
.PHONY: changes
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
.PHONY: linkcheck
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
.PHONY: doctest
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
.PHONY: coverage
coverage:
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
@echo "Testing of coverage in the sources finished, look at the " \
"results in $(BUILDDIR)/coverage/python.txt."
.PHONY: xml
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
.PHONY: pseudoxml
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
.PHONY: dummy
dummy:
$(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy
@echo
@echo "Build finished. Dummy builder generates no files."

264
doc/oper-guide/cmodes.rst Normal file
View file

@ -0,0 +1,264 @@
Channel modes
=============
Channel modes are determined by the various plugins loaded by the
server. The following consists only of a base list of common modes:
your server may have more plugins available, which you can see with
the following server command, depending on your IRC client::
/QUOTE HELP CMODE
or::
/RAW HELP CMODE
``+b``, channel ban
-------------------
Bans take one parameter which can take several forms. The most common
form is ``+b nick!user@host``. The wildcards ``*`` and ``?`` are
allowed, matching zero-or-more, and exactly-one characters
respectively. The masks will be trimmed to fit the maximum allowable
length for the relevant element. Bans are also checked against the IP
address, even if it resolved or is spoofed. CIDR is supported, like
``*!*@10.0.0.0/8``. This is most useful with IPv6. Bans are not
checked against the real hostname behind any kind of spoof, except if
host mangling is in use (e.g. ``extensions/ip_cloaking.so``): if the
user's host is mangled, their real hostname is checked additionally,
and if a user has no spoof but could enable mangling, the mangled form
of their hostname is checked additionally. Hence, it is not possible
to evade bans by toggling host mangling.
The second form (extban) is ``+b $type`` or ``+b $type:data``. type is
a single character (case insensitive) indicating the type of match,
optionally preceded by a tilde (``~``) to negate the comparison. data
depends on type. Each type is loaded as a module. The available types
(if any) are listed in the ``EXTBAN`` token of the 005
(``RPL_ISUPPORT``) numeric. See ``doc/extban.txt`` in the source
distribution or ``HELP EXTBAN`` for more information.
If no parameter is given, the list of bans is returned. All users can
use this form. The plus sign should also be omitted.
Matching users will not be allowed to join the channel or knock on it.
If they are already on the channel, they may not send to it or change
their nick.
``+c``, colour filter
---------------------
This cmode activates the colour filter for the channel. This filters out
bold, underline, reverse video, beeps, mIRC colour codes, and ANSI
escapes. Note that escape sequences will usually leave cruft sent to the
channel, just without the escape characters themselves.
``+e``, ban exemption
---------------------
This mode takes one parameter of the same form as bans, which overrides
``+b`` and ``+q`` bans for all clients it matches.
This can be useful if it is necessary to ban an entire ISP due to
persistent abuse, but some users from that ISP should still be allowed
in. For example::
/mode #channel +be *!*@*.example.com *!*someuser@host3.example.com
Only channel operators can see ``+e`` changes or request the list.
``+f``, channel forwarding
--------------------------
This mode takes one parameter, the name of a channel (``+f
#channel``). If the channel also has the ``+i`` cmode set, and
somebody attempts to join without either being expliticly invited, or
having an invex (``+I``), then they will instead join the channel
named in the mode parameter. The client will also be sent a 470
numeric giving the original and target channels.
Users are similarly forwarded if the ``+j`` cmode is set and their attempt
to join is throttled, if ``+l`` is set and there are already too many users
in the channel or if ``+r`` is set and they are not identified.
Forwards may only be set to ``+F`` channels, or to channels the setter has
ops in.
Without parameter (``/mode #channel f`` or ``/mode #channel +f``) the forward
channel is returned. This form also works off channel.
``+F``, allow anybody to forward to this
----------------------------------------
When this mode is set, anybody may set a forward from a channel they
have ops in to this channel. Otherwise they have to have ops in this
channel.
``+g``, allow anybody to invite
-------------------------------
When this mode is set, anybody may use the ``INVITE`` command on the channel
in question. When it is unset, only channel operators may use the ``INVITE``
command.
When this mode is set together with ``+i``, ``+j``, ``+l`` or ``+r``, all channel
members can influence who can join.
``+i``, invite only
-------------------
When this cmode is set, no client can join the channel unless they have
an invex (``+I``) or are invited with the ``INVITE`` command.
``+I``, invite exception (invex)
--------------------------------
This mode takes one parameter of the same form as bans. Matching clients
do not need to be invited to join the channel when it is invite-only
(``+i``). Unlike the ``INVITE`` command, this does not override ``+j``, ``+l`` and ``+r``.
Only channel operators can see ``+I`` changes or request the list.
``+j``, join throttling
-----------------------
This mode takes one parameter of the form n:t, where n and t are
positive integers. Only n users may join in each period of t seconds.
Invited users can join regardless of ``+j``, but are counted as normal.
Due to propagation delays between servers, more users may be able to
join (by racing for the last slot on each server).
``+k``, key (channel password)
------------------------------
Taking one parameter, when set, this mode requires a user to supply the
key in order to join the channel: ``/JOIN #channel key``.
``+l``, channel member limit
----------------------------
Takes one numeric parameter, the number of users which are allowed to be
in the channel before further joins are blocked. Invited users may join
regardless.
Due to propagation delays between servers, more users may be able to
join (by racing for the last slot on each server).
``+L``, large ban list
----------------------
Channels with this mode will be allowed larger banlists (by default, 500
instead of 50 entries for ``+b``, ``+q``, ``+e`` and ``+I`` together). Only network
operators with resv privilege may set this mode.
``+m``, moderated
-----------------
When a channel is set ``+m``, only users with ``+o`` or ``+v`` on the channel can
send to it.
Users can still knock on the channel or change their nick.
``+n``, no external messages
----------------------------
When set, this mode prevents users from sending to the channel without
being in it themselves. This is recommended.
``+o``, channel operator
------------------------
This mode takes one parameter, a nick, and grants or removes channel
operator privilege to that user. Channel operators have full control
over the channel, having the ability to set all channel modes except ``+L``
and ``+P``, and kick users. Like voiced users, channel operators can always
send to the channel, overriding ``+b``, ``+m`` and ``+q`` modes and the per-channel
flood limit. In most clients channel operators are marked with an '@'
sign.
The privilege is lost if the user leaves the channel or server in any
way.
Most networks will run channel registration services (e.g. ChanServ)
which ensure the founder (and users designated by the founder) can
always gain channel operator privileges and provide some features to
manage the channel.
``+p``, paranoid channel
------------------------
When set, the ``KNOCK`` command cannot be used on the channel to request an
invite, and users will not be shown the channel in ``WHOIS`` replies unless
they are on it. Unlike in traditional IRC, ``+p`` and ``+s`` can be set
together.
``+P``, permanent channel
-------------------------
Channels with this mode (which is accessible only to network operators
with resv privilege) set will not be destroyed when the last user
leaves.
This makes it less likely modes, bans and the topic will be lost and
makes it harder to abuse network splits, but also causes more unwanted
restoring of old modes, bans and topics after long splits.
``+q``, quiet
-------------
This mode behaves exactly like ``+b`` (ban), except that the user may still
join the channel. The net effect is that they cannot knock on the
channel, send to the channel or change their nick while on channel.
``+Q``, block forwarded users
-----------------------------
Channels with this mode set are not valid targets for forwarding. Any
attempt to forward to this channel will be ignored, and the user will be
handled as if the attempt was never made (by sending them the relevant
error message).
This does not affect the ability to set ``+f``.
``+r``, block unidentified
--------------------------
When set, this mode prevents unidentified users from joining. Invited
users can still join.
``+s``, secret channel
----------------------
When set, this mode prevents the channel from appearing in the output of
the ``LIST``, ``WHO`` and ``WHOIS`` command by users who are not on it. Also, the
server will refuse to answer ``WHO``, ``NAMES``, ``TOPIC`` and ``LIST`` queries from
users not on the channel.
``+t``, topic limit
-------------------
When set, this mode prevents users who are not channel operators from
changing the topic.
``+v``, voice
-------------
This mode takes one parameter, a nick, and grants or removes voice
privilege to that user. Voiced users can always send to the channel,
overriding ``+b``, ``+m`` and ``+q`` modes and the per-channel flood limit. In most
clients voiced users are marked with a plus sign.
The privilege is lost if the user leaves the channel or server in any
way.
``+z``, reduced moderation
--------------------------
When ``+z`` is set, the effects of ``+m``, ``+b`` and ``+q`` are relaxed. For each
message, if that message would normally be blocked by one of these
modes, it is instead sent to all channel operators. This is intended for
use in moderated debates.
Note that ``+n`` is unaffected by this. To silence a given user completely,
remove them from the channel.

754
doc/oper-guide/commands.rst Normal file
View file

@ -0,0 +1,754 @@
Operator Commands
=================
Network management commands
~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note:: All commands and names are case insensitive. Parameters
consisting of one or more separate letters, such as in ``MODE``,
``STATS`` and ``WHO``, are case sensitive.
CONNECT
-------
::
CONNECT target [port] [source]
Initiate a connection attempt to server target. If a port is given,
connect to that port on the target, otherwise use the one given in
``ircd.conf``. If source is given, tell that server to initiate the
connection attempt, otherwise it will be made from the server you are
attached to.
To use the default port with source, specify 0 for port.
SQUIT
-----
::
SQUIT server [reason]
Closes down the link to server from this side of the network. If a
reason is given, it will be sent out in the server notices on both sides
of the link.
REHASH
------
::
REHASH [BANS | DNS | MOTD | OMOTD | TKLINES | TDLINES | TXLINES | TRESVS | REJECTCACHE | HELP] [server]
With no parameter given, ``ircd.conf`` will be reread and parsed. The
server argument is a wildcard match of server names.
``BANS``
Rereads ``kline.conf``, ``dline.conf``, ``xline.conf``,
``resv.conf`` and their .perm variants
``DNS``
Reread ``/etc/resolv.conf``.
``MOTD``
Reload the ``MOTD`` file
``OMOTD``
Reload the operator ``MOTD`` file
``TKLINES``
Clears temporary ``K:lines``.
``TDLINES``
Clears temporary ``D:lines``.
``TXLINES``
Clears temporary ``X:lines``.
``TRESVS``
Clears temporary reservations.
``REJECTCACHE``
Clears the client rejection cache.
``HELP``
Refreshes the help system cache.
RESTART
-------
::
RESTART server
Cause an immediate total shutdown of the IRC server, and restart from
scratch as if it had just been executed.
This reexecutes the ircd using the compiled-in path, visible as ``SPATH`` in
``INFO``.
.. note:: This command cannot be used remotely. The server name is
used only as a safety measure.
DIE
---
::
DIE server
Immediately terminate the IRC server, after sending notices to all
connected clients and servers
.. note:: This command cannot be used remotely. The server name is
used only as a safety measure.
SET
---
::
SET [ ADMINSTRING | AUTOCONN | AUTOCONNALL | FLOODCOUNT | IDENTTIMEOUT | MAX | OPERSTRING | SPAMNUM | SPAMTIME | SPLITMODE | SPLITNUM | SPLITUSERS ] value
The ``SET`` command sets a runtime-configurable value.
Most of the ``ircd.conf`` equivalents have a ``default_prefix`` and are
only read on startup. ``SET`` is the only way to change these at run time.
Most of the values can be queried by omitting value.
``ADMINSTRING``
Sets string shown in ``WHOIS`` for admins. (umodes +o and +a set, umode
+S not set).
``AUTOCONN``
Sets auto-connect on or off for a particular server. Takes two
parameters, server name and new state.
To see these values, use ``/stats c``. Changes to this are lost on a
rehash.
``AUTOCONNALL``
Globally sets auto-connect on or off. If disabled, no automatic
connections are done; if enabled, automatic connections are done
following the rules for them.
``FLOODCOUNT``
The number of lines allowed to be sent to a connection before
throttling it due to flooding. Note that this variable is used for
both channels and clients.
For channels, op or voice overrides this; for users, IRC operator
status or op or voice on a common channel overrides this.
``IDENTTIMEOUT``
Timeout for requesting ident from a client.
``MAX``
Sets the maximum number of connections to value.
This number cannot exceed maxconnections - ``MAX_BUFFER``.
maxconnections is the rlimit for number of open files. ``MAX_BUFFER``
is defined in config.h, normally 60.
``MAXCLIENTS`` is an alias for this.
``OPERSTRING``
Sets string shown in ``WHOIS`` for opers (umode ``+o`` set, umodes ``+a`` and ``+S``
not set).
``SPAMNUM``
Sets how many join/parts to channels constitutes a possible spambot.
``SPAMTIME``
Below this time on a channel counts as a join/part as above.
``SPLITMODE``
Sets splitmode to value:
``ON``
splitmode is permanently on
``OFF``
splitmode is permanently off (default if ``no_create_on_split``
and ``no_join_on_split`` are disabled)
``AUTO``
ircd chooses splitmode based on ``SPLITUSERS`` and ``SPLITNUM`` (default
if ``no_create_on_split`` or ``no_join_on_split`` are enabled)
``SPLITUSERS``
Sets the minimum amount of users needed to deactivate automatic
splitmode.
``SPLITNUM``
Sets the minimum amount of servers needed to deactivate automatic
splitmode. Only servers that have finished bursting count for this.
User management commands
~~~~~~~~~~~~~~~~~~~~~~~~
KILL
----
::
KILL nick [reason]
Disconnects the user with the given nick from the server they are
connected to, with the reason given, if present, and broadcast a server
notice announcing this.
Your nick and the reason will appear on channels.
CLOSE
-----
Closes all connections from and to clients and servers who have not
completed registering.
KLINE
-----
::
KLINE [length] [user@host | user@a.b.c.d] [ON servername] [:reason]
Adds a ``K:line`` to ``kline.conf`` to ban the given ``user@host`` from using
that server.
If the optional parameter length is given, the ``K:line`` will be temporary
(i.e. it will not be stored on disk) and last that long in minutes.
If an IP address is given, the ban will be against all hosts matching
that IP regardless of DNS. The IP address can be given as a full address
(``192.168.0.1``), as a CIDR mask (``192.168.0.0/24``), or as a glob
(``192.168.0.*``).
All clients matching the ``K:line`` will be disconnected from the server
immediately.
If a reason is specified, it will be sent to the client when they are
disconnected, and whenever a connection is attempted which is banned.
If the ON part is specified, the ``K:line`` is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there). Otherwise,
if specified in a ``cluster{}`` block, the ``K:Line`` will be propagated across
the network accordingly.
UNKLINE
-------
::
UNKLINE user@host [ON servername]
Will attempt to remove a ``K:line`` matching ``user@host`` from ``kline.conf``,
and will flush a temporary ``K:line``.
XLINE
-----
::
XLINE [length] mask [ON servername] [:reason]
Works similarly to ``KLINE``, but matches against the real name field. The
wildcards are ``*`` (any sequence), ``?`` (any character), ``#`` (a digit) and ``@`` (a
letter); wildcard characters can be escaped with a backslash. The
sequence ``\s`` matches a space.
All clients matching the ``X:line`` will be disconnected from the server
immediately.
The reason is never sent to users. Instead, they will be exited with
"Bad user info".
If the ON part is specified, the ``X:line`` is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there). Otherwise,
if specified in a ``cluster{}`` block, the ``X:line`` will be propagated across
the network accordingly.
UNXLINE
-------
::
UNXLINE mask [ON servername]
Will attempt to remove an ``X:line`` from ``xline.conf``, and will flush a
temporary ``X:line``.
RESV
----
::
RESV [length] [channel | mask] [ON servername] [:reason]
If used on a channel, “jupes” the channel locally. Joins to the channel
will be disallowed and generate a server notice on ``+y``, and users will
not be able to send to the channel. Channel jupes cannot contain
wildcards.
If used on a nickname mask, prevents local users from using a nick
matching the mask (the same wildcard characters as xlines). There is no
way to exempt the initial nick from this.
In neither case will current users of the nick or channel be kicked or
disconnected.
This facility is not designed to make certain nicks or channels
oper-only.
The reason is never sent to users.
If the ON part is specified, the resv is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there). Otherwise,
if specified in a ``cluster{}`` block, the resv will be propagated across
the network accordingly.
UNRESV
------
::
UNRESV [channel | mask] [ON servername]
Will attempt to remove a resv from ``resv.conf``, and will flush a
temporary resv.
DLINE
-----
::
DLINE [length] a.b.c.d [ON servername] [:reason]
Adds a ``D:line`` to ``dline.conf``, which will deny any connections from
the given IP address. The IP address can be given as a full address
(``192.168.0.1``) or as a CIDR mask (``192.168.0.0/24``).
If the optional parameter length is given, the ``D:line`` will be temporary
(i.e. it will not be stored on disk) and last that long in minutes.
All clients matching the ``D:line`` will be disconnected from the server
immediately.
If a reason is specified, it will be sent to the client when they are
disconnected, and, if ``dline_reason`` is enabled, whenever a connection is
attempted which is banned.
``D:lines`` are less load on a server, and may be more appropriate if
somebody is flooding connections.
If the ON part is specified, the ``D:line`` is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there, which is
not the case by default). Otherwise, the D:Line will be set on the local
server only.
Only ``exempt{}`` blocks exempt from ``D:lines``. Being a server or having
``kline_exempt`` in ``auth{}`` does *not* exempt (different from ``K/G/X:lines``).
UNDLINE
-------
::
UNDLINE a.b.c.d [ON servername]
Will attempt to remove a ``D:line`` from ``dline.conf``, and will flush a
temporary ``D:line``.
TESTGECOS
---------
::
TESTGECOS gecos
Looks up X:Lines matching the given gecos.
TESTLINE
--------
::
TESTLINE [nick!] [user@host | a.b.c.d]
Looks up the given hostmask or IP address and reports back on any ``auth{}``
blocks, D: or K: lines found. If nick is given, also searches for nick
resvs.
For temporary items the number of minutes until the item expires is
shown (as opposed to the hit count in STATS q/Q/x/X).
This command will not perform DNS lookups; for best results you must
testline a host and its IP form.
The given username should begin with a tilde (~) if identd is not in
use. As of charybdis 2.1.1, ``no_tilde`` and username truncation will be
taken into account like in the normal client access check.
As of charybdis 2.2.0, a channel name can be specified and the RESV will
be returned, if there is one.
TESTMASK
--------
::
TESTMASK hostmask [gecos]
Searches the network for users that match the hostmask and gecos given,
returning the number of matching users on this server and other servers.
The hostmask is of the form user@host or user@ip/cidr with \* and ?
wildcards, optionally preceded by nick!.
The gecos field accepts the same wildcards as xlines.
The IP address checked against is ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or 0 if the IP address is hidden
(``auth{}`` spoof).
LUSERS
------
::
LUSERS [mask] [nick | server]
Shows various user and channel counts.
The mask parameter is obsolete but must be used when querying a remote
server.
TRACE
-----
::
TRACE [server | nick] [location]
With no argument or one argument which is the current server, TRACE
gives a list of all connections to the current server and a summary of
connection classes.
With one argument which is another server, TRACE displays the path to
the specified server, and all servers, opers and -i users on that
server, along with a summary of connection classes.
With one argument which is a client, TRACE displays the path to that
client, and that client's information.
If location is given, the command is executed on that server; no path is
displayed.
When listing connections, type, name and class is shown in addition to
information depending on the type:
Try.
A server we are trying to make a TCP connection to.
H.S.
A server we have established a TCP connection to, but is not yet
registered.
\?\?\?\?
An incoming connection that has not yet registered as a user or a
server (“unknown”). Shows the username, hostname, IP address and the
time the connection has been open. It is possible that the ident or
DNS lookups have not completed yet, and in any case no tildes are
shown here. Unknown connections may not have a name yet.
User
A registered unopered user. Shows the username, hostname, IP
address, the time the client has not sent anything (as in STATS l)
and the time the user has been idle (from PRIVMSG only, as in
WHOIS).
Oper
Like User, but opered.
Serv
A registered server. Shows the number of servers and users reached
via this link, who made this connection and the time the server has
not sent anything.
ETRACE
------
::
ETRACE [nick]
Shows client information about the given target, or about all local
clients if no target is specified.
PRIVS
-----
::
PRIVS [nick]
Displays effective operator privileges for the specified nick, or for
yourself if no nick is given. This includes all privileges from the
operator block, the name of the operator block and those privileges from
the auth block that have an effect after the initial connection.
The exact output depends on the server the nick is on, see the matching
version of this document. If the remote server does not support this
extension, you will not receive a reply.
MASKTRACE
---------
::
MASKTRACE hostmask [gecos]
Searches the local server or network for users that match the hostmask
and gecos given. Network searches require the ``oper_spy`` privilege and an
'!' before the hostmask. The matching works the same way as TESTMASK.
The hostmask is of the form ``user@host`` or ``user@ip/cidr`` with ``*`` and ``?``
wildcards, optionally preceded by ``nick!``.
The gecos field accepts the same wildcards as xlines.
The IP address field contains ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or ``0`` if the IP address is hidden
(``auth{}`` spoof).
CHANTRACE
---------
::
CHANTRACE channel
Displays information about users in a channel. Opers with the ``oper_spy``
privilege can get the information without being on the channel, by
prefixing the channel name with an ``!``.
The IP address field contains ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or ``0`` if the IP address is hidden
(``auth{}`` spoof).
SCAN
----
::
SCAN UMODES +modes-modes [no-list] [list] [global] [list-max number] [mask nick!user@host]
Searches the local server or network for users that have the umodes
given with + and do not have the umodes given with -. no-list disables
the listing of matching users and only shows the count. list enables the
listing (default). global extends the search to the entire network
instead of local users only. list-max limits the listing of matching
users to the given amount. mask causes only users matching the given
nick!user@host mask to be selected. Only the displayed host is
considered, not the IP address or real host behind dynamic spoofs.
The IP address field contains ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or 0 if the IP address is hidden
(``auth{}`` spoof).
Network searches where a listing is given are operspy commands.
CHGHOST
-------
::
CHGHOST nick value
Set the hostname associated with a particular nick for the duration of
this session. This command is disabled by default because of the abuse
potential and little practical use.
Miscellaneous commands
~~~~~~~~~~~~~~~~~~~~~~
ADMIN
-----
::
ADMIN [nick | server]
Shows the information in the ``admin{}`` block.
INFO
----
::
INFO [nick | server]
Shows information about the authors of the IRC server, and some
information about this server instance. Opers also get a list of
configuration options.
TIME
----
::
TIME [nick | server]
Shows the local time on the given server, in a human-readable format.
VERSION
-------
::
VERSION [nick | server]
Shows version information, a few compile/config options, the SID and the
005 numerics. The 005 numeric will be remapped to 105 for remote
requests.
STATS
-----
::
STATS [type] [nick | server]
Display various statistics and configuration information.
A
Show DNS servers
b
Show active nick delays
B
Show hash statistics
c
Show connect blocks
d
Show temporary ``D:lines``
D
Show permanent ``D:lines``
e
Show exempt blocks (exceptions to ``D:lines``)
E
Show events
f
Show file descriptors
h
Show ``hub_mask``/``leaf_mask``
i
Show auth blocks, or matched auth blocks
k
Show temporary ``K:lines``, or matched ``K:lines``
K
Show permanent ``K:lines``, or matched ``K:lines``
l
Show hostname and link information about the given nick. With a
server name, show information about opers and servers on that
server; opers get information about all local connections if they
query their own server. No hostname is shown for server connections.
L
Like l, but show IP address instead of hostname
m
Show commands and their usage statistics (total counts, total bytes,
counts from server connections)
n
Show blacklist blocks (DNS blacklists) with hit counts since last
rehash and (parenthesized) reference counts. The reference count
shows how many clients are waiting on a lookup of this blacklist or
have been found and are waiting on registration to complete.
o
Show operator blocks
O
Show privset blocks
p
Show logged on network operators which are not set AWAY.
P
Show listen blocks (ports)
q
Show temporarily resv'ed nicks and channels with hit counts
Q
Show permanently resv'ed nicks and channels with hit counts since
last rehash bans
r
Show resource usage by the ircd
t
Show generic server statistics about local connections
u
Show server uptime
U
Show shared (c), cluster (C) and service (s) blocks
v
Show connected servers and brief status
x
Show temporary ``X:lines`` with hit counts
X
Show permanent ``X:lines`` with hit counts since last rehash bans
y
Show class blocks
z
Show memory usage statistics
Z
Show ziplinks statistics
?
Show connected servers and link information about them
WALLOPS
-------
::
WALLOPS :message
Sends a WALLOPS message to all users who have the +w umode set. This is
for things you don't mind the whole network knowing about.
OPERWALL
--------
::
OPERWALL :message
Sends an OPERWALL message to all opers who have the +z umode set. +z is
restricted, OPERWALL should be considered private communications.

423
doc/oper-guide/conf.py Normal file
View file

@ -0,0 +1,423 @@
# -*- coding: utf-8 -*-
#
# Charybdis operator guide documentation build configuration file, created by
# sphinx-quickstart on Sat Mar 25 10:41:29 2017.
#
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
#
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Charybdis operator guide'
copyright = u'2009, Jilles Tjoelker'
author = u'Jilles Tjoelker'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = u'3.5'
# The full version, including alpha/beta/rc tags.
release = u'3.5'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#
# today = ''
#
# Else, today_fmt is used as the format for a strftime call.
#
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This patterns also effect to html_static_path and html_extra_path
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
# The reST default role (used for this markup: `text`) to use for all
# documents.
#
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# If true, `todo` and `todoList` produce output, else they produce nothing.
todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
#html_theme = 'alabaster'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents.
# "<project> v<release> documentation" by default.
#
# html_title = u'Charybdis operator guide v3.5'
# A shorter title for the navigation bar. Default is the same as html_title.
#
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#
# html_logo = None
# The name of an image file (relative to this directory) to use as a favicon of
# the docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
# html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#
# html_extra_path = []
# If not None, a 'Last updated on:' timestamp is inserted at every page
# bottom, using the given strftime format.
# The empty string is equivalent to '%b %d, %Y'.
#
# html_last_updated_fmt = None
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#
# html_additional_pages = {}
# If false, no module index is generated.
#
# html_domain_indices = True
# If false, no index is generated.
#
# html_use_index = True
# If true, the index is split into individual pages for each letter.
#
# html_split_index = False
# If true, links to the reST sources are added to the pages.
#
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Language to be used for generating the HTML full-text search index.
# Sphinx supports the following languages:
# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja'
# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr', 'zh'
#
# html_search_language = 'en'
# A dictionary with options for the search language support, empty by default.
# 'ja' uses this config value.
# 'zh' user can custom change `jieba` dictionary path.
#
# html_search_options = {'type': 'default'}
# The name of a javascript file (relative to the configuration directory) that
# implements a search results scorer. If empty, the default will be used.
#
# html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = 'Charybdisoperatorguidedoc'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#
# 'preamble': '',
# Latex figure (float) alignment
#
# 'figure_align': 'htbp',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'Charybdisoperatorguide.tex', u'Charybdis operator guide Documentation',
u'Jilles Tjoelker', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#
# latex_use_parts = False
# If true, show page references after internal links.
#
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
#
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
#
# latex_appendices = []
# It false, will not define \strong, \code, itleref, \crossref ... but only
# \sphinxstrong, ..., \sphinxtitleref, ... To help avoid clash with user added
# packages.
#
# latex_keep_old_macro_names = True
# If false, no module index is generated.
#
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, 'charybdisoperatorguide', u'Charybdis operator guide Documentation',
[author], 1)
]
# If true, show URL addresses after external links.
#
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'Charybdisoperatorguide', u'Charybdis operator guide Documentation',
author, 'Charybdisoperatorguide', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#
# texinfo_appendices = []
# If false, no module index is generated.
#
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#
# texinfo_no_detailmenu = False
# -- Options for Epub output ----------------------------------------------
# Bibliographic Dublin Core info.
epub_title = project
epub_author = author
epub_publisher = author
epub_copyright = copyright
# The basename for the epub file. It defaults to the project name.
# epub_basename = project
# The HTML theme for the epub output. Since the default themes are not
# optimized for small screen space, using the same theme for HTML and epub
# output is usually not wise. This defaults to 'epub', a theme designed to save
# visual space.
#
# epub_theme = 'epub'
# The language of the text. It defaults to the language option
# or 'en' if the language is not set.
#
# epub_language = ''
# The scheme of the identifier. Typical schemes are ISBN or URL.
# epub_scheme = ''
# The unique identifier of the text. This can be a ISBN number
# or the project homepage.
#
# epub_identifier = ''
# A unique identification for the text.
#
# epub_uid = ''
# A tuple containing the cover image and cover page html template filenames.
#
# epub_cover = ()
# A sequence of (type, uri, title) tuples for the guide element of content.opf.
#
# epub_guide = ()
# HTML files that should be inserted before the pages created by sphinx.
# The format is a list of tuples containing the path and title.
#
# epub_pre_files = []
# HTML files that should be inserted after the pages created by sphinx.
# The format is a list of tuples containing the path and title.
#
# epub_post_files = []
# A list of files that should not be packed into the epub file.
epub_exclude_files = ['search.html']
# The depth of the table of contents in toc.ncx.
#
# epub_tocdepth = 3
# Allow duplicate toc entries.
#
# epub_tocdup = True
# Choose between 'default' and 'includehidden'.
#
# epub_tocscope = 'default'
# Fix unsupported image types using the Pillow.
#
# epub_fix_images = False
# Scale large images.
#
# epub_max_image_width = 0
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#
# epub_show_urls = 'inline'
# If false, no index is generated.
#
# epub_use_index = True

825
doc/oper-guide/config.rst Normal file
View file

@ -0,0 +1,825 @@
Server config file format
=========================
General format
~~~~~~~~~~~~~~
The config file consists of a series of BIND-style blocks. Each block
consists of a series of values inside it which pertain to configuration
settings that apply to the given block.
Several values take lists of values and have defaults preset inside
them. Prefix a keyword with a tilde (``~``) to override the default and
disable it.
A line may also be a .include directive, which is of the form::
.include "file"
and causes file to be read in at that point, before the rest of
the current file is processed. Relative paths are first tried relative
to ``PREFIX`` and then relative to ``ETCPATH`` (normally ``PREFIX``/etc).
Anything from a ``#`` to the end of a line is a comment. Blank lines are
ignored. C-style comments are also supported.
Specific blocks and directives
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Not all configuration blocks and directives are listed here, only the
most common ones. More blocks and directives will be documented in later
revisions of this manual.
loadmodule directive
--------------------
::
loadmodule "text";
Loads a module into the IRCd. In charybdis 1.1, most modules are
automatically loaded in. In future versions, it is intended to remove
this behaviour as to allow for easy customization of the IRCd's
featureset.
serverinfo {} block
-------------------
::
serverinfo {
name = "text";
sid = "text";
description = "text";
network_name = "text";
network_desc = "text";
hub = boolean;
vhost = "text";
vhost6 = "text";
};
The serverinfo {} block defines the core operational parameters of the
IRC server.
**serverinfo {} variables**
name
The name of the IRC server that you are configuring. This must
contain at least one dot. It is not necessarily equal to any DNS
name. This must be unique on the IRC network.
sid
A unique ID which describes the server. This consists of one digit
and two characters which can be digits or letters.
description
A user-defined field of text which describes the IRC server. This
information is used in ``/links`` and ``/whois`` requests. Geographical
location information could be a useful use of this field, but most
administrators put a witty saying inside it instead.
network\_name
The name of the IRC network that this server will be a member of.
This is used in the welcome message and ``NETWORK=`` in 005.
hub
A boolean which defines whether or not this IRC server will be
serving as a hub, i.e. have multiple servers connected to it.
vhost
An optional text field which defines an IPv4 address from which
to connect outward to other IRC servers.
vhost6
An optional text field which defines an IPv6 address from which
to connect outward to other IRC servers.
admin {} block
--------------
::
admin {
name = "text";
description = "text";
email = "text";
};
This block provides the information which is returned by the ``ADMIN``
command.
name
The name of the administrator running this service.
description
The description of the administrator's position in the network.
email
A point of contact for the administrator, usually an e-mail address.
class {} block
--------------
::
class "name" {
ping_time = duration;
number_per_ident = number;
number_per_ip = number;
number_per_ip_global = number;
cidr_ipv4_bitlen = number;
cidr_ipv6_bitlen = number;
number_per_cidr = number;
max_number = number;
sendq = size;
};
class "name" {
ping_time = duration;
connectfreq = duration;
max_number = number;
sendq = size;
};
Class blocks define classes of connections for later use. The class name
is used to connect them to other blocks in the config file (auth{} and
connect{}). They must be defined before they are used.
Classes are used both for client and server connections, but most
variables are different.
**class {} variables: client classes**
ping\_time
The amount of time between checking pings for clients, e.g.: 2
minutes
number\_per\_ident
The amount of clients which may be connected from a single identd
username on a per-IP basis, globally. Unidented clients all count as
the same username.
number\_per\_ip
The amount of clients which may be connected from a single IP
address.
number\_per\_ip\_global
The amount of clients which may be connected globally from a single
IP address.
cidr\_ipv4\_bitlen
The netblock length to use with CIDR-based client limiting for IPv4
users in this class (between 0 and 32).
cidr\_ipv6\_bitlen
The netblock length to use with CIDR-based client limiting for IPv6
users in this class (between 0 and 128).
number\_per\_cidr
The amount of clients which may be connected from a single netblock.
If this needs to differ between IPv4 and IPv6, make different
classes for IPv4 and IPv6 users.
max\_number
The maximum amount of clients which may use this class at any given
time.
sendq
The maximum size of the queue of data to be sent to a client before
it is dropped.
**class {} variables: server classes**
ping\_time
The amount of time between checking pings for servers, e.g.: 2
minutes
connectfreq
The amount of time between autoconnects. This must at least be one
minute, as autoconnects are evaluated with that granularity.
max\_number
The amount of servers to autoconnect to in this class. More
precisely, no autoconnects are done if the number of servers in this
class is greater than or equal max\_number
sendq
The maximum size of the queue of data to be sent to a server before
it is dropped.
auth {} block
-------------
::
auth {
user = "hostmask";
password = "text";
spoof = "text";
flags = list;
class = "text";
};
auth {} blocks allow client connections to the server, and set various
properties concerning those connections.
Auth blocks are evaluated from top to bottom in priority, so put special
blocks first.
auth {} variables
~~~~~~~~~~~~~~~~~
user
A hostmask (``user@host``) that the auth {} block applies to. It is
matched against the hostname and IP address (using :: shortening for
IPv6 and prepending a 0 if it starts with a colon) and can also use
CIDR masks. You can have multiple user entries.
password
An optional password to use for authenticating into this auth{}
block. If the password is wrong the user will not be able to connect
(will not fall back on another auth{} block).
spoof
An optional fake hostname (or ``user@host``) to apply to users
authenticated to this auth{} block. In ``STATS i`` and ``TESTLINE``, an
equals sign (=) appears before the ``user@host`` and the spoof is shown.
flags
A list of flags to apply to this ``auth{}`` block. They are listed
below. Some of the flags appear as a special character,
parenthesized in the list, before the ``user@host`` in ``STATS i`` and
``TESTLINE``.
class
A name of a class to put users matching this auth{} block into.
umodes
Additional umodes to apply to the default_umodes upon connect.
auth {} flags
~~~~~~~~~~~~~
encrypted
The password used has been encrypted.
spoof\_notice
Causes the IRCd to send out a server notice when activating a spoof
provided by this auth{} block.
exceed\_limit (>)
Users in this auth{} block can exceed class-wide limitations.
dnsbl\_exempt ($)
Users in this auth{} block are exempted from DNS blacklist checks.
However, they will still be warned if they are listed.
kline\_exempt (^)
Users in this auth{} block are exempted from DNS blacklists, k:lines
and x:lines.
spambot\_exempt
Users in this auth{} block are exempted from spambot checks.
shide\_exempt
Users in this auth{} block are exempted from some serverhiding
effects.
jupe\_exempt
Users in this auth{} block do not trigger an alarm when joining
juped channels.
resv\_exempt
Users in this auth{} block may use reserved nicknames and channels.
.. note:: The initial nickname may still not be reserved.
flood\_exempt (\|) Users in this auth{} block may send arbitrary
amounts of commands per time unit to the server. This does not
exempt them from any other flood limits. You should use this
setting with caution.
no\_tilde (-)
Users in this auth{} block will not have a tilde added to their
username if they do not run identd.
need\_ident (+)
Users in this auth{} block must have identd, otherwise they will be
rejected.
need\_ssl
Users in this auth{} block must be connected via SSL/TLS, otherwise
they will be rejected.
need\_sasl
Users in this auth{} block must identify via SASL, otherwise they
will be rejected.
exempt {} block
---------------
::
exempt {
ip = "ip";
};
An exempt block specifies IP addresses which are exempt from ``D:lines`` and
throttling. Multiple addresses can be specified in one block. Clients
coming from these addresses can still be ``K/G/X:lined`` or banned by a DNS
blacklist unless they also have appropriate flags in their auth{} block.
**exempt {} variables**
ip
The IP address or CIDR range to exempt.
privset {} block
----------------
::
privset {
extends = "name";
privs = list;
};
A privset (privilege set) block specifies a set of operator privileges.
**privset {} variables**
extends
An optional privset to inherit. The new privset will have all
privileges that the given privset has.
privs
Privileges to grant to this privset. These are described in the
operator privileges section.
operator {} block
-----------------
::
operator "name" {
user = "hostmask";
password = "text";
rsa_public_key_file = "text";
umodes = list;
snomask = "text";
flags = list;
};
Operator blocks define who may use the ``OPER`` command to gain extended
privileges.
**operator {} variables**
user
A hostmask that users trying to use this operator {} block must
match. This is checked against the original host and IP address;
CIDR is also supported. So auth {} spoofs work in operator {}
blocks; the real host behind them is not checked. Other kind of
spoofs do not work in operator {} blocks; the real host behind them
is checked.
Note that this is different from charybdis 1.x where all kinds of
spoofs worked in operator {} blocks.
password
A password used with the ``OPER`` command to use this operator {} block.
Passwords are encrypted by default, but may be unencrypted if
~encrypted is present in the flags list.
rsa\_public\_key\_file
An optional path to a RSA public key file associated with the
operator {} block. This information is used by the ``CHALLENGE``
command, which is an alternative authentication scheme to the
traditional ``OPER`` command.
umodes
A list of usermodes to apply to successfully opered clients.
snomask
An snomask to apply to successfully opered clients.
privset
The privilege set granted to successfully opered clients. This must
be defined before this operator{} block.
flags
A list of flags to apply to this operator{} block. They are listed
below.
**operator {} flags**
encrypted
The password used has been encrypted. This is enabled by default,
use ~encrypted to disable it.
need\_ssl
Restricts use of this operator{} block to SSL/TLS connections only.
connect {} block
----------------
::
connect "name" {
host = "text";
send_password = "text";
accept_password = "text";
port = number;
hub_mask = "mask";
leaf_mask = "mask";
class = "text";
flags = list;
aftype = protocol;
};
Connect blocks define what servers may connect or be connected to.
**connect {} variables**
host
The hostname or IP to connect to.
.. note:: Furthermore, if a hostname is used, it must have an
``A`` or ``AAAA`` record (no ``CNAME``) and it must be
the primary hostname for inbound connections to work.
send\_password
The password to send to the other server.
accept\_password
The password that should be accepted from the other server.
port
The port on the other server to connect to.
hub\_mask
An optional domain mask of servers allowed to be introduced by this
link. Usually, "\*" is fine. Multiple hub\_masks may be specified,
and any of them may be introduced. Violation of hub\_mask and
leaf\_mask restrictions will cause the local link to be closed.
leaf\_mask
An optional domain mask of servers not allowed to be introduced by
this link. Multiple leaf\_masks may be specified, and none of them
may be introduced. leaf\_mask has priority over hub\_mask.
class
The name of the class this server should be placed into.
flags
A list of flags concerning the connect block. They are listed below.
aftype
The protocol that should be used to connect with, either ipv4 or
ipv6. This defaults to neither, allowing connection using either
address family.
**connect {} flags**
encrypted
The value for accept\_password has been encrypted.
autoconn
The server should automatically try to connect to the server defined
in this connect {} block if it's not connected already and
max\_number in the class is not reached yet.
compressed
Ziplinks should be used with this server connection. This compresses
traffic using zlib, saving some bandwidth and speeding up netbursts.
If you have trouble setting up a link, you should turn this off as
it often hides error messages.
topicburst
Topics should be bursted to this server.
This is enabled by default.
listen {} block
---------------
::
listen {
host = "text";
port = number;
};
A listen block specifies what ports a server should listen on.
**listen {} variables**
host
An optional host to bind to. Otherwise, the ircd will listen on all
available hosts.
port
A port to listen on. You can specify multiple ports via commas, and
define a range by seperating the start and end ports with two dots
(..).
modules {} block
----------------
::
modules {
path = "text";
module = text;
};
The modules block specifies information for loadable modules.
**modules {} variables**
path
Specifies a path to search for loadable modules.
module
Specifies a module to load, similar to loadmodule.
general {} block
----------------
::
modules {
values
};
The general block specifies a variety of options, many of which were in
``config.h`` in older daemons. The options are documented in
``reference.conf``.
channel {} block
----------------
::
modules {
values
};
The channel block specifies a variety of channel-related options, many
of which were in ``config.h`` in older daemons. The options are
documented in ``reference.conf``.
serverhide {} block
-------------------
::
modules {
values
};
The serverhide block specifies options related to server hiding. The
options are documented in ``reference.conf``.
blacklist {} block
------------------
::
blacklist {
host = "text";
reject_reason = "text";
};
The blacklist block specifies DNS blacklists to check. Listed clients
will not be allowed to connect. IPv6 clients are not checked against
these.
Multiple blacklists can be specified, in pairs with first host then
reject\_reason.
**blacklist {} variables**
host
The DNSBL to use.
reject\_reason
The reason to send to listed clients when disconnecting them.
alias {} block
--------------
::
alias "name" {
target = "text";
};
Alias blocks allow the definition of custom commands. These commands
send ``PRIVMSG`` to the given target. A real command takes precedence above
an alias.
**alias {} variables**
target
The target nick (must be a network service (umode ``+S``)) or
user@server. In the latter case, the server cannot be this server,
only opers can use user starting with "opers" reliably and the user
is interpreted on the target server only so you may need to use
nick@server instead).
cluster {} block
----------------
::
cluster {
name = "text";
flags = list;
};
The cluster block specifies servers we propagate things to
automatically. This does not allow them to set bans, you need a separate
shared{} block for that.
Having overlapping cluster{} items will cause the command to be executed
twice on the target servers. This is particularly undesirable for ban
removals.
The letters in parentheses denote the flags in ``/stats`` U.
**cluster {} variables**
name
The server name to share with, this may contain wildcards and may be
stacked.
flags
The list of what to share, all the name lines above this (up to
another flags entry) will receive these flags. They are listed
below.
**cluster {} flags**
kline (K)
Permanent ``K:lines``
tkline (k)
Temporary ``K:lines``
unkline (U)
``K:line`` removals
xline (X)
Permanent ``X:lines``
txline (x)
Temporary ``X:lines``
unxline (Y)
``X:line`` removals
resv (Q)
Permanently reserved nicks/channels
tresv (q)
Temporarily reserved nicks/channels
unresv (R)
``RESV`` removals
locops (L)
``LOCOPS`` messages (sharing this with \* makes ``LOCOPS`` rather similar to
``OPERWALL`` which is not useful)
all
All of the above
shared {} block
---------------
::
shared {
oper = "user@host", "server";
flags = list;
};
The shared block specifies opers allowed to perform certain actions on
our server remotely. These are ordered top down. The first one matching
will determine the oper's access. If access is denied, the command will
be silently ignored.
The letters in parentheses denote the flags in ``/stats U``.
**shared {} variables**
oper
The user@host the oper must have, and the server they must be on.
This may contain wildcards.
flags
The list of what to allow, all the oper lines above this (up to
another flags entry) will receive these flags. They are listed
below.
.. note:: While they have the same names, the flags have subtly
different meanings from those in the cluster{} block.
**shared {} flags**
kline (K)
Permanent and temporary ``K:lines``
tkline (k)
Temporary ``K:lines``
unkline (U)
``K:line`` removals
xline (X)
Permanent and temporary ``X:lines``
txline (x)
Temporary ``X:lines``
unxline (Y)
``X:line`` removals
resv (Q)
Permanently and temporarily reserved nicks/channels
tresv (q)
Temporarily reserved nicks/channels
unresv (R)
``RESV`` removals
all
All of the above; this does not include locops, rehash, dline,
tdline or undline.
locops (L)
``LOCOPS`` messages (accepting this from \* makes ``LOCOPS`` rather similar
to ``OPERWALL`` which is not useful); unlike the other flags, this can
only be accepted from \*@\* although it can be restricted based on
source server.
rehash (H)
``REHASH`` commands; all options can be used
dline (D)
Permanent and temporary ``D:lines``
tdline (d)
Temporary ``D:lines``
undline (E)
``D:line`` removals
none
Allow nothing to be done
service {} block
----------------
::
service {
name = "text";
};
The service block specifies privileged servers (services). These servers
have extra privileges such as setting login names on users and
introducing clients with umode ``+S`` (unkickable, hide channels, etc). This
does not allow them to set bans, you need a separate shared{} block for
that.
Do not place normal servers here.
Multiple names may be specified but there may be only one service{}
block.
**service {} variables**
name
The server name to grant special privileges. This may not contain
wildcards.
Hostname resolution (DNS)
~~~~~~~~~~~~~~~~~~~~~~~~~
Charybdis uses solely DNS for all hostname/address lookups (no
``/etc/hosts`` or anything else). The DNS servers are taken from
``/etc/resolv.conf``. If this file does not exist or no valid IP
addresses are listed in it, the local host (``127.0.0.1``) is used. (Note
that the latter part did not work in older versions of Charybdis.)
IPv4 as well as IPv6 DNS servers are supported, but it is not possible
to use both IPv4 and IPv6 in ``/etc/resolv.conf``.
For both security and performance reasons, it is recommended that a
caching nameserver such as BIND be run on the same machine as Charybdis
and that ``/etc/resolv.conf`` only list ``127.0.0.1``.

29
doc/oper-guide/index.rst Normal file
View file

@ -0,0 +1,29 @@
.. Charybdis operator guide documentation master file, created by
sphinx-quickstart on Sat Mar 25 10:41:29 2017.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
============================================
Operators guide for the charybdis IRC server
============================================
Contents:
.. toctree::
:maxdepth: 1
intro
umodes
cmodes
ucommands
commands
oprivs
config
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

17
doc/oper-guide/intro.rst Normal file
View file

@ -0,0 +1,17 @@
Scope of this document
======================
This document describes the commands and functions available to
operators in the charybdis ircd, as used on
`AthemeNet <http://www.atheme.net>`__.
This document, and various ideas for features of charybdis, have been
taken from dancer-ircd/hyperion, the ircd used on freenode, mainly
written by Andrew Suffield and Jilles Tjoelker.
While this document may be of some interest to the users of charybdis
servers, it is intended as a reference for network staff.
Charybdis is based on ircd-ratbox 2.1.4, although much has changed.
`ircd-ratbox <http://www.ircd-ratbox.org>`__ is commonly used on efnet,
and some other networks.

281
doc/oper-guide/make.bat Normal file
View file

@ -0,0 +1,281 @@
@ECHO OFF
REM Command file for Sphinx documentation
if "%SPHINXBUILD%" == "" (
set SPHINXBUILD=sphinx-build
)
set BUILDDIR=_build
set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
set I18NSPHINXOPTS=%SPHINXOPTS% .
if NOT "%PAPER%" == "" (
set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%
)
if "%1" == "" goto help
if "%1" == "help" (
:help
echo.Please use `make ^<target^>` where ^<target^> is one of
echo. html to make standalone HTML files
echo. dirhtml to make HTML files named index.html in directories
echo. singlehtml to make a single large HTML file
echo. pickle to make pickle files
echo. json to make JSON files
echo. htmlhelp to make HTML files and a HTML help project
echo. qthelp to make HTML files and a qthelp project
echo. devhelp to make HTML files and a Devhelp project
echo. epub to make an epub
echo. epub3 to make an epub3
echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter
echo. text to make text files
echo. man to make manual pages
echo. texinfo to make Texinfo files
echo. gettext to make PO message catalogs
echo. changes to make an overview over all changed/added/deprecated items
echo. xml to make Docutils-native XML files
echo. pseudoxml to make pseudoxml-XML files for display purposes
echo. linkcheck to check all external links for integrity
echo. doctest to run all doctests embedded in the documentation if enabled
echo. coverage to run coverage check of the documentation if enabled
echo. dummy to check syntax errors of document sources
goto end
)
if "%1" == "clean" (
for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
del /q /s %BUILDDIR%\*
goto end
)
REM Check if sphinx-build is available and fallback to Python version if any
%SPHINXBUILD% 1>NUL 2>NUL
if errorlevel 9009 goto sphinx_python
goto sphinx_ok
:sphinx_python
set SPHINXBUILD=python -m sphinx.__init__
%SPHINXBUILD% 2> nul
if errorlevel 9009 (
echo.
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
echo.installed, then set the SPHINXBUILD environment variable to point
echo.to the full path of the 'sphinx-build' executable. Alternatively you
echo.may add the Sphinx directory to PATH.
echo.
echo.If you don't have Sphinx installed, grab it from
echo.http://sphinx-doc.org/
exit /b 1
)
:sphinx_ok
if "%1" == "html" (
%SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/html.
goto end
)
if "%1" == "dirhtml" (
%SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
goto end
)
if "%1" == "singlehtml" (
%SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
goto end
)
if "%1" == "pickle" (
%SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can process the pickle files.
goto end
)
if "%1" == "json" (
%SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can process the JSON files.
goto end
)
if "%1" == "htmlhelp" (
%SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can run HTML Help Workshop with the ^
.hhp project file in %BUILDDIR%/htmlhelp.
goto end
)
if "%1" == "qthelp" (
%SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can run "qcollectiongenerator" with the ^
.qhcp project file in %BUILDDIR%/qthelp, like this:
echo.^> qcollectiongenerator %BUILDDIR%\qthelp\Charybdisoperatorguide.qhcp
echo.To view the help file:
echo.^> assistant -collectionFile %BUILDDIR%\qthelp\Charybdisoperatorguide.ghc
goto end
)
if "%1" == "devhelp" (
%SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished.
goto end
)
if "%1" == "epub" (
%SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The epub file is in %BUILDDIR%/epub.
goto end
)
if "%1" == "epub3" (
%SPHINXBUILD% -b epub3 %ALLSPHINXOPTS% %BUILDDIR%/epub3
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The epub3 file is in %BUILDDIR%/epub3.
goto end
)
if "%1" == "latex" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
if errorlevel 1 exit /b 1
echo.
echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "latexpdf" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
cd %BUILDDIR%/latex
make all-pdf
cd %~dp0
echo.
echo.Build finished; the PDF files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "latexpdfja" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
cd %BUILDDIR%/latex
make all-pdf-ja
cd %~dp0
echo.
echo.Build finished; the PDF files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "text" (
%SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The text files are in %BUILDDIR%/text.
goto end
)
if "%1" == "man" (
%SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The manual pages are in %BUILDDIR%/man.
goto end
)
if "%1" == "texinfo" (
%SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo.
goto end
)
if "%1" == "gettext" (
%SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The message catalogs are in %BUILDDIR%/locale.
goto end
)
if "%1" == "changes" (
%SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes
if errorlevel 1 exit /b 1
echo.
echo.The overview file is in %BUILDDIR%/changes.
goto end
)
if "%1" == "linkcheck" (
%SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck
if errorlevel 1 exit /b 1
echo.
echo.Link check complete; look for any errors in the above output ^
or in %BUILDDIR%/linkcheck/output.txt.
goto end
)
if "%1" == "doctest" (
%SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest
if errorlevel 1 exit /b 1
echo.
echo.Testing of doctests in the sources finished, look at the ^
results in %BUILDDIR%/doctest/output.txt.
goto end
)
if "%1" == "coverage" (
%SPHINXBUILD% -b coverage %ALLSPHINXOPTS% %BUILDDIR%/coverage
if errorlevel 1 exit /b 1
echo.
echo.Testing of coverage in the sources finished, look at the ^
results in %BUILDDIR%/coverage/python.txt.
goto end
)
if "%1" == "xml" (
%SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The XML files are in %BUILDDIR%/xml.
goto end
)
if "%1" == "pseudoxml" (
%SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml.
goto end
)
if "%1" == "dummy" (
%SPHINXBUILD% -b dummy %ALLSPHINXOPTS% %BUILDDIR%/dummy
if errorlevel 1 exit /b 1
echo.
echo.Build finished. Dummy builder generates no files.
goto end
)
:end

124
doc/oper-guide/oprivs.rst Normal file
View file

@ -0,0 +1,124 @@
Oper privileges
===============
These are specified in privset{}.
oper:admin, server administrator
--------------------------------
Various privileges intended for server administrators. Among other
things, this automatically sets umode +a and allows loading modules.
oper:die, die and restart
-------------------------
This grants permission to use ``DIE`` and ``RESTART``, shutting down or
restarting the server.
oper:global\_kill, global kill
------------------------------
Allows using ``KILL`` on users on any server.
oper:hidden, hide from /stats p
-------------------------------
This privilege currently does nothing, but was designed to hide bots
from /stats p so users will not message them for help.
oper:hidden\_admin, hidden administrator
----------------------------------------
This grants everything granted to the oper:admin privilege, except the
ability to set umode +a. If both oper:admin and oper:hidden\_admin are
possessed, umode +a can still not be used.
oper:kline, kline and dline
---------------------------
Allows using ``KLINE`` and ``DLINE``, to ban users by user@host mask or IP
address.
oper:local\_kill, kill local users
----------------------------------
This grants permission to use ``KILL`` on users on the same server,
disconnecting them from the network.
oper:mass\_notice, global notices and wallops
---------------------------------------------
Allows using server name ($$mask) and hostname ($#mask) masks in ``NOTICE``
and ``PRIVMSG`` to send a message to all matching users, and allows using
the ``WALLOPS`` command to send a message to all users with umode +w set.
oper:operwall, send/receive operwall
------------------------------------
Allows using the ``OPERWALL`` command and umode +z to send and receive
operwalls.
oper:rehash, rehash
-------------------
Allows using the ``REHASH`` command, to rehash various configuration files
or clear certain lists.
oper:remoteban, set remote bans
-------------------------------
This grants the ability to use the ON argument on ``DLINE``/``KLINE``/``XLINE``/``RESV``
and ``UNDLINE``/``UNKLINE``/``UNXLINE``/``UNRESV`` to set and unset bans on other
servers, and the server argument on ``REHASH``. This is only allowed if the
oper may perform the action locally, and if the remote server has a
shared{} block.
.. note:: If a cluster{} block is present, bans are sent remotely even
if the oper does not have oper:remoteban privilege.
oper:resv, channel control
--------------------------
This allows using /resv, /unresv and changing the channel modes +L and
+P.
oper:routing, remote routing
----------------------------
This allows using the third argument of the ``CONNECT`` command, to instruct
another server to connect somewhere, and using ``SQUIT`` with an argument
that is not locally connected. (In both cases all opers with +w set will
be notified.)
oper:spy, use operspy
---------------------
This allows using ``/mode !#channel``, ``/whois !nick``, ``/who !#channel``,
``/chantrace !#channel``, ``/topic !#channel``, ``/who !mask``, ``/masktrace
!user@host :gecos`` and ``/scan umodes +modes-modes global list`` to see
through secret channels, invisible users, etc.
All operspy usage is broadcasted to opers with snomask ``+Z`` set (on the
entire network) and optionally logged. If you grant this to anyone, it
is a good idea to establish concrete policies describing what it is to
be used for, and what not.
If ``operspy_dont_care_user_info`` is enabled, ``/who mask`` is operspy
also, and ``/who !mask``, ``/who mask``, ``/masktrace !user@host :gecos`` and ``/scan
umodes +modes-modes global list`` do not generate ``+Z`` notices or logs.
oper:unkline, unkline and undline
---------------------------------
Allows using ``UNKLINE`` and ``UNDLINE``.
oper:xline, xline and unxline
-----------------------------
Allows using ``XLINE`` and ``UNXLINE``, to ban/unban users by realname.
snomask:nick\_changes, see nick changes
---------------------------------------
Allows using snomask ``+n`` to see local client nick changes. This is
designed for monitor bots.

View file

@ -0,0 +1,183 @@
User Commands
=============
Standard IRC commands are not listed here. Several of the commands in
the operator commands chapter can also be used by normal users.
ACCEPT
------
::
ACCEPT nick, -nick, ...
Adds or removes users from your accept list for umode +g and +R. Users
are automatically removed when they quit, split or change nick.
::
ACCEPT *
Lists all users on your accept list.
Support of this command is indicated by the ``CALLERID`` token in
``RPL_ISUPPORT`` (005); the optional parameter indicates the letter of the
“only allow accept users to send private messages” umode, otherwise +g.
In charybdis this is always +g.
CNOTICE
-------
::
CNOTICE nick channel :text
Providing you are opped (+o) or voiced (+v) in channel, and nick is a
member of channel, ``CNOTICE`` generates a ``NOTICE`` towards nick.
``CNOTICE`` bypasses any anti-spam measures in place. If you get “Targets
changing too fast, message dropped”, you should probably use this
command, for example sending a notice to every user joining a certain
channel.
As of charybdis 3.1, ``NOTICE`` automatically behaves as ``CNOTICE`` if you are
in a channel fulfilling the conditions.
Support of this command is indicated by the ``CNOTICE`` token in
``RPL_ISUPPORT`` (005).
CPRIVMSG
--------
::
CPRIVMSG nick channel :text
Providing you are opped (+o) or voiced (+v) in channel, and nick is a
member of channel, ``CPRIVMSG`` generates a ``PRIVMSG`` towards nick.
``CPRIVMSG`` bypasses any anti-spam measures in place. If you get “Targets
changing too fast, message dropped”, you should probably use this
command.
As of charybdis 3.1, ``PRIVMSG`` automatically behaves as ``CPRIVMSG`` if you
are in a channel fulfilling the conditions.
Support of this command is indicated by the ``CPRIVMSG`` token in
``RPL_ISUPPORT`` (005).
FINDFORWARDS
------------
::
FINDFORWARDS channel
.. note:: This command is only available if the ``m_findforwards.so``
extension is loaded.
Displays which channels forward to the given channel (via cmode +f). If
there are very many channels the list will be truncated.
You must be a channel operator on the channel or an IRC operator to use
this command.
HELP
----
::
HELP [topic]
Displays help information. topic can be ``INDEX``, ``CREDITS``, ``UMODE``, ``CMODE``,
``SNOMASK`` or a command name.
There are separate help files for users and opers. Opers can use ``UHELP``
to query the user help files.
IDENTIFY
--------
::
IDENTIFY parameters...
.. note:: This command is only available if the ``m_identify.so``
extension is loaded.
Sends an identify command to either NickServ or ChanServ. If the first
parameter starts with #, the command is sent to ChanServ, otherwise to
NickServ. The word ``IDENTIFY``, a space and all parameters are concatenated
and sent as a ``PRIVMSG`` to the service. If the service is not online or
does not have umode +S set, no message will be sent.
The exact syntax for this command depends on the services package in
use.
KNOCK
-----
::
KNOCK channel
Requests an invite to the given channel. The channel must be locked
somehow (+ikl), must not be +p and you may not be banned or quieted.
Also, this command is rate limited.
If successful, all channel operators will receive a 710 numeric. The
recipient field of this numeric is the channel.
Support of this command is indicated by the ``KNOCK`` token in ``RPL_ISUPPORT``
(005).
MONITOR
-------
Server side notify list. This list contains nicks. When a user connects,
quits with a listed nick or changes to or from a listed nick, you will
receive a 730 numeric if the nick went online and a 731 numeric if the
nick went offline.
Support of this command is indicated by the ``MONITOR`` token in
``RPL_ISUPPORT`` (005); the parameter indicates the maximum number of
nicknames you may have in your monitor list.
You may only use this command once per second.
More details can be found in ``doc/monitor.txt`` in the source
distribution.
::
MONITOR + nick, ...
Adds nicks to your monitor list. You will receive 730 and 731 numerics
for the nicks.
::
MONITOR - nick, ...
Removes nicks from your monitor list. No output is generated for this
command.
::
MONITOR C
Clears your monitor list. No output is generated for this command.
::
MONITOR L
Lists all nicks on your monitor list, using 732 numerics and ending with
a 733 numeric.
::
MONITOR S
Shows status for all nicks on your monitor list, using 730 and 731
numerics.

276
doc/oper-guide/umodes.rst Normal file
View file

@ -0,0 +1,276 @@
User modes
==========
``+a``, server administrator
----------------------------
This vanity usermode is used to denote a server administrator in WHOIS
output. All local “admin” privileges are independent of it, though
services packages may grant extra privileges to ``+a`` users.
``+D``, deaf
------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Users with the ``+D`` umode set will not receive messages sent to channels.
Joins, parts, topic changes, mode changes, etc are received as normal,
as are private messages.
Support of this umode is indicated by the ``DEAF`` token in ``RPL_ISUPPORT``
(005); the parameter indicates the letter of the umode. Note that
several common IRCD implementations have an umode like this (typically
``+d``) but do not have the token in 005.
``+g``, Caller ID
-----------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Users with the ``+g`` umode set will only receive private messages
from users on a session-defined whitelist, defined by the ``/accept``
command. If a user who is not on the whitelist attempts to send a
private message, the target user will receive a rate-limited notice
saying that the user wishes to speak to them.
Network operators are not affected by the callerid whitelist system in
the event that they need to speak to users who have it enabled.
Support of this umode is indicated by the ``CALLERID`` token in
``RPL_ISUPPORT`` (005); the optional parameter indicates the letter of
the umode, otherwise ``+g``.
``+i``, invisible
-----------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Invisible users do not show up in ``WHO`` and ``NAMES`` unless you can see them.
``+l``, receive locops
----------------------
``LOCOPS`` is a version of ``OPERWALL`` that is sent to opers on a single server
only. With cluster{} and shared{} blocks they can optionally be
propagated further.
Unlike ``OPERWALL``, any oper can send and receive ``LOCOPS``.
``+o``, operator
----------------
This indicates global operator status.
``+Q``, disable forwarding
--------------------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
This umode prevents you from being affected by channel forwarding. If
enabled on a channel, channel forwarding sends you to another channel if
you could not join. See channel mode ``+f`` for more information.
``+R``, reject messages from unauthenticated users
--------------------------------------------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
If a user has the ``+R`` umode set, then any users who are not authenticated
will receive an error message if they attempt to send a private message
or notice to the ``+R`` user.
Opers and accepted users (like in ``+g``) are exempt. Unlike ``+g``, the target
user is not notified of failed messages.
``+s``, receive server notices
------------------------------
This umode allows an oper to receive server notices. The requested types
of server notices are specified as a parameter (“snomask”) to this
umode.
``+S``, network service
-----------------------
.. note:: This umode can only be set by servers named in a service{}
block.
This umode grants various features useful for services. For example,
clients with this umode cannot be kicked or deopped on channels, can
send to any channel, do not show channels in ``WHOIS``, can be the target of
services aliases and do not appear in ``/stats p``. No server notices are
sent for hostname changes by services clients; server notices about
kills are sent to snomask ``+k`` instead of ``+s``.
The exact effects of this umode are variable; no user or oper on an
actual charybdis server can set it.
``+w``, receive wallops
-----------------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Users with the ``+w`` umode set will receive ``WALLOPS`` messages sent by opers.
Opers with ``+w`` additionally receive ``WALLOPS`` sent by servers (e.g. remote
``CONNECT``, remote ``SQUIT``, various severe misconfigurations, many services
packages).
``+z``, receive operwall
------------------------
``OPERWALL`` differs from ``WALLOPS`` in that the ability to receive such
messages is restricted. Opers with ``+z`` set will receive ``OPERWALL``
messages.
``+Z``, SSL user
----------------
This umode is set on clients connected via SSL/TLS. It cannot be set or
unset after initial connection.
Snomask usage
=============
Usage is as follows::
MODE nick +s +/-flags
To set snomasks.
::
MODE nick -s
To clear all snomasks.
Umode ``+s`` will be set if at least one snomask is set.
Umode ``+s`` is oper only by default, but even if you allow nonopers to set
it, they will not get any server notices.
Meanings of server notice masks
===============================
``+b``, bot warnings
--------------------
Opers with the ``+b`` snomask set will receive warning messages from the
server when potential flooders and spambots are detected.
``+c``, client connections
--------------------------
Opers who have the ``+c`` snomask set will receive server notices when
clients attach to the local server.
``+C``, extended client connection notices
------------------------------------------
Opers who have the ``+C`` snomask set will receive server notices when
clients attach to the local server. Unlike the ``+c`` snomask, the
information is displayed in a format intended to be parsed by scripts,
and includes the two unused fields of the ``USER`` command.
``+d``, debug
-------------
The ``+d`` snomask provides opers extra information which may be of interest
to debuggers. It will also cause the user to receive server notices if
certain assertions fail inside the server. Its precise meaning is
variable. Do not depend on the effects of this snomask as they can and
will change without notice in later revisions.
``+f``, full warning
--------------------
Opers with the ``+f`` snomask set will receive notices when a user
connection is denied because a connection limit is exceeded (one of the
limits in a class{} block, or the total per-server limit settable with
``/quote set max``).
``+F``, far client connection notices
-------------------------------------
.. note:: This snomask is only available if the ``sno_farconnect.so``
extension is loaded.
Opers with ``+F`` receive server notices when clients connect or disconnect
on other servers. The notices have the same format as those from the ``+c``
snomask, except that the class is ? and the source server of the notice
is the server the user is/was on.
No notices are generated for netsplits and netjoins. Hence, these
notices cannot be used to keep track of all clients on the network.
There is no far equivalent of the ``+C`` snomask.
``+k``, server kill notices
---------------------------
Opers with the ``+k`` snomask set will receive server notices when services
kill users and when other servers kill and save (forced nick change to
UID) users. Kills and saves by this server are on ``+d`` or ``+s``.
``+n``, nick change notices
---------------------------
An oper with ``+n`` set will receive a server notice every time a local user
changes their nick, giving the old and new nicks. This is mostly useful
for bots that track all users on a single server.
``+r``, notices on name rejections
----------------------------------
Opers with this snomask set will receive a server notice when somebody
tries to use an invalid username, or if a dumb HTTP proxy tries to
connect.
``+s``, generic server notices
------------------------------
This snomask allows an oper to receive generic server notices. This
includes kills from opers (except services).
``+u``, unauthorized connections
--------------------------------
This snomask allows an oper to see when users try to connect who do not
have an available auth{} block.
``+W``, whois notifications
---------------------------
.. note:: This snomask is only available if the ``sno_whois.so``
extension is loaded.
Opers with ``+W`` receive notices when a ``WHOIS`` is executed on them on their
server (showing idle time).
``+x``, extra routing notices
-----------------------------
Opers who have the ``+x`` snomask set will get notices about servers
connecting and disconnecting on the whole network. This includes all
servers connected behind the affected link. This can get rather noisy
but is useful for keeping track of all linked servers.
``+y``, spy
-----------
Opers with ``+y`` receive notices when users try to join ``RESV``'ed (“juped”)
channels. Additionally, if certain extension modules are loaded, they
will receive notices when special commands are used.
``+Z``, operspy notices
-----------------------
Opers with ``+Z`` receive notices whenever an oper anywhere on the network
uses operspy.
This snomask can be configured to be only effective for admins.

View file

@ -1,368 +0,0 @@
EFnet Oper Guide
Last update: 02-21-2002
Written and maintained by Riedel
E-Mail: dennisv@vuurwerk.nl
1. Commands you should know about
2. The client of your choice
3. Your primary responsibilities
4. Re-routing
4.1 Re-routing other servers and remote connects
5. Kills and klines
6. Kill and K-Line requests
7. Happy birthday!
8. Security
9. Know who your friends are
10. The TCM bot
11. Services
12. G-Lines
1. Commands you should know about
This is no longer covered here. IRCD-hybrid is changing too rapidly, so
this section would be outdated in no time ;) For an up-to-date version,
please download the latest hybrid at www.ircd-hybrid.org.
2. The client of your choice
There are many IRC clients around for a wide variety of operating systems.
Being an IRC Operator doesn't *require* you to use a UNIX client, however
I personally prefer UNIX-based clients. If you're familiar with UNIX and
use UNIX for opering, I suggest ircII / epic. There are a lot of scripts
available for those two clients, and it's not that hard to write scripts
yourself to suite your needs. It is important that you know how to operate
your client, and familiarize yourself with the options and features. For
whatever client you chose this goes for any of them: You should be in
control of your client, instead of the client being in control of you.
Resources :
www.mirc.co.uk - mIRC (MS-Windows)
www.irchelp.org - a variety of clients and scripts
ftp.blackened.com - several UNIX based clients available
3. Your primary responsibilities
As an IRC Operator, you're responsible for maintaining the server on a
real-time basis. You represent your server, and you represent the network.
Irresponsible / rude / offensive / stupid behavior may discredit your server
and the network. You should focus on the task you were chosen for...
maintainance. Sounds simple, no? It means getting rid of users that abuse
the service, enforcing the server's policy and keeping the server linked.
Users will ask you questions, and expect you to know all the answers.. after
all, you're the oper!
Be prepared for users trying to fool you, sweet talk you into things you
don't want, lie and deceive. Most users are handling in good faith...
however, the abusers have learned how to manipulate opers. They have studied
the alien creature 'oper' for ages like biologists study animals. Be
paranoid, be curious and be suspicious. I can't stress the importancy of that
often enough.
Second priority has the network. You were not chosen to maintain the network
but you were chosen to maintain the server. However, you may want to be able
to reroute servers. If you see something broken, don't be afraid to fix it.
If you do, be sure you fix things and don't make it worse. Before you
step into routing, be sure you've familiarized yourself with the network's
topology, and be confident enough to perform such actions. (re)routing is
covered in the next chapter.
Opers on the network depend on a trusting relationship. You can usually take
the word from an oper. Other opers are considered -trusted-, however, there
are exceptions. Sometimes even opers lie to opers to get things done. Don't
be afraid to ask for proof of a certain statement, such as logs.
This doesn't mean you distrust the oper in question, but -you- and you alone
are responsible for your actions. You call the shots on your server, unless
your admin says otherwise.
4. Re-routing
Re-routing is not hard, and it's not scary but it is important that you do it
right. The commands you'll use are SQUIT and CONNECT. First, a very simple
example. Let's say your server, irc.yourserver.com is lagged to it's uplink,
irc.uplink.com and you want to reroute your server. You have to think about
where you want your server to be linked, and you have to time your reroute.
An example topology :
irc.yourserver.com ---- irc.uplink.com
| | \
B C D
/ \
E F
/ \
G H --- O
/ | \ | \
I J K L M
\
N
In this case, you're uplinked by irc.uplink.com
irc.uplink.com also hubs B, C and D. Server B functions as hub for E and F;
F hubs G and H; H hubs L, M and O. G hubs I, J and K. M hubs N.
Your server is allowed to connect to server B, F and G. So you consider the
servers you're able to connect to. Is the lag caused by a server that uplinks
irc.uplink.com ? Use /stats ? irc.uplink.com to determine lag to the other
servers. If irc.uplink.com does not respond, the lag is to your uplink. If
so, you cannot be sure about the state of the other uplinks, so you'd have to
get on a remote server and determine lag by using /stats ? and /trace. For
example, you could connect to server N, and /trace yournick. Yournick, being
the nick on your server. You'll see which route it takes, and what the
problem server is. Example /trace output :
S:[SERVER-N ] V:[2.8/hybrid] U:[SERVER-M ]
S:[SERVER-M ] V:[2.8/hybrid] U:[SERVER-H ]
S:[SERVER-H ] V:[2.8/hybrid] U:[SERVER-F ]
S:[SERVER-F ] V:[2.8/hybrid] U:[SERVER-B ]
S:[SERVER-B ] V:[2.8/hybrid] U:[irc.uplink.com ]
S:[irc.uplink.com ] V:[2.8/hybrid] U:[irc.yourserver.com ]
The trace doesn't complete... server-b announces irc.uplink.com, and
irc.uplink.com announces your server. Your server should return something
like :
S:[irc.yourserver.] OPER [yournick!user@yourhost]
If it doesn't, we know the lag is only between yourserver and uplink.
Usually if there is lag between your server and your uplink, the send-queue
rises. This is not always the case. Sometimes your server can write perfectly
to your uplink, but not reverse. That is called one sided lag.
We pick server B to link to. It means we have to SQUIT and CONNECT.
To unlink from irc.uplink.com and connect to SERVER_B we'd type:
/quote SQUIT irc.uplink.com :reroute
/connect SERVER_B
we *DON'T* SQUIT irc.yourserver.com... and I'll try to explain why:
If we wanted to remove hub M from the network, and with it N, we'd issue
a SQUIT M. An SQUIT follows a path, relays the SQUIT request to each server
in that path. Finally it reaches server H, which is the hub for M. Server H
sees the SQUIT and drops the link to M.
Now a different situation, we want to separate yourserver, uplink, C and D
from the rest of the network, in order to reroute. We'd have to SQUIT server
B, since we want the -uplink- of server B (being irc.uplink.com) to drop the
link to server B.
If you'd SQUIT irc.yourserver.com, you ask yourserver.com to drop the link to
itself, which is impossible. If you SQUIT irc.uplink.com, you ask yourserver
to drop the link to uplink, which is what we want to do.
After the SQUIT and CONNECT, the new situation looks like this :
irc.uplink.com
| | \
irc.yourserver.com -- B C D
/ \
E F
/ \
G H --- O
/ | \ | \
I J K L M
\
N
If yourserver is a Hub, it makes the situation more complex, since your
actions have more impact.
4.1 - Re-routing other servers and remote connects
Example topology :
irc.uplink.com
| | \
irc.yourserver.com -- B C D
/ \
E F
/ \
G H --- O
/ | \ | \
I J K L M
\
N
Let's say, hub H is way lagged to F, but G to F is fine... we want to reroute
H, and stick H to G.
We'd do :
/quote SQUIT serverh :re-routing you babe
/connect serverh 6667 serverg
A global wallops will be sent :
!serverg! Remote CONNECT serverh 6667 from ItsMe
When re-routing, always give the server some time to prevent nick collides.
When there is lag, people will connect to another server. When you SQUIT and
CONNECT to fast, a lot of those clients will be collided. Also, stick to your
territory. How enthusiastic you may be, you cannot route the world. If you're
an oper on the US side, stick to the US side when re-routing. Needless to
say, if you're EU, keep it to EU ;)
5. Kills and klines
As an oper, you're given the incredible power *cough* of KILL and KLINE.
/kill nick reason disconnects a client from IRC with the specified reason.
A /quote kline *evil@*.dude.org :reason here bans the user from your server.
Abusive kills and klines may draw attacks to your server, so always consider
if a kline or kill is deserved. If the server gets attacked after a valid
kill or kline, well.. tough luck. You should never be 'afraid' to kline
anyone on your server. If it's a good reason, make it so. Even if you know
it may cause the server to be attacked. Maybe good to think about is this:
- if /ignore solves the problem rather than a kick, /ignore
- kick if a ban is unneeded
- ban if a /kill is unwarranted for
- kill rather than kline if that solves the problem
- kline when a server ban is really needed.
You kline a user when you absolutely don't want this user to use the service
your server is providing.
Crosskills (killing users on another server) are another issue. Some admins
don't care if users get /kill'ed off their server, for any reason or no
reason at all... and other admins are very anal about it. A good way to go
(IMO) is to issue a KILL if there is an absolute need for the target user to
be disconnected. If there are active opers on that server, let them handle
it. They'll be upset if you /kill a user off their server, without
contacting them. /stats p irc.server.here shows the active opers on a
particular server. Some opers have multiple o-lines and are not watching all
sessions. If you can't find an active oper on a server, you can
/quote operwall a request for opers from that server.
Ghost KILLs are another story, an often misunderstood one.
When you see a /KILL from an oper with the reason 'ghosted' they usually
KILL a client that's about to ping timeout. That is not what a ghost is!
To quote Dianora: "a ghost happens because a client misses being killed when
it should be. Its a race condition due to nick chasing". In other words,
Server X thinks client A has been KILLed, while server Y missed the KILL
for that client.
6. Kill and K-Line requests
As previously mentioned, if an oper from another server contacts you and
requests a kill or a kline for a local client with a good reason, you can
usually trust this request. Opers depend on a trusting relationship. However,
since you're responsible for the kill or kline, it is not rude to ask for
proof. It depends on the oper making the request how thats interpreted, but
the way they respond to asking for proof tells more about them than about
you.
The more and longer you oper, how better you get to know the other opers.
You know who is honest, you'll know who are lying and deceiving. Before
you acquire this knowledge, you can merely rely on common sense and
instincts. You'll probably make mistakes occasionally, and thats nothing to
be ashamed of. Opers are - despite contrary believes - human.
Users occasionally will ask you to kill or kline a user/bot too. Some
requests are straight-forward and clear, others require you to be cautious. I
recommend to always investigate such requests, and when you're confident the
request is valid, issue the kill or kline.
7. Happy birthday!
It is a custom on EFnet to birthday /kill opers of whom it is his/her
birthday. Not all opers like this, but typically those opers don't let
others know about their birthday. You'll notice that the KILLS say a lot
about who likes who and who is friends with who. Whether you want to
participate, is entirely up to you.
8. Security
As with any privilege, you have to handle it cautiously and responsibly.
Be sure that your o/O line doesn't get compromised! Oper only from secure
hosts. You and only you should know your password. Don't share your oper
account, and make your oper password a UNIQUE one. If your o/O line gets
compromised, nasty things may/will happen. Imagine an oper with crosskill
capabilities who's operline gets 'hacked'... the results are often
disastrous and you will lose respect and trust from others. It can cause
your oper privileges to be revoked, or even the server to be (temporarily)
delinked.
9. Know who your friends are
As an oper you will get a lot of users that want to be 'friends' with you.
Users offer you free* access to their *nix servers, ops in channels,
unlimited leech access to the biggest and fastest warez sites *gasp* and
more. They want favors in return. They say they don't but they truly want
something in return. They -expect- something in return. You could either
don't respond to such offers, or use them. The last option creates an even
more distorted image of opers and doesn't do any good for the user <-> oper
relationship. Your *real* friends are usually the persons who were your
friends _before_ you acquired the extra privileges.
10. The TCM Bot
A TCM bot can be a valuable tool for opers. It keeps record of all connected
clients, flags clients with multiple connections and has all sorts of other
useful commands. There are three different kind of TCM's in use on EFnet,
being OOMon, TCM-Dianora and TCM-Hybrid. Every one of them requires you to
log in to be able to access the privileged commands. On OOMon you DCC chat
the TCM bot and do '.auth yournick yourpass' where yournick is your oper
name in your o/O line. In TCM-Dianora and TCM-Hybrid you register with:
'.register yourpass', where yourpass is your password ;)
All TCM commands start with a period. If you forget the period, the text goes
into the 'partyline', where it is echoed to all connected opers.
Resources : http://toast.blackened.com/oomon/help
http://www.db.net/~db/tcm.html
11. Services
A recent addition to EFNet is Channel Fixer, aka ChanFix. This is an
automated service that re-ops clients on opless channels. There are a few
restrictions. First, the channel has to be of significant size for ChanFix
to store it in its database. Second, it only logs static addresses.
How does it work? Periodically it stores information about the channel state
in its database, for every channel in there. On every 'run', a channel
operator gets one point. These scores make a top-5 of 'most frequent opped
clients'. When a channel becomes opless, ChanFix will join and op the top-5
opped clients CURRENTLY IN THE CHANNEL.
Chanfix can be invoked manually by server administrators. /msg ChanFix
chanfix #channel is the command to do it. ChanFix will join, and treat the
channel as if it were opless. It lowers TS by one (resulting in a deop of
the entire channel) and re-ops the top-5 clients currently in the channel.
The Channel Fixer won't log or actively fix channels when there's a split of
significant size. Needless to say, the chanfix command must be used with
caution.
12. G-Lines
Oh yes! A G-Line section. Currently, a part of EFNet (EU-EFnet) has G-Lines
enabled. This was decided by the EU admin community and is now mandatory
within EU-EFnet. In order for a G-Line to be activated, three opers from
three different servers need to issue the _exact_ same G-Line. The reason
is not counted.
G-Lines work best when the EU side of EFNet is not fragmented. G-Lines
will, however, propogate through a Hybrid 6 hub (but not a CSr hub) even
if the hub server has G-Lines disabled. This propogation allows two halves
of EU-EFnet to have concurrent G-Lines set even when split by US hub servers.
Questions / Comments / Suggestions are welcome.
You can e-mail me: dennisv@vuurwerk.nl
Best regards,
--
Dennis "Riedel" Vink ___~___ Email - dennisv@vuurwerk.nl
Unix System Administrator \ | / Phone - +31 23 5111111
Vuurwerk Internet '|.|' PGP - 0xD68A7AAB
And on the seventh day, He exited from append mode.
# $Id: operguide.txt 6 2005-09-10 01:02:21Z nenolod $

View file

@ -1,137 +0,0 @@
Date: Thu, 30 Jul 1998 16:21:40-0700 (MST)
To: operlist@the-project.org
From: rayp@primenet.com (Ray Powers)
Subject: The myths of opers....
I've always wanted to write something like this.. Its half rant, half
fact, so bear with it. Hopefully it will be worth reading.
There's a lot of hate for opers for a lot of reasons. Some are directly
oper related (i.e. 99% of us are colossal assholes), some are directly
user related (i.e. 99% of you are raving lunatics), and some is just plain
misconceptions. I'd like to take a minute to talk about part three in
hopes of clearing a few things up. This will kind of be in a FAQ form,
maybe you'll like it, maybe not, but its worth a shot.
Q: What can an oper on EFnet do.
A: This is an EXACT list of what we can do:
1) /squit a server, separating it from the rest of the net
2) /die our server
3) /kill a user, this disconnects them from the server they are on
4) /kline a hostmask, this bans them from our server
5) /dline an ip, this bans them from our server, regardless of
hostmask
6) See all invisible users on our server
7) Mass Msg/CTCP/notice a hostmask
8) Mass Msg/CTCP/notice a server
9) See and send Operwall/wallops notices
That's it. We can see more server messages than you, but that's not the
point.. The point to be shown here is very simple, *none* of these things
have anything to do with channels. Which leads us to our next question.
Q: What can opers *NOT* do, but keep being asked to anyways?
A: We can *NOT*:
1) Enter a channel that is +i or +k without being invited or
having the key
2) See who is inside a +s channel
3) Op ourselves or op you on a channel (unless of course we are a
channel op for that channel)
4) Tell you what XXXX's new nick is since they changed it to hide
from you.
5) Deop someone for you on a channel (unless of course we are a
channel op for that channel)
Notice a trend, with the exception of 4, all of these are 100% channel
related. EFnet is made so that opers have *NO* power of channels, for
better or worse. If we don't help you with these requests, its not because
we won't, its because we are completely incapable doing so. On the other
hand....
Q: What can opers do, but won't?
A: This will be a bit differently done, because I figure I should explain
why opers don't do these things, when they may normally make sense.
1) Why won't they kill somebody who has stolen your nick.
EFnet has gone on the basis of nicks not being owned, which is
why there is no nickserv on EFnet. Of course we see opers kill
all the time for nicks, though, so it seems rather hypocrital,
doesn't it?
An oper who kills for his nick will tell you its because the
other person was a bot, was juping his nick, or was imitating an
oper. It may be true, but it really comes down to the same
feeling you get when your nick is taken "Hey! that's my name! I
don't want that person using my name!"
I personally, do not kill for nicks. If someone takes my nick,
they can have it. Let them get my several hundred messages a day.
:P But the problem with the oper is this: How does an oper know
that you are really the person that uses that nick, or are you
the guy that wants to nick jupe that nick out from the real guy?
Unless the oper knows you well, they don't.. And saying that
people generally tell the truth means you haven't been on EFnet
very long.
I would prefer to think I am one of the more well respected
people on the net and people still lie to me on a regular basis.
So, the oper is stuck refusing to help because he can't tell who
is who. Remember this line of reasoning, its going to be coming
up a lot. :P
2) Why won't they kill that guy nuking/smurfing/ping -f'ing me?
This one is simple. There is no way to prove that somebody is
doing any of these things to you from an opers point of view. All
logs are fakeable, and the oper has no way to firsthand prove its
happening. Your best bet in this situation is to log what you can
and complain loud and long to their ISPs.
3) Why won't they help me take my channel back?
There's a bunch of answers to this. First, it is popular
opinion at EFnet that channels are not owned, and therefore, if
you lose a channel, you should go make another one. Notice I
say popular instead of official, because EFnet has never had an
"official" policy on much of anything.
But more and more you see opers killing for takeovers, so why
are they helping their channels and not yours.
Well, first, let's say your channel was taken over, and is now
+smtinlk. How exactly is the oper supposed to find out who is
oped in the channel right now to mass kill them? Even if they do get
all the nicks, they have to somehow manage to kill them all in
one hit, or they'll all just op each other again and it will be
fruitless. Or worse, they could have it all set up, and some
other oper could kill them halfway through because they don't
like mass-kills and it would be all ruined.
Or, let's say the mass-kill goes off, then the channel is
opless and generally speaking, chaos begins. People start
mass-nuking or flooding the channel to clear it out, or just to
be annoying. And there's still a 50/50 chance that takeover
people will get the channel back on a split and we'll have to try
to do it all over again.
If you're about to ask why they don't split their server,
the answer is very simple: We are not about to screw up roughly
30,000 peoples chatting for your channel. Its rude. This of
course is all based on the fact that we can prove its taken over,
as per the conversation about nicks, we often can't.
4) But.. its obvious they took it from me! The topic says
"Ha ha, we took your channel Rick!" for Pete's sake! And
there's only One op, so you can kill him and get the channel
back immediately!
This one is a bit more complex, but its really a personal
call. That one op could be a rampant smurfpup with a penis so
tiny he has no choice but to rampantly smurf and synflood anyone
that gets in his way. This is popularly known on irc as SPS, or
Small Penis Syndrome. In this case, if the oper does help you
out, they could end up with their server being downed for a day
or two, and it really isn't worth it for your channel, no
offense.
Keep in mind that this is all spoken from the perspective of someone who
*DOES* help with channels when possible, but understands greatly the
reasons not to, and judges each situation very carefully.
That's the gist of the information I was trying to get across. If you
were cluefull enough to get on operlist, a lot of this may be common
knowledge to you, but sometimes its good to step back and see why opers do
what they do a lot of the time.
Hoping this is of value to SOMEONE....
Ray Powers
Monkster/MimePunk/PrimeMonk/PacMonk/MtgMonk/Ihavefartoomanynickstonickjupe

23
doc/readme.txt Normal file
View file

@ -0,0 +1,23 @@
Here is the overview of the documents in the doc/ directory.
Subdirectories:
features/ - Documents about features and standards
technical/ - Technical documents about ircd internals and
protocol information
sgml/ - SGML documentation
Files:
ircd.conf.example - An example ircd.conf file describing most of the
user settable options
ircd.motd - A default ircd.motd used by make install
reference.conf - A complete example showing all possible config
options
credits-past.txt - Credits for the predecessors to Charybdis
logfiles.txt - Description of formatting of some logfiles
server-version-info.txt - Overview of the flags shown in /version
Also in the contrib/ directory you will find:
example_module.c - An example module, detailing what the code in a module
does. Useful for building your own modules.

608
doc/reference.conf Executable file → Normal file
View file

@ -1,4 +1,4 @@
/* doc/reference.conf - charybdis Example configuration file
/* doc/reference.conf - solanum example configuration file
*
* Copyright (C) 2000-2002 Hybrid Development Team
* Copyright (C) 2002-2005 ircd-ratbox development team
@ -6,7 +6,6 @@
*
* Written by ejb, wcampbel, db, leeh and others
*
* $Id: reference.conf 3582 2007-11-17 21:55:48Z jilles $
*/
/* IMPORTANT NOTES:
@ -27,6 +26,10 @@
* .include "filename"
* .include <filename>
*
* Flags variables are comma-separated sets of predefined values,
* specific to each block. For example in operator {} blocks:
* flags = encrypted, encrypted;
*
* Times/durations are written as:
* 12 hours 30 minutes 1 second
*
@ -44,65 +47,71 @@
* Charybdis contains several extensions that are not enabled by default.
* To use them, uncomment the lines below.
*
* Channel mode +-A (admin only) -- chm_adminonly.so
* Channel mode +-O (oper only) -- chm_operonly.so
* Channel mode +-S (ssl only) -- chm_sslonly.so
* Emulates channel mode +-O (oper only) (+-iI $o) -- chm_operonly_compat.so
* Emulates channel mode +-R (quiet unreg) (+-q $~a) -- chm_quietunreg_compat.so
* Emulates channel mode +-S (ssl only) (+-b $~z) -- chm_sslonly_compat.so
* Restrict channel creation to logged in users -- createauthonly.so
* Account bans (+b $a[:mask]) -- extb_account.so
* Banned from another channel (+b $j:mask) -- extb_canjoin.so
* Other-channel bans (+b $c:mask) -- extb_channel.so
* Combination extbans -- extb_combi.so
* Extended ban (+b $x:mask) -- extb_extgecos.so
* Hostmask bans (for combination extbans) -- extb_hostmask.so
* Oper bans (+b $o) -- extb_oper.so
* Realname (gecos) bans (+b $r:mask) -- extb_realname.so
* Server bans (+b $s:mask) -- extb_server.so
* SSL bans (+b $z) -- extb_ssl.so
* HURT system -- hurt.so
* New host mangling (umode +x) -- ip_cloaking_4.0.so
* Old host mangling (umode +h) -- ip_cloaking.so
* Find channel forwards -- m_findforwards.so
* /identify support -- m_identify.so
* Opers cannot be invisible (umode +i) -- no_oper_invis.so
* Far connection notices (snomask +F) -- sno_farconnect.so
* Remote k/d/x line active notices -- sno_globalkline.so
* Remote oper up notices -- sno_globaloper.so
* /whois notifications (snomask +W) -- sno_whois.so
* Oper-override (modehacking only) -- override.so
* Stop services kills -- no_kill_services.so
* Channel mode +-A (admin only) -- chm_adminonly
* Channel mode +-T (blocks notices) -- chm_nonotice
* Channel mode +-O (oper only) -- chm_operonly
* Channel mode +-S (ssl only) -- chm_sslonly
* Channel mode +-M (disallow KICK on IRC ops) -- chm_operpeace
* Restrict channel creation to logged in users -- createauthonly
* Account bans (+b $a[:mask]) -- extb_account
* Banned from another channel (+b $j:mask) -- extb_canjoin
* Other-channel bans (+b $c:mask) -- extb_channel
* Combination extbans -- extb_combi
* Extended ban (+b $x:mask) -- extb_extgecos
* Hostmask bans (for combination extbans) -- extb_hostmask
* Oper bans (+b $o) -- extb_oper
* Realname (gecos) bans (+b $r:mask) -- extb_realname
* Server bans (+b $s:mask) -- extb_server
* SSL bans (+b $z) -- extb_ssl
* User mode bans (+b $u:modes) -- extb_usermode
* Helpops system (umode +h) -- helpops
* HURT system -- hurt
* New host mangling (umode +x) -- ip_cloaking_4.0
* Old host mangling (umode +h) -- ip_cloaking
* Dynamically extend channel limits -- m_extendchans
* Find channel forwards -- m_findforwards
* /identify support -- m_identify
* /locops support -- m_locops
* Opers cannot be invisible (umode +i) -- no_oper_invis
* Far connection notices (snomask +F) -- sno_farconnect
* Remote oper up notices -- sno_globaloper
* Global nick-change notices -- sno_globalnickchange
* Oper-override (modehacking only) -- override
* Stop services kills -- no_kill_services
* Allows you to hide your idle time (umode +I) -- umode_hide_idle_time
*/
#loadmodule "extensions/chm_adminonly.so";
#loadmodule "extensions/chm_operonly.so";
#loadmodule "extensions/chm_sslonly.so";
#loadmodule "extensions/chm_operonly_compat.so";
#loadmodule "extensions/chm_quietunreg_compat.so";
#loadmodule "extensions/chm_sslonly_compat.so";
#loadmodule "extensions/createauthonly.so";
#loadmodule "extensions/extb_account.so";
#loadmodule "extensions/extb_canjoin.so";
#loadmodule "extensions/extb_channel.so";
#loadmodule "extensions/extb_combi.so";
#loadmodule "extensions/extb_extgecos.so";
#loadmodule "extensions/extb_hostmask.so";
#loadmodule "extensions/extb_oper.so";
#loadmodule "extensions/extb_realname.so";
#loadmodule "extensions/extb_server.so";
#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/hurt.so";
#loadmodule "extensions/ip_cloaking_4.0.so";
#loadmodule "extensions/ip_cloaking.so";
#loadmodule "extensions/m_findforwards.so";
#loadmodule "extensions/m_identify.so";
#loadmodule "extensions/no_oper_invis.so";
#loadmodule "extensions/sno_farconnect.so";
#loadmodule "extensions/sno_globalkline.so";
#loadmodule "extensions/sno_globaloper.so";
#loadmodule "extensions/sno_whois.so";
#loadmodule "extensions/override.so";
#loadmodule "extensions/no_kill_services.so";
#loadmodule "extensions/chm_adminonly";
#loadmodule "extensions/chm_nonotice";
#loadmodule "extensions/chm_operonly";
#loadmodule "extensions/chm_sslonly";
#loadmodule "extensions/chm_operpeace";
#loadmodule "extensions/createauthonly";
#loadmodule "extensions/extb_account";
#loadmodule "extensions/extb_canjoin";
#loadmodule "extensions/extb_channel";
#loadmodule "extensions/extb_combi";
#loadmodule "extensions/extb_extgecos";
#loadmodule "extensions/extb_hostmask";
#loadmodule "extensions/extb_oper";
#loadmodule "extensions/extb_realname";
#loadmodule "extensions/extb_server";
#loadmodule "extensions/extb_ssl";
#loadmodule "extensions/extb_usermode";
#loadmodule "extensions/helpops";
#loadmodule "extensions/hurt";
#loadmodule "extensions/ip_cloaking_4.0";
#loadmodule "extensions/ip_cloaking";
#loadmodule "extensions/m_extendchans";
#loadmodule "extensions/m_findforwards";
#loadmodule "extensions/m_identify";
#loadmodule "extensions/m_locops";
#loadmodule "extensions/no_oper_invis";
#loadmodule "extensions/sno_farconnect";
#loadmodule "extensions/sno_globalnickchange";
#loadmodule "extensions/sno_globaloper";
#loadmodule "extensions/override";
#loadmodule "extensions/no_kill_services";
#loadmodule "extensions/umode_hide_idle_time";
/* serverinfo {}: Contains information about the server. (OLD M:) */
serverinfo {
@ -127,11 +136,6 @@ serverinfo {
*/
network_name = "MyNet";
/* hub: allow this server to act as a hub and have multiple servers
* connected to it.
*/
hub = no;
/* vhost: the IP to bind to when we connect outward to ipv4 servers.
* This should be an ipv4 IP only.
*/
@ -140,19 +144,21 @@ serverinfo {
/* vhost6: the IP to bind to when we connect outward to ipv6 servers.
* This should be an ipv6 IP only.
*/
#vhost6 = "2001:db7:2::6";
#vhost6 = "2001:db8:2::6";
/* ssl_private_key: our ssl private key */
ssl_private_key = "etc/ssl.key";
/* ssl_cert: certificate for our ssl server */
/* ssl_cert: certificate (and optionally key) for our ssl server */
ssl_cert = "etc/ssl.pem";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
/* ssl_private_key: our ssl private key (if not contained in ssl_cert file) */
#ssl_private_key = "etc/ssl.key";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 2048 */
/* If you do not provide parameters, some TLS backends will fail on DHE- ciphers,
and some will succeed but use weak, common DH groups! */
ssl_dh_params = "etc/dh.pem";
/* ssl_cipher_list: A list of ciphers, dependent on your TLS backend */
#ssl_cipher_list = "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
#ssl_cipher_list = "TLS_CHACHA20_POLY1305_SHA256:EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
/* ssld_count: number of ssld processes you want to start, if you
* have a really busy server, using N-1 where N is the number of
@ -280,17 +286,20 @@ class "server" {
*/
connectfreq = 5 minutes;
/* max number: the amount of servers to autoconnect to. if the number
/* max_autoconn: the amount of servers to autoconnect to. if the number
* of servers in the class is or exceeds this, no more servers in the
* class are autoconnected. oper initiated connects are unaffected.
* this should usually be set to either 0 or 1. (autoconnecting from
* hubs to leaves may cause leaves to function as hubs by having
* multiple servers connected to them.)
*/
max_number = 1;
max_autoconn = 1;
/* max_number: the maximum number of servers allowed in this class */
max_number = 100;
/* sendq: servers need a higher sendq as they are sent more data */
sendq=2 megabytes;
sendq = 2 megabytes;
};
/* listen {}: contain information about the ports ircd listens on (OLD P:) */
@ -314,8 +323,8 @@ listen {
/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
port = 5000, 6665 .. 6669;
/* sslport: listen for ssl connections on all available IPs, port 9999 */
sslport = 9999;
/* sslport: listen for ssl connections on all available IPs, port 6697 */
sslport = 6697;
/* host: set a specific IP/host the ports after the line will listen
* on. This may be ipv4 or ipv6.
@ -327,10 +336,21 @@ listen {
host = "2001:db8:2::6";
port = 7002;
sslport = 9002;
/* wsock: listeners defined with this option enabled will be websocket listeners,
* and will not accept normal clients.
*/
wsock = yes;
sslport = 9999;
};
/* auth {}: allow users to connect to the ircd (OLD I:) */
auth {
/* description: descriptive text to help recognize this auth block in
* stats i output.
*/
description = "example oper";
/* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
* lines are permitted per auth block. This is matched against the
* hostname and IP address (using :: shortening for IPv6 and
@ -340,6 +360,11 @@ auth {
user = "*@198.51.100.0/24";
user = "*test@2001:db8:1:*";
/* umodes; the user mode character string to apply to users
* when they get placed into this auth block.
*/
#umodes = "+w";
/* auth_user: This allows specifying a username:password instead of
* just a password in PASS, so that a fixed user@host is not
* necessary for a specific auth{} block.
@ -363,19 +388,24 @@ auth {
* encrypted | password is encrypted with mkpasswd
* spoof_notice | give a notice when spoofing hosts
* exceed_limit (old > flag) | allow user to exceed class user limits
* kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
* dnsbl_exempt | exempt this user from dnsbls
* spambot_exempt | exempt this user from spambot checks
* shide_exempt | exempt this user from serverhiding
* kline_exempt (old ^ flag) | exempt this user from k/g/xlines,
* | dnsbls, and proxies
* dnsbl_exempt | exempt this user from dnsbls
* proxy_exempt | exempt this user from proxies
* spambot_exempt | exempt this user from spambot checks
* shide_exempt | exempt this user from serverhiding
* jupe_exempt | exempt this user from generating
* warnings joining juped channels
* resv_exempt | exempt this user from resvs
* resv_exempt | exempt this user from resvs
* flood_exempt | exempt this user from flood limits
* USE WITH CAUTION.
* no_tilde (old - flag) | don't prefix ~ to username if no ident
* need_ident (old + flag) | require ident for user in this class
* need_ssl | require SSL/TLS for user in this class
* need_sasl | require SASL id for user in this class
* extend_chans | allow this user to join more channels than normal
* kline_spoof_ip | if this block has a spoof host, klines match only
* | the spoof and not the underlying IP
*/
flags = kline_exempt, exceed_limit;
@ -409,8 +439,15 @@ privset "local_op" {
*
* Available options:
*
* oper:local_kill: allows local users to be /KILL'd
* oper:global_kill: allows local and remote users to be /KILL'd
* oper:general: enable most general oper privileges that came
* with +o in older releases
* auspex:oper: allows the oper to see through oper hiding
* auspex:umodes: allows viewing other users' modes
* auspex:cmodes: shows privileged cmodes
* auspex:hostname: shows hidden hostnames/ips
* oper:privs: allows /stats o/O and seeing privset in /whois
* oper:testline: allows /testline and /testgecos
* oper:kill: allows local and remote users to be /KILL'd
* oper:routing: allows remote SQUIT and CONNECT
* oper:kline: allows KLINE and DLINE
* oper:unkline: allows UNKLINE and UNDLINE
@ -421,18 +458,36 @@ privset "local_op" {
* may (un)load modules and see various
* additional information.
* oper:hidden_admin: gives admin privileges except
* will not have the admin lines in
* whois.
* oper:xline: allows use of /quote xline/unxline
* oper:resv: allows /quote resv/unresv and cmode +LP
* will not have the admin lines in
* whois.
* oper:xline: allows use of /quote xline/unxline
* oper:resv: allows /quote resv/unresv
* oper:cmodes: allows cmode +LP
* oper:operwall: allows the oper to send/receive operwalls
* oper:spy: allows 'operspy' features to see through +s
* channels etc. see /quote help operspy
* oper:spy: allows 'operspy' features to see through +s
* channels etc. see /quote help operspy
* oper:hidden: hides the oper from /stats p
* oper:remoteban: allows remote kline etc
* oper:mass_notice: allows sending wallops and mass notices
* oper:mass_notice: allows sending mass notices
* oper:wallops: allows sending wallops messages
* oper:grant: allows using the GRANT command
* usermode:servnotice: allows setting +s
* oper:message: allows opers to bypass CALLERID (usermode +g)
* oper:free_target: messages to the oper bypass flood controls
*
* Privileges provided by extensions include:
*
* oper:dehelper: allows the DEHELPER command (from extensions/helpops)
* oper:override: enables oper override via umode +p (from extensions/override)
* oper:receive_immunity:
* confers the benefits of chmode +M (operpeace) (from extensions/chm_operpeace)
* usermode:helpops allows setting +h (from extensions/helpops)
* auspex:usertimes:
* allows viewing user idle/connect times even when +I is set (from extensions/umode_hide_idle_time)
* oper:shedding: allows the SHEDDING command (from extensions/m_shedding)
*/
privs = oper:local_kill, oper:operwall;
privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
};
privset "server_bot" {
@ -443,13 +498,14 @@ privset "server_bot" {
privset "global_op" {
extends = "local_op";
privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:mass_notice, oper:remoteban;
privs = oper:routing, oper:kline, oper:unkline, oper:xline,
oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
oper:remoteban;
};
privset "admin" {
extends = "global_op";
privs = oper:admin, oper:die, oper:rehash, oper:spy;
privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
};
/* operator {}: defines ircd operators. (OLD O:) */
@ -508,12 +564,21 @@ operator "god" {
privset = "admin";
};
/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */
/* connect {}: controls servers we connect with (OLD C:, N:, H:, L:).
*
* This configuration is used whether connections are incoming or
* outgoing.
*/
connect "irc.uplink.com" {
/* the name must go above */
/* the name of the other server must go above. It should match the
* other server's name in its serverinfo {} block, and does not
* need to be an actual hostname.
*/
/* host: the host or IP to connect to. If a hostname is used it
* must match the reverse dns of the server.
/* host: the host or IP to connect to.
*
* It is also used to validate incoming connections. If a hostname
* is used, it must match the reverse dns of the server.
*/
host = "203.0.113.3";
@ -528,74 +593,53 @@ connect "irc.uplink.com" {
send_password = "password";
accept_password = "anotherpassword";
/* fingerprint: if specified, the server's client certificate
* fingerprint will be checked against the specified fingerprint
* below.
/* fingerprint: if flags = ssl is specified, the server's
* certificate fingerprint will be checked against the fingerprint
* specified below. required if using flags = ssl.
*/
#fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
/* port: the port to connect to this server on */
port = 6666;
/* hub mask: the mask of servers that this server may hub. Multiple
* entries are permitted
*/
hub_mask = "*";
/* leaf mask: the mask of servers this server may not hub. Multiple
* entries are permitted. Useful for forbidding EU -> US -> EU routes.
*/
#leaf_mask = "*.uk";
/* class: the class this server is in */
class = "server";
/* flags: controls special options for this server
* encrypted - marks the accept_password as being crypt()'d
* autoconn - automatically connect to this server
* compressed - compress traffic via ziplinks
* topicburst - burst topics between servers
* ssl - ssl/tls encrypted server connections
* encrypted - marks the accept_password as being crypt()'d
* autoconn - automatically connect to this server
* topicburst - burst topics between servers
* ssl - ssl/tls encrypted server connections
* sctp - use SCTP instead of TCP to connect to the server
* no-export - marks the link as a no-export link (not exported to other links)
*/
flags = compressed, topicburst;
flags = topicburst;
};
connect "ipv6.some.server" {
/* Hosts that are IPv6 addresses must be in :: shortened form
* if applicable. Addresses starting with a colon get an extra
* zero prepended, for example: 0::1
*/
connect "ipv6.lame.server" {
host = "192.0.2.1";
host = "2001:db8:3::8";
send_password = "password";
accept_password = "password";
port = 6666;
/* aftype: controls whether the connection uses "ipv4" or "ipv6".
* Default is ipv4.
/* aftype: controls whether the outgoing connection uses "ipv4" or "ipv6".
* Default is to try either at random.
*/
aftype = ipv6;
class = "server";
};
connect "ssl.uplink.com" {
/* Example of ssl server-to-server connection, ssl flag doesn't need
* compressed flag, 'cause it uses own compression
*/
host = "203.0.113.129";
send_password = "password";
accept_password = "anotherpassword";
port = 9999;
hub_mask = "*";
class = "server";
flags = ssl, topicburst;
};
/* cluster {}; servers that we propagate things to automatically.
* NOTE: This does NOT grant them privileges to apply anything locally,
* you must add a seperate shared block for that. Clustering will
* only be done for actions by LOCAL opers, that arent directed
* remotely.
*/
/* cluster {}; servers that we propagate things to automatically. */
cluster {
/* name: the server to share with, this can be a wildcard and may be
* stacked.
@ -628,8 +672,7 @@ cluster {
/* service{}: privileged servers (services). These servers have extra
* privileges such as setting login names on users and introducing clients
* with umode +S (unkickable, hide channels, etc). This does not allow them
* to set bans, you need a separate shared{} for that.
* with umode +S (unkickable, hide channels, etc).
* Do not place normal servers here.
* There may be only one service{} block.
*/
@ -638,56 +681,6 @@ service {
name = "services.int";
};
/* shared {}: users that are allowed to place remote bans on our server.
* NOTE: These are ordered top down. The first one the user@host and server
* matches will be used. Their access will then be decided on that
* block and will not fall back to another block that matches.
*/
shared {
/* oper: the user@host and server the user must be on to set klines.
* The first field must be a user@host, the second field is an
* optional server. These may be stacked.
*/
/* flags: list of what to allow them to place, all the oper lines
* above this (up until another flags entry) will receive these
* flags. This *must* be present.
*
* kline - allow setting perm/temp klines
* tkline - allow setting temp klines
* unkline - allow removing klines
* xline - allow setting perm/temp xlines
* txline - allow setting temp xlines
* unxline - allow removing xlines
* resv - allow setting perm/temp resvs
* tresv - allow setting temp resvs
* unresv - allow removing xlines
* all - allow oper/server to do all of above.
* locops - allow locops - only used for servers who cluster
* rehash - allow rehashing
* dline - allow setting perm/temp dlines
* tdline - allow setting temp dlines
* undline - allow removing dlines
* none - disallow everything
*/
/* allow flame@*.leeh.co.uk on server irc.ircd-ratbox.org and
* allow leeh@*.leeh.co.uk on server ircd.ircd-ratbox.org to kline
*/
oper = "flame@*.leeh.co.uk", "irc.ircd-ratbox.org";
oper = "leeh@*.leeh.co.uk", "ircd.ircd-ratbox.org";
flags = kline;
/* you may forbid certain opers/servers from doing anything */
oper = "irc@vanity.oper", "*";
oper = "*@*", "irc.vanity.server";
oper = "irc@another.vanity.oper", "bigger.vanity.server";
flags = none;
/* or allow everyone to place temp klines */
oper = "*@*";
flags = tkline;
};
/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
exempt {
ip = "192.0.2.0/24";
@ -696,6 +689,12 @@ exempt {
ip = "127.0.0.1";
};
/* secure {}: IPs that are considered to be secure networks, and get
* +Z without using TLS */
secure {
ip = "127.0.0.1";
};
/* The channel block contains options pertaining to channels */
channel {
/* invex: Enable/disable channel mode +I, a n!u@h list of masks
@ -733,6 +732,9 @@ channel {
/* max chans: The maximum number of channels a user can join/be on. */
max_chans_per_user = 15;
/* max chans (large): The extended maximum number of channels a user can join. */
max_chans_per_user_large = 60;
/* max bans: maximum number of +b/e/I/q modes in a channel */
max_bans = 100;
@ -808,6 +810,22 @@ channel {
* such as LIST >0.
*/
displayed_usercount = 3;
/* strip_topic_colors: whether or not color codes in TOPIC should be stripped. */
strip_topic_colors = no;
/* opmod_send_statusmsg: format messages sent to ops due to +z
* as PRIVMSG @#channel when sent to clients.
*/
opmod_send_statusmsg = no;
/* ip_bans_through_vhost: should channel IP bans see through dynamic spoofed hosts? */
ip_bans_through_vhost = yes;
/* invite_notify_notice: when using extensions/invite_notify, should
* we send a NOTICE to clients that don't support IRCv3 invite-notify
*/
invite_notify_notice = yes;
};
@ -839,8 +857,7 @@ serverhide {
* You can have multiple combinations of host and rejection reasons.
* They are used in pairs of one host/rejection reason.
*
* These settings should be adequate for most networks, and are (presently)
* required for use on StaticBox.
* These settings should be adequate for most networks.
*
* Word to the wise: Do not use blacklists like SPEWS for blocking IRC
* connections.
@ -881,6 +898,78 @@ blacklist {
# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
};
/* These are the OPM settings.
* This is similar to the functionality provided by BOPM. It will scan incoming
* connections for open proxies by connecting to clients and attempting several
* different open proxy handshakes. If they connect back to us (via a dedicated
* listening port), and send back the data we send them, they are considered
* an open proxy. For politeness reasons (users may be confused by the incoming
* connection attempts if they are logging incoming connections), the user is
* notified upon connect if they are being scanned.
*
* WARNING:
* These settings are considered experimental. Only the most common proxy types
* are checked for (Charybdis is immune from POST and GET proxies). If you are
* not comfortable with experimental code, do not use this feature.
*/
#opm {
/* IPv4 address to listen on. This must be a publicly facing IP address
* to be effective.
* If omitted, it defaults to serverinfo::vhost.
*/
#listen_ipv4 = "127.0.0.1";
/* IPv4 port to listen on.
* This should not be the same as any existing listeners.
*/
#port_v4 = 32000;
/* IPv6 address to listen on. This must be a publicly facing IP address
* to be effective.
* If omitted, it defaults to serverinfo::vhost6.
*/
#listen_ipv6 = "::1";
/* IPv6 port to listen on.
* This should not be the same as any existing listeners.
*/
#port_v6 = 32000;
/* You can also set the listen_port directive which will set both the
* IPv4 and IPv6 ports at once.
*/
#listen_port = 32000;
/* This sets the timeout in seconds before ending open proxy scans.
* Values less than 1 or greater than 60 are ignored.
* It is advisable to keep it as short as feasible, so clients do not
* get held up by excessively long scan times.
*/
#timeout = 5;
/* These are the ports to scan for SOCKS4 proxies on. They may overlap
* with other scan types. Sensible defaults are given below.
*/
#socks4_ports = 80, 443, 1080, 8000, 8080, 10800;
/* These are the ports to scan for SOCKS5 proxies on. They may overlap
* with other scan types. Sensible defaults are given below.
*/
#socks5_ports = 80, 443, 1080, 8000, 8080, 10800;
/* These are the ports to scan for HTTP CONNECT proxies on (plaintext).
* They may overlap with other scan types. Sensible defaults are given
* below.
*/
#httpconnect_ports = 80, 8080, 8000;
/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
* They may overlap with other scan types. Sensible defaults are given
* below.
*/
#httpsconnect_ports = 443, 4443;
#};
/*
* Alias blocks allow you to define custom commands. (Old m_sshortcut.c)
* They send PRIVMSG to the given target. A real command takes
@ -1005,7 +1094,7 @@ general {
/* dots in ident: the amount of '.' characters permitted in an ident
* reply before the user is rejected.
*/
dots_in_ident=2;
dots_in_ident = 2;
/* min nonwildcard: the minimum non wildcard characters in k/d/g lines
* placed via the server. klines hand placed are exempt from limits.
@ -1075,22 +1164,66 @@ general {
*/
dline_with_reason = yes;
/* kline delay: delay the checking of klines until a specified time.
* Useful if large kline lists are applied often to prevent the
* server eating CPU.
*/
kline_delay = 0 seconds;
/* kline reason: show the user the reason why they are k/dlined
* on exit. may give away who set k/dline when set via tcm.
*/
kline_with_reason = yes;
/* tkline duration: when showing users their k/dline reason (see
* kline_with_reason), don't add "Temporary K-line 123 min."
*/
hide_tkdline_duration = no;
/* kline reason: make the users quit message on channels this
* reason instead of the oper's reason.
*/
kline_reason = "Connection closed";
/* SASL access only client message: give users a message that
* informs them
*/
sasl_only_client_message = "You need to identify via SASL to use this server.";
/* Identd access only client message: give users a message that
* informs them
*/
identd_only_client_message = "You need to install identd to use this server.";
/* SCTP forbidden client message: give users a message that
* informs them
*/
sctp_forbidden_client_message = "You are not allowed to use SCTP on this server.";
/* SSL/TLS access only client message: give users a message that
* informs them
*/
ssltls_only_client_message = "You need to use SSL/TLS to use this server.";
/* Not authorised client message: tell users that they are not
* authorised
*/
not_authorised_client_message = "You are not authorised to access this server.";
/* Illegal hostname client message: tell users that they have illegal
* chars in their hostname
*/
illegal_hostname_client_message = "You have an illegal character in your hostname.";
/* Server full client message: tell users that the server they're connecting
* to is full
*/
server_full_client_message = "Sorry, server is full - try later";
/* illegal name long client message: long-form explanation that their username
* contains illegal characters
*/
illegal_name_long_client_message = "Your username is invalid. Please make sure that your username contains only alphanumeric characters.";
/* illegal name short client message: short-form notification that their username
* contains illegal characters; will be followed by ": their_username"
*/
illegal_name_short_client_message = "Invalid username";
/* identify to services via server password
* if auth{} block had no password but the user specified a
* server password anyway, send a PRIVMSG to <identify_service>
@ -1121,36 +1254,40 @@ general {
stats_e_disabled = no;
/* stats c oper only: make stats c (connect {}) oper only */
stats_c_oper_only=no;
/* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */
stats_h_oper_only=no;
stats_c_oper_only = no;
/* stats y oper only: make stats y (class {}) oper only */
stats_y_oper_only=no;
stats_y_oper_only = no;
/* stats o oper only: make stats o (opers) oper only */
stats_o_oper_only=yes;
stats_o_oper_only = yes;
/* stats P oper only: make stats P (ports) oper only
* NOTE: users doing stats P will never be given the ips that the
* server listens on, simply the ports.
*/
stats_P_oper_only=no;
stats_P_oper_only = no;
/* stats i oper only: make stats i (auth {}) oper only. set to:
* yes: show users no auth blocks, made oper only.
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_i_oper_only=masked;
stats_i_oper_only = masked;
/* stats k/K oper only: make stats k/K (klines) oper only. set to:
* yes: show users no auth blocks, made oper only
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_k_oper_only=masked;
stats_k_oper_only = masked;
/* stats l/L oper only:
* yes: non-opers can't use this at all
* self: non-opers see only themselves
* no: show targeted users or non-hidden opers to everyone
*/
stats_l_oper_only = self;
/* map oper only: make /map oper only */
map_oper_only = no;
@ -1189,6 +1326,13 @@ general {
*/
ping_cookie = no;
/* ping warn time: how long to wait after pinging a server before starting
* to complain it is unresponsive. Note that the ping check interval is 30
* seconds, so the first complaint will come at the next check after this
* time has passed.
*/
ping_warn_time = 15 seconds;
/* connect timeout: sets how long we should wait for a connection
* request to succeed
*/
@ -1213,6 +1357,12 @@ general {
*/
max_targets = 4;
/* post-registration delay: wait this long before processing commands from a newly
* registered user. Used to allow network utility bots to perform any actions
* (such as host changes or proxy scanning) before the user can join channels.
*/
post_registration_delay = 2 seconds;
/* use_whois_actually: send clients requesting a whois a numeric
* giving the real IP of non-spoofed clients to prevent DNS abuse.
*/
@ -1220,7 +1370,7 @@ general {
/* usermodes configurable: a list of usermodes for the options below
*
* +g - callerid - Server Side Ignore
* +g - callerid - Server-side private message allow list
* +D - deaf - Don't see channel messages
* +i - invisible - Not shown in NAMES or WHO unless you share a
* a channel
@ -1242,14 +1392,6 @@ general {
* provided they have umode +s set */
oper_snomask = "+s";
/* compression level: level of compression for compressed links between
* servers.
*
* values are between: 1 (least compression, fastest)
* and: 9 (most compression, slowest).
*/
#compression_level = 6;
/* burst_away: This enables bursting away messages to servers.
* With this disabled, we will only propogate AWAY messages
* as users send them, but never burst them. Be warned though
@ -1314,10 +1456,40 @@ general {
away_interval = 30;
/* certfp_method: the method that should be used for computing certificate fingerprints.
* Acceptable options are sha1, sha256 and sha512. Networks running versions of charybdis
* prior to charybdis 3.5 MUST use sha1 for certfp_method.
* Acceptable options are sha1, sha256, spki_sha256, sha512 and spki_sha512. Networks
* running versions of charybdis prior to charybdis 3.5 MUST use sha1 for certfp_method.
*
* The spki_* variants operate on the SubjectPublicKeyInfo of the certificate, which does
* not change unless the private key is changed. This allows the fingerprint to stay
* constant even if the certificate is reissued. These fingerprints will be prefixed with
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. These fingerprints
* are not supported on servers running charybdis 3.5.3 or earlier.
*
* To generate a fingerprint from a certificate file, please use the mkfingerprint utility
* program located in the bin/ subdirectory of your IRCd installation. Running it with no
* arguments will give you a brief usage message; it takes method and filename arguments.
*/
certfp_method = sha1;
certfp_method = spki_sha256;
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
hide_opers_in_whois = no;
/* hide_opers: Hide all opers from unprivileged users */
hide_opers = no;
/* tls_ciphers_oper_only: show the TLS cipher string in /WHOIS only to opers and self */
tls_ciphers_oper_only = no;
/* hidden_caps: client capabilities we'll pretend we don't support until they're requested */
#hidden_caps = "userhost-in-names";
/* oper_secure_only: require TLS on any connection trying to oper up */
oper_secure_only = no;
/* drain_reason: Message shown to users when they are rejected from a draining server.
* requires extensions/drain to be loaded.
*/
drain_reason = "This server is not accepting connections.";
};
modules {
@ -1328,5 +1500,5 @@ modules {
path = "/usr/local/ircd/modules/autoload";
/* module: the name of a module to load on startup/rehash */
#module = "some_module.so";
#module = "some_module";
};

View file

@ -1,15 +1,15 @@
Server VERSION Info
$Id: server-version-info 1851 2006-08-24 17:16:53Z jilles $
Copyright (c) 2001 by ircd-hybrid team
Copyright (c) 2002 ircd-ratbox development team
Copyright (c) 2016 Charybdis development team
----------------------------------------------------------------------
When you type /version, you will often see something like this:
ircd-ratbox-1.0rc7(20021120_0). embers.lan egGHIKMpZ6 TS5ow
charybdis-3.5.0-rc1(20151011-d09bde1). joestar.interlinked.me :eIKMpSZ6 TS6ow 1US
Ever wondered what those funny chars mean after the version number? Well
here they are:
@ -17,12 +17,6 @@
+----------------------------+
| 'e' | USE_EXCEPT |
|------+---------------------|
| 'g' | NO_FAKE_GLINES |
|------+---------------------|
| 'G' | GLINES |
|------+---------------------|
| 'H' | HUB |
|------+---------------------|
| 'I' | USE_INVEX |
|------+---------------------|
| 'K' | USE_KNOCK |
@ -33,8 +27,6 @@
|------+---------------------|
| 'S' | OPERS_SEE_ALL_USERS |
|------+---------------------|
| 'T' | IGNORE_BOGUS_TS |
|------+---------------------|
| 'Z' | ZIPLINKS |
|------+---------------------|
| '6' | IPv6 |
@ -43,7 +35,7 @@
|------+---------------------|
| 'TS' | Supports TS |
|------+---------------------|
| '5' | TS Version 5 |
| '6' | TS Version 6 |
|------+---------------------|
| 'o' | TS Only |
|------+---------------------|

View file

@ -1,60 +0,0 @@
<!DOCTYPE Book PUBLIC "-//OASIS//DTD DocBook V4.2//EN" [
<!ENTITY intro SYSTEM "intro.sgml">
<!ENTITY oprivs SYSTEM "oprivs.sgml">
<!ENTITY umodes SYSTEM "umodes.sgml">
<!ENTITY cmodes SYSTEM "cmodes.sgml">
<!ENTITY ucommands SYSTEM "ucommands.sgml">
<!ENTITY commands SYSTEM "commands.sgml">
<!ENTITY config SYSTEM "config.sgml">
]>
<book id="charybdis-oper-guide">
<bookinfo>
<date>2009</date>
<title>Operators guide for the charybdis IRC server</title>
<author>
<firstname>William</firstname>
<surname>Pitcock</surname>
</author>
<author>
<firstname>Jilles</firstname>
<surname>Tjoelker</surname>
</author>
<copyright>
<year>2005-2009</year>
<holder>William Pitcock and Jilles Tjoelker</holder>
</copyright>
<legalnotice>
<para>
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU
General Public License, Version 2 or any later version published by the Free Software Foundation
</para>
</legalnotice>
</bookinfo>
<toc>
</toc>
&intro;
&umodes;
&cmodes;
&ucommands;
&commands;
&oprivs;
&config;
</book>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-exposed-tags:nil
sgml-local-catalogs:("/usr/lib/sgml/catalog")
sgml-local-ecat-files:nil
fill-column: 105
End:
-->

View file

@ -1,324 +0,0 @@
<chapter id="cmodes">
<title>Cmodes</title>
<sect1>
<title>Meanings of channel modes</title>
<sect2>
<title>+b, channel ban</title>
<para>
Bans take one parameter which can take several forms.
The most common form is +b nick!user@host.
The wildcards * and ? are allowed, matching zero-or-more, and
exactly-one characters respectively. The masks will be trimmed to fit the maximum allowable
length for the relevant element.
Bans are also checked against the IP address, even if it resolved or
is spoofed.
CIDR is supported, like *!*@10.0.0.0/8. This is most useful with
IPv6.
Bans are not checked against the real hostname behind any kind
of spoof, except if host mangling is in use (e.g.
<filename>extensions/ip_cloaking.so</filename>):
if the user's host is mangled, their real hostname is checked
additionally, and if a user has no spoof but could enable mangling,
the mangled form of their hostname is checked additionally.
Hence, it is not possible to evade bans by toggling
host mangling.
</para>
<para>
The second form (extban) is +b $type or +b $type:data.
type is a single character (case insensitive) indicating the
type of match, optionally preceded by a tilde (~) to negate the
comparison. data depends on type. Each type is loaded as a module.
The available types (if any)
are listed in the EXTBAN token of the 005 (RPL_ISUPPORT) numeric.
See <filename>doc/extban.txt</filename> in the source distribution
for more information.
</para>
<para>
If no parameter is given, the list of bans is returned. All users
can use this form. The plus sign should also be omitted.
</para>
<para>
Matching users will not be allowed to join the channel or knock
on it. If they are already on the channel, they may not send to
it or change their nick.
</para>
</sect2>
<sect2>
<title>+c, colour filter</title>
<para>
This cmode activates the colour filter for the channel. This filters out bold, underline,
reverse video, beeps, mIRC colour codes, and ANSI escapes. Note that escape sequences will
usually leave cruft sent to the channel, just without the escape characters themselves.
</para>
</sect2>
<sect2>
<title>+e, ban exemption</title>
<para>
This mode takes one parameter of the same form as bans, which
overrides +b and +q bans for all clients it matches.
</para>
<para>
This can be useful if it is necessary to ban an entire ISP
due to persistent abuse, but some users from that ISP should
still be allowed in. For example:
/mode #channel +be *!*@*.example.com *!*someuser@host3.example.com
</para>
<para>
Only channel operators can see +e changes or request the list.
</para>
</sect2>
<sect2>
<title>+f, channel forwarding</title>
<para>
This mode takes one parameter, the name of a channel (+f #channel). If the channel also has the
+i cmode set, and somebody attempts to join without either being expliticly invited, or having
an invex (+I), then they will instead join the channel named in the mode parameter. The client
will also be sent a 470 numeric giving the original and target channels.
</para>
<para>
Users are similarly forwarded if the +j cmode is set and their attempt to join is throttled,
if +l is set and there are already too many users in the channel
or if +r is set and they are not identified.
</para>
<para>
Forwards may only be set to +F channels, or to channels the setter
has ops in.
</para>
<para>
Without parameter (/mode #channel f or /mode #channel +f) the
forward channel is returned. This form also works off channel.
</para>
</sect2>
<sect2>
<title>+F, allow anybody to forward to this</title>
<para>
When this mode is set, anybody may set a forward from a channel
they have ops in to this channel. Otherwise they have to have ops
in this channel.
</para>
</sect2>
<sect2>
<title>+g, allow anybody to invite</title>
<para>
When this mode is set, anybody may use the INVITE command on the channel in question. When it
is unset, only channel operators may use the INVITE command.
</para>
<para>
When this mode is set together with +i, +j, +l or +r, all channel members can influence who can join.
</para>
</sect2>
<sect2>
<title>+i, invite only</title>
<para>
When this cmode is set, no client can join the channel unless they have an invex (+I) or are
invited with the INVITE command.
</para>
</sect2>
<sect2>
<title>+I, invite exception (invex)</title>
<para>
This mode takes one parameter of the same form as bans. Matching
clients do not need to be invited to join the channel when it is invite-only (+i).
Unlike the INVITE command, this does not override +j, +l and +r.
</para>
<para>
Only channel operators can see +I changes or request the list.
</para>
</sect2>
<sect2>
<title>+j, join throttling</title>
<para>
This mode takes one parameter of the form <replaceable>n</replaceable>:<replaceable>t</replaceable>, where <replaceable>n</replaceable> and <replaceable>t</replaceable> are positive integers. Only <replaceable>n</replaceable> users may join in each period of <replaceable>t</replaceable> seconds.
</para>
<para>
Invited users can join regardless of +j, but are counted as normal.
</para>
<para>
Due to propagation delays between servers, more users may be
able to join (by racing for the last slot on each server).
</para>
</sect2>
<sect2>
<title>+k, key (channel password)</title>
<para>
Taking one parameter, when set, this mode requires a user to supply the key in order to join
the channel: /JOIN #channel key.
</para>
</sect2>
<sect2>
<title>+l, channel member limit</title>
<para>
Takes one numeric parameter, the number of users which are allowed to be in the channel before
further joins are blocked.
Invited users may join regardless.
</para>
<para>
Due to propagation delays between servers, more users may be
able to join (by racing for the last slot on each server).
</para>
</sect2>
<sect2>
<title>+L, large ban list</title>
<para>
Channels with this mode will be allowed larger banlists (by default,
500 instead of 50 entries for +b, +q, +e and +I together).
Only network operators with resv privilege may set this mode.
</para>
</sect2>
<sect2>
<title>+m, moderated</title>
<para>
When a channel is set +m, only users with +o or +v on the channel can send to it.
</para>
<para>
Users can still knock on the channel or change their nick.
</para>
</sect2>
<sect2>
<title>+n, no external messages</title>
<para>
When set, this mode prevents users from sending to the channel without being in it themselves.
This is recommended.
</para>
</sect2>
<sect2>
<title>+o, channel operator</title>
<para>
This mode takes one parameter, a nick, and grants or removes channel
operator privilege to that user. Channel operators have full control
over the channel, having the ability to set all channel modes except
+L and +P, and kick users.
Like voiced users, channel operators can always
send to the channel, overriding +b, +m and +q modes and the
per-channel flood limit.
In most clients channel operators are marked with an '@' sign.
</para>
<para>
The privilege is lost if the user leaves the channel or server
in any way.
</para>
<para>
Most networks will run channel registration services (e.g. ChanServ)
which ensure the founder (and users designated by the founder) can
always gain channel operator privileges and provide some features
to manage the channel.
</para>
</sect2>
<sect2>
<title>+p, paranoid channel</title>
<para>
When set, the KNOCK command cannot be used on the channel
to request an invite, and users will not be shown the
channel in WHOIS replies unless they are on it.
Unlike in traditional IRC, +p and +s can be set together.
</para>
</sect2>
<sect2>
<title>+P, permanent channel</title>
<para>
Channels with this mode (which is accessible only to network operators with resv privilege) set will not be destroyed
when the last user leaves.
</para>
<para>
This makes it less likely modes, bans and the topic will be lost and
makes it harder to abuse network splits, but also causes more
unwanted restoring of old modes, bans and topics after long splits.
</para>
</sect2>
<sect2>
<title>+q, quiet</title>
<para>
This mode behaves exactly like +b (ban), except that the user may still join
the channel. The net effect is that they cannot knock on the channel,
send to the channel or change their nick while on channel.
</para>
</sect2>
<sect2>
<title>+Q, block forwarded users</title>
<para>
Channels with this mode set are not valid targets for forwarding. Any attempt to forward to
this channel will be ignored, and the user will be handled as if the attempt was never made (by
sending them the relevant error message).
</para>
<para>
This does not affect the ability to set +f.
</para>
</sect2>
<sect2>
<title>+r, block unidentified</title>
<para>
When set, this mode prevents unidentified users from joining.
Invited users can still join.
</para>
</sect2>
<!-- not planned (jilles)
<sect2>
<title>+R, quiet unidentified</title>
<para>
When set, this mode prevents unidentified users from sending to the channel, although they can
still join.
</para>
<para>
Please note that this mode is not implemented in Charybdis 1.0.x, and is documented in
expectation for upcoming Charybdis 1.1.
</para>
</sect2>
-->
<sect2>
<title>+s, secret channel</title>
<para>
When set, this mode prevents the channel from appearing in the
output of the LIST, WHO and WHOIS command by users who are not on
it. Also, the server will refuse to answer WHO, NAMES, TOPIC and
LIST queries from users not on the channel.
</para>
</sect2>
<sect2>
<title>+t, topic limit</title>
<para>
When set, this mode prevents users who are not channel operators
from changing the topic.
</para>
</sect2>
<sect2>
<title>+v, voice</title>
<para>
This mode takes one parameter, a nick, and grants or removes voice
privilege to that user. Voiced users can always send to the channel,
overriding +b, +m and +q modes and the per-channel flood limit.
In most clients voiced users are marked with a plus sign.
</para>
<para>
The privilege is lost if the user leaves the channel or server
in any way.
</para>
</sect2>
<sect2>
<title>+z, reduced moderation</title>
<para>
When +z is set, the effects of +m, +b and +q are relaxed. For each message, if that message
would normally be blocked by one of these modes, it is instead sent to all channel operators. This is intended for use in moderated debates.
</para>
<para>
Note that +n is unaffected by this. To silence a given user completely,
remove them from the channel.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column:105
End:
-->

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -1,41 +0,0 @@
<chapter id="intro">
<title>Introduction</title>
<sect1>
<title>Scope of this document</title>
<para>
This document describes the commands and functions available to operators in
the charybdis ircd, as used on <ulink url="http://www.atheme.net">AthemeNet</ulink>.
</para>
<para>
This document, and various ideas for features of charybdis, have
been taken from dancer-ircd/hyperion, the ircd used on freenode,
mainly written by Andrew Suffield and Jilles Tjoelker.
</para>
<para>
While this document may be of some interest to the users of charybdis servers,
it is intended as a reference for network staff.
</para>
<para>
Charybdis is based on ircd-ratbox 2.1.4, although much has changed.
<ulink url="http://www.ircd-ratbox.org">ircd-ratbox</ulink> is commonly used
on efnet, and some other networks.
</para>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column:105
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
End:
-->

View file

@ -1,171 +0,0 @@
<chapter id="oprivs">
<title>Oper privileges</title>
<sect1 id="oprivlist">
<title>Meanings of oper privileges</title>
<para>
These are specified in privset{}.
</para>
<sect2>
<title>oper:admin, server administrator</title>
<para>
Various privileges intended for server administrators.
Among other things, this automatically sets umode +a and allows
loading modules.
</para>
</sect2>
<sect2>
<title>oper:die, die and restart</title>
<para>
This grants permission to use DIE and RESTART, shutting down
or restarting the server.
</para>
</sect2>
<sect2>
<title>oper:global_kill, global kill</title>
<para>
Allows using KILL on users on any server.
</para>
</sect2>
<sect2>
<title>oper:hidden, hide from /stats p</title>
<para>
This privilege currently does nothing, but was designed
to hide bots from /stats p so users will not message them
for help.
</para>
</sect2>
<sect2>
<title>oper:hidden_admin, hidden administrator</title>
<para>
This grants everything granted to the oper:admin privilege,
except the ability to set umode +a. If both oper:admin and oper:hidden_admin
are possessed, umode +a can still not be used.
</para>
</sect2>
<sect2>
<title>oper:kline, kline and dline</title>
<para>
Allows using KLINE and DLINE, to ban users by user@host mask
or IP address.
</para>
</sect2>
<sect2>
<title>oper:local_kill, kill local users</title>
<para>
This grants permission to use KILL on users on the same server,
disconnecting them from the network.
</para>
</sect2>
<sect2>
<title>oper:mass_notice, global notices and wallops</title>
<para>
Allows using server name ($$mask) and hostname ($#mask) masks in
NOTICE and PRIVMSG to send a message to all matching users, and
allows using the WALLOPS command to send a message to all users
with umode +w set.
</para>
</sect2>
<sect2>
<title>oper:operwall, send/receive operwall</title>
<para>
Allows using the OPERWALL command and umode +z to send and
receive operwalls.
</para>
</sect2>
<sect2>
<title>oper:rehash, rehash</title>
<para>
Allows using the REHASH command, to rehash various configuration
files or clear certain lists.
</para>
</sect2>
<sect2>
<title>oper:remoteban, set remote bans</title>
<para>
This grants the ability to use the ON argument on
DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
and unset bans on other servers, and the server argument on REHASH.
This is only allowed if the oper may perform the action locally,
and if the remote server has a shared{} block.
</para>
<note><para>
If a cluster{} block is present, bans are sent remotely even
if the oper does not have oper:remoteban privilege.
</para></note>
</sect2>
<sect2>
<title>oper:resv, channel control</title>
<para>
This allows using /resv, /unresv and changing the channel
modes +L and +P.
</para>
</sect2>
<sect2>
<title>oper:routing, remote routing</title>
<para>
This allows using the third argument of the CONNECT command, to
instruct another server to connect somewhere, and using SQUIT
with an argument that is not locally connected.
(In both cases all opers with +w set will be notified.)
</para>
</sect2>
<sect2>
<title>oper:spy, use operspy</title>
<para>
This allows using /mode !#channel, /whois !nick, /who !#channel,
/chantrace !#channel, /topic !#channel, /who !mask,
/masktrace !user@host :gecos and /scan umodes +modes-modes global list
to see through secret channels, invisible users, etc.
</para>
<para>
All operspy usage is broadcasted to opers with snomask +Z set
(on the entire network) and optionally logged.
If you grant this to anyone, it is a good idea to establish
concrete policies describing what it is to be used for, and
what not.
</para>
<para>
If operspy_dont_care_user_info is enabled, /who mask is operspy
also, and /who !mask, /who mask, /masktrace !user@host :gecos
and /scan umodes +modes-modes global list do not generate +Z notices
or logs.
</para>
</sect2>
<sect2>
<title>oper:unkline, unkline and undline</title>
<para>
Allows using UNKLINE and UNDLINE.
</para>
</sect2>
<sect2>
<title>oper:xline, xline and unxline</title>
<para>
Allows using XLINE and UNXLINE, to ban/unban users by realname.
</para>
</sect2>
<sect2>
<title>snomask:nick_changes, see nick changes</title>
<para>
Allows using snomask +n to see local client nick changes.
This is designed for monitor bots.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column: 105
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
End:
-->

View file

@ -1,33 +0,0 @@
<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
<!ENTITY docbook-html.dsl PUBLIC "-//Norman Walsh//DOCUMENT DocBook HTML Stylesheet//EN" CDATA DSSSL>
<!ENTITY docbook-print.dsl PUBLIC "-//Norman Walsh//DOCUMENT DocBook Print Stylesheet//EN" CDATA DSSSL>
]>
<style-sheet>
<style-specification id="print" use="print-stylesheet">
<style-specification-body>
(define %generate-book-titlepage% #t)
(define %generate-book-titlepage-on-separate-page% #t)
(define %generate-book-toc% #t)
(define %generate-book-toc-on-titlepage% #f)
</style-specification-body>
</style-specification>
<style-specification id="html" use="html-stylesheet">
<style-specification-body>
(define %header-navigation% #t)
(define %section-autolabel% #t)
(define %root-filename% "index")
(define %use-id-as-filename% #t)
(define %css-decoration% #t)
(define %example-rules% #t)
</style-specification-body>
</style-specification>
<external-specification id="print-stylesheet" document="docbook-print.dsl">
<external-specification id="html-stylesheet" document="docbook-html.dsl">
</style-sheet>

View file

@ -1,239 +0,0 @@
<chapter id="ucommands">
<title>User Commands</title>
<sect1>
<title>User commands</title>
<para>
Standard IRC commands are not listed here.
Several of the commands in the operator commands chapter
can also be used by normal users.
</para>
<sect2>
<title>ACCEPT</title>
<cmdsynopsis><command>ACCEPT</command>
<arg choice=plain><replaceable>nick</replaceable>,</arg>
<arg choice=plain>-<replaceable>nick</replaceable>,</arg>
<arg choice=plain><replaceable>...</replaceable></arg>
</cmdsynopsis>
<para>
Adds or removes users from your accept list for umode +g and +R.
Users are automatically removed when they quit, split or change
nick.
</para>
<cmdsynopsis><command>ACCEPT</command>
<arg choice=plain>*</arg>
</cmdsynopsis>
<para>
Lists all users on your accept list.
</para>
<para>
Support of this command is indicated by the CALLERID token in
RPL_ISUPPORT (005); the optional parameter indicates the letter
of the <quote>only allow accept users to send private messages</quote>
umode, otherwise +g. In charybdis this is always +g.
</para>
</sect2>
<sect2>
<title>CNOTICE</title>
<cmdsynopsis><command>CNOTICE</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain><replaceable>channel</replaceable></arg>
<arg choice=plain>:<replaceable>text</replaceable></arg>
</cmdsynopsis>
<para>
Providing you are opped (+o) or voiced (+v) in
<replaceable>channel</replaceable>, and <replaceable>nick</replaceable>
is a member of <replaceable>channel</replaceable>, CNOTICE generates a NOTICE towards
<replaceable>nick</replaceable>.
</para>
<para>
CNOTICE bypasses any anti-spam measures in place.
If you get <quote>Targets changing too fast, message dropped</quote>,
you should probably use this command, for example sending a
notice to every user joining a certain channel.
</para>
<para>
As of charybdis 3.1, NOTICE automatically behaves as CNOTICE
if you are in a channel fulfilling the conditions.
</para>
<para>
Support of this command is indicated by the CNOTICE token in
RPL_ISUPPORT (005).
</para>
</sect2>
<sect2>
<title>CPRIVMSG</title>
<cmdsynopsis><command>CPRIVMSG</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain><replaceable>channel</replaceable></arg>
<arg choice=plain>:<replaceable>text</replaceable></arg>
</cmdsynopsis>
<para>
Providing you are opped (+o) or voiced (+v) in
<replaceable>channel</replaceable>, and <replaceable>nick</replaceable>
is a member of <replaceable>channel</replaceable>, CPRIVMSG generates a PRIVMSG towards
<replaceable>nick</replaceable>.
</para>
<para>
CPRIVMSG bypasses any anti-spam measures in place.
If you get <quote>Targets changing too fast, message dropped</quote>,
you should probably use this command.
</para>
<para>
As of charybdis 3.1, PRIVMSG automatically behaves as CPRIVMSG
if you are in a channel fulfilling the conditions.
</para>
<para>
Support of this command is indicated by the CPRIVMSG token in
RPL_ISUPPORT (005).
</para>
</sect2>
<sect2>
<title>FINDFORWARDS</title>
<cmdsynopsis><command>FINDFORWARDS</command>
<arg choice=plain><replaceable>channel</replaceable></arg>
</cmdsynopsis>
<para>
<note>
<para>
This command is only available if the <filename>m_findforwards.so</filename> extension is loaded.
</para>
</note>
Displays which channels forward to the given channel (via cmode +f).
If there are very many channels the list will be truncated.
</para>
<para>
You must be a channel operator on the channel or an IRC operator
to use this command.
</para>
</sect2>
<sect2>
<title>HELP</title>
<cmdsynopsis><command>HELP</command>
<arg><replaceable>topic</replaceable></arg>
</cmdsynopsis>
<para>
Displays help information. <replaceable>topic</replaceable> can
be INDEX, CREDITS, UMODE, CMODE, SNOMASK or a command name.
</para>
<para>
There are separate help files for users and opers. Opers can use
UHELP to query the user help files.
</para>
</sect2>
<sect2>
<title>IDENTIFY</title>
<cmdsynopsis><command>IDENTIFY</command>
<arg choice=plain><replaceable>parameters...</replaceable></arg>
</cmdsynopsis>
<para>
<note>
<para>
This command is only available if the <filename>m_identify.so</filename> extension is loaded.
</para>
</note>
Sends an identify command to either NickServ or ChanServ.
If the first parameter starts with #, the command is sent to
ChanServ, otherwise to NickServ.
The word IDENTIFY, a space and all parameters are concatenated
and sent as a PRIVMSG to the service.
If the service is not online or does not have umode +S set,
no message will be sent.
</para>
<para>
The exact syntax for this command depends on the services package
in use.
</para>
</sect2>
<sect2>
<title>KNOCK</title>
<cmdsynopsis><command>KNOCK</command>
<arg choice=plain><replaceable>channel</replaceable></arg>
</cmdsynopsis>
<para>
Requests an invite to the given channel. The channel must be
locked somehow (+ikl), must not be +p and you may not be banned
or quieted. Also, this command is rate limited.
</para>
<para>
If successful, all channel operators will receive a 710 numeric.
The recipient field of this numeric is the channel.
</para>
<para>
Support of this command is indicated by the KNOCK token in
RPL_ISUPPORT (005).
</para>
</sect2>
<sect2>
<title>MONITOR</title>
<para>
Server side notify list. This list contains nicks. When a user
connects, quits with a listed nick or changes to or from a listed
nick, you will receive a 730 numeric if the nick went online and
a 731 numeric if the nick went offline.
</para>
<para>
Support of this command is indicated by the MONITOR token in
RPL_ISUPPORT (005); the parameter indicates the maximum number
of nicknames you may have in your monitor list.
</para>
<para>
You may only use this command once per second.
</para>
<para>
More details can be found in <filename>doc/monitor.txt</filename>
in the source distribution.
</para>
<cmdsynopsis><command>MONITOR +</command>
<arg choice=plain><replaceable>nick</replaceable>,</arg>
<arg choice=plain><replaceable>...</replaceable></arg>
</cmdsynopsis>
<para>
Adds nicks to your monitor list. You will receive 730 and 731
numerics for the nicks.
</para>
<cmdsynopsis><command>MONITOR -</command>
<arg choice=plain><replaceable>nick</replaceable>,</arg>
<arg choice=plain><replaceable>...</replaceable></arg>
</cmdsynopsis>
<para>
Removes nicks from your monitor list. No output is generated for
this command.
</para>
<cmdsynopsis><command>MONITOR C</command>
</cmdsynopsis>
<para>
Clears your monitor list. No output is generated for
this command.
</para>
<cmdsynopsis><command>MONITOR L</command>
</cmdsynopsis>
<para>
Lists all nicks on your monitor list, using 732 numerics and
ending with a 733 numeric.
</para>
<cmdsynopsis><command>MONITOR S</command>
</cmdsynopsis>
<para>
Shows status for all nicks on your monitor list, using 730 and 731
numerics.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
sgml-local-ecat-files:nil
fill-column:105
End:
-->

View file

@ -1,377 +0,0 @@
<chapter id="umodes">
<title>Umodes</title>
<sect1 id="umodelist">
<title>Meanings of user modes</title>
<sect2>
<title>+a, server administrator</title>
<para>
This vanity usermode is used to denote a server administrator in WHOIS output.
All local <quote>admin</quote> privileges are independent of it, though services
packages may grant extra privileges to +a users.
</para>
</sect2>
<sect2>
<title>+D, deaf</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Users with the +D umode set will not receive messages sent to
channels. Joins, parts, topic changes, mode changes, etc are
received as normal, as are private messages.
</para>
<para>
Support of this umode is indicated by the DEAF token in
RPL_ISUPPORT (005); the parameter indicates the letter
of the umode. Note that several common IRCD implementations have
an umode like this (typically +d) but do not have the token in 005.
</para>
</sect2>
<sect2>
<title>+g, Caller ID</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Users with the +g umode set will only receive private messages from users on a
session-defined whitelist, defined by the /accept command. If a user who is not
on the whitelist attempts to send a private message, the target user will receive a rate-limited notice saying that the user
wishes to speak to them.
</para>
<para>
Network operators are not affected by the callerid whitelist system in the event
that they need to speak to users who have it enabled.
</para>
<para>
Support of this umode is indicated by the CALLERID token in
RPL_ISUPPORT (005); the optional parameter indicates the letter
of the umode, otherwise +g.
</para>
</sect2>
<sect2>
<title>+i, invisible</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Invisible users do not show up in WHO and NAMES unless you can see them.
</para>
</sect2>
<!-- not planned (jilles)
<sect2>
<title>+I, refuse invite</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
If you have the +I umode set, nobody will be able to issue an INVITE to let you
in to a channel.
</para>
<para>
This mode is not yet implemented. It will be implemented in Charybdis 1.1.
</para>
</sect2>
-->
<sect2>
<title>+l, receive locops</title>
<para>
LOCOPS is a version of OPERWALL that is sent to opers on a single
server only. With cluster{} and shared{} blocks they can optionally
be propagated further.
</para>
<para>
Unlike OPERWALL, any oper can send and receive LOCOPS.
</para>
</sect2>
<sect2>
<title>+o, operator</title>
<para>
This indicates global operator status.
</para>
</sect2>
<sect2>
<title>+Q, disable forwarding</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
This umode prevents you from being affected by channel forwarding.
If enabled on a channel, channel forwarding sends you to another
channel if you could not join. See channel mode +f for more
information.
</para>
</sect2>
<sect2>
<title>+R, reject messages from unauthenticated users</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
If a user has the +R umode set, then any users who are not authenticated
will receive an error message if they attempt to send a private
message or notice to the +R user.
</para>
<para>
Opers and accepted users (like in +g) are exempt.
Unlike +g, the target user is not notified of failed messages.
</para>
</sect2>
<sect2>
<title>+s, receive server notices</title>
<para>
This umode allows an oper to receive server notices.
The requested types of server notices are specified as a
parameter (<quote>snomask</quote>) to this umode.
</para>
</sect2>
<sect2>
<title>+S, network service</title>
<para>
<note>
<para>
This umode can only be set by servers named in a service{}
block.
</para>
</note>
This umode grants various features useful for services. For example,
clients with this umode cannot be kicked or deopped on channels,
can send to any channel, do not show channels in WHOIS,
can be the target of services aliases and do not appear in /stats p.
No server notices are sent for hostname changes by services clients;
server notices about kills are sent to snomask +k instead of +s.
</para>
<para>
The exact effects of this umode are variable; no user or oper on
an actual charybdis server can set it.
</para>
</sect2>
<sect2>
<title>+w, receive wallops</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Users with the +w umode set will receive WALLOPS messages sent by opers.
Opers with +w additionally receive WALLOPS sent by servers (e.g.
remote CONNECT, remote SQUIT, various severe misconfigurations,
many services packages).
</para>
</sect2>
<sect2>
<title>+z, receive operwall</title>
<para>
OPERWALL differs from WALLOPS in that the ability to receive such messages is
restricted. Opers with +z set will receive OPERWALL messages.
</para>
</sect2>
<sect2>
<title>+Z, SSL user</title>
<para>
This umode is set on clients connected via SSL/TLS.
It cannot be set or unset after initial connection.
</para>
</sect2>
</sect1>
<sect1 id="snomaskusage">
<title>Snomask usage</title>
<para>
Usage is as follows:
</para>
<cmdsynopsis><command>MODE</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain>+s</arg>
<arg choice=plain><replaceable>+/-flags</replaceable></arg>
</cmdsynopsis>
<para>
To set snomasks.
</para>
<cmdsynopsis><command>MODE</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain>-s</arg>
</cmdsynopsis>
<para>
To clear all snomasks.
</para>
<para>
Umode +s will be set if at least one snomask is set.
</para>
<para>
Umode +s is oper only by default, but even if you allow nonopers to
set it, they will not get any server notices.
</para>
</sect1>
<sect1 id="snomasklist">
<title>Meanings of server notice masks</title>
<sect2>
<title>+b, bot warnings</title>
<para>
Opers with the +b snomask set will receive warning messages from the server when potential
flooders and spambots are detected.
</para>
</sect2>
<sect2>
<title>+c, client connections</title>
<para>
Opers who have the +c snomask set will receive server notices when clients attach to the
local server.
</para>
</sect2>
<sect2>
<title>+C, extended client connection notices</title>
<para>
Opers who have the +C snomask set will receive server notices when clients attach to the
local server. Unlike the +c snomask, the information is displayed in a format intended
to be parsed by scripts, and includes the two unused fields of the USER command.
</para>
</sect2>
<sect2>
<title>+d, debug</title>
<para>
The +d snomask provides opers extra information which may be of interest to debuggers.
It will also cause the user to receive server notices if certain assertions fail inside the
server. Its precise meaning is variable. Do not depend on the
effects of this snomask as they can and will change without notice in later revisions.
</para>
</sect2>
<sect2>
<title>+f, full warning</title>
<para>
Opers with the +f snomask set will receive notices when a user
connection is denied because a connection limit is exceeded
(one of the limits in a class{} block, or the total per-server
limit settable with /quote set max).
</para>
</sect2>
<sect2>
<title>+F, far client connection notices</title>
<para>
<note>
<para>
This snomask is only available if the <filename>sno_farconnect.so</filename> extension is loaded.
</para>
</note>
Opers with +F receive server notices when clients connect or
disconnect on other servers. The notices have the same format
as those from the +c snomask, except that the class is ? and
the source server of the notice is the server the user is/was on.
</para>
<para>
No notices are generated for netsplits and netjoins.
Hence, these notices cannot be used to keep track of all
clients on the network.
</para>
<para>
There is no far equivalent of the +C snomask.
</para>
</sect2>
<sect2>
<title>+k, server kill notices</title>
<para>
Opers with the +k snomask set will receive server notices when
services kill users and when
other servers kill and save (forced nick change to UID) users.
Kills and saves by this server are on +d or +s.
</para>
</sect2>
<sect2>
<title>+n, nick change notices</title>
<para>
An oper with +n set will receive a server notice every time a local user changes their nick,
giving the old and new nicks.
This is mostly useful for bots that track all users on a single server.
</para>
</sect2>
<sect2>
<title>+r, notices on name rejections</title>
<para>
Opers with this snomask set will receive a server notice when somebody tries to use an
invalid username, or if a dumb HTTP proxy tries to connect.
</para>
</sect2>
<sect2>
<title>+s, generic server notices</title>
<para>
This snomask allows an oper to receive generic server notices.
This includes kills from opers (except services).
</para>
</sect2>
<sect2>
<title>+u, unauthorized connections</title>
<para>
This snomask allows an oper to see when users try to connect who do not have an
available auth{} block.
</para>
</sect2>
<sect2>
<title>+W, whois notifications</title>
<para>
<note>
<para>
This snomask is only available if the <filename>sno_whois.so</filename> extension is loaded.
</para>
</note>
Opers with +W receive notices when a WHOIS is executed on them
on their server (showing idle time).
</para>
</sect2>
<sect2>
<title>+x, extra routing notices</title>
<para>
Opers who have the +x snomask set will get notices about servers
connecting and disconnecting on the whole network. This includes
all servers connected behind the affected link. This can get
rather noisy but is useful for keeping track of all linked
servers.
</para>
</sect2>
<sect2>
<title>+y, spy</title>
<para>
Opers with +y receive notices when users try to join RESV'ed (<quote>juped</quote>) channels.
Additionally, if certain extension modules are loaded, they will
receive notices when special commands are used.
</para>
</sect2>
<sect2>
<title>+Z, operspy notices</title>
<para>
Opers with +Z receive notices whenever an oper anywhere on the
network uses operspy.
</para>
<para>
This snomask can be configured to be only effective for admins.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column: 105
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
End:
-->

View file

@ -1,330 +0,0 @@
Protocol changes for +TSora
---------------------------
Note:
The protocols described here implement TimeStamps on IRC channels and
nicks. The idea of IRC TimeStamps was started on Undernet, and first
implemented by Run <carlo@runaway.xs4all.nl>. The protocols used here
are not exactly the same as the ones used on Undernet; the nick-kill
handling is very similar and must be credited to Run, while the
"TimeStamped channel description" protocol is quite different.
TSora servers keep track of which version of the TS protocol (if any)
their neighboring servers are using, and take it into account when
sending messages to them. This allows for seamless integration of TS
servers into a non-TS net, and for upgrades of the protocol.
Each server knows which is the lowest and the highest version of the
TS protocol it can interact with; currently both of these are set to 1:
#define TS_CURRENT 1 /* the highest TS ver we can do */
#define TS_MIN 1 /* the lowest TS ver we can do */
Timings and TS versions:
========================
. Keep a 'delta' value to be added to the result of all calls to time(),
initially 0.
. Send a second argument to the PASS command, ending in the 'TS' string.
. Send a
SVINFO <TS_CURRENT> <TS_MIN> <STANDALONE> :<UTC-TIME>
just after "SERVER", where <STANDALONE> is 1 if we're connected to
more TSora servers, and 0 if not, and <UTC-TIME> is our idea of the
current UTC time, fixed with the delta.
. When we receive a "SVINFO <x> <y> <z> :<t>" line from a connecting
server, we ignore it if TS_CURRENT<y or x<TS_MIN, otherwise we
set a flag remembering that that server is TS-aware, remember the TS
version to use with it (min(TS_CURRENT, x)). Additionally, if this is
our first connected TS server, we set our delta to t-<OUR_UTC> if
z==0, and to (t-<OUR_UTC>)/2 if z!=0. The SVINFO data is kept around
until the server has effectively registered with SERVER, and used
*after* sending our own SVINFO to that server.
Explanations:
Servers will always know which of their directly-linked servers can do
TS, and will use the TS protocol only with servers that do understand
it. This makes it possible to switch to full TS in just one
code-replacement step, without incompatibilities.
As long as not all servers are TS-aware, the net will be divided into
"zones" of linked TS-aware servers. Channel modes will be kept
synchronized at least within the zone in which the channel was
created, and nick collisions between servers in the same zone will
result in only one client being killed.
Time synchronization ensures that servers have the same idea of the
current time, and achieves this purpose as long as TS servers are
introduced one by one within the same 'zone'. The merging of two zones
cannot synchronize them completely, but it is to be expected that
within each zone the effective time will be very close to the real
time.
By sending TSINFO after SERVER rather than before, we avoid the extra
lag created by the identd check on the server. To be able to send
immediately a connect burst of either type (TS or not), we need to
know before that if the server does TS or not, so we send that
information with PASS as an extra argument. And to avoid being
incompatible with 2.9 servers, which check that this second argument
begins with "2.9", we check that it *ends* with "TS".
The current time is only used when setting a TS on a new channel or
nick, and once such a TS is set, it is never modified because of
synchronization, as it is much more important that the TS for a
channel or nick stays the same across all servers than that it is
accurate to the second.
Note that Undernet's 2.8.x servers have no time synchronization at
all, and have had no problems because of it - all of this is more to
catch the occasional server with a way-off clock than anything.
NICK handling patches (anti-nick-collide + shorter connect burst):
==================================================================
. For each nick, store a TS value = the TS value received if any, or our
UTC+delta at the time we first heard of the nick. TS's are propagated
to TS-aware servers whenever sending a NICK command.
. Nick changes reset the TS to the current time.
. When sending a connect burst to another TS server, replace the
NICK/USER pair with only one NICK command containing the nick, the
hopcount, the TS, the umode, and all the USER information.
The format for a full NICK line is:
NICK <nick> <hops> <TS> <umode> <user> <host> <server> :<ircname>
The umode is a + followed by any applying usermodes.
The format for a nick-change NICK line is:
:<oldnick> NICK <newnick> :<TS>
. When a NICK is received from a TS server, that conflicts with an
existing nick:
+ if the userhosts differ or one is not known:
* if the timestamps are equal, kill ours and the old one if it
was a nick change
* if the incoming timestamp is older than ours, kill ours and
propagate the new one
* if the incoming timestamp is younger, ignore the line, but kill
the old nick if it was a nick change
+ if the userhosts are the same:
* if the timestamps are equal, kill ours and the old one if it
was a nick change
* if the incoming timestamp is younger, kill ours and propagate
the new one
* if the incoming timestamp is older, ignore the line but kill
the old nick if it was a nick change
. When a NICK is received from a non-TS server that conflicts with
an existing nick, kill both.
. Do not send "Fake Prefix" kills in response to lines coming from TS
servers; the sanitization works anyway, and this allows the "newer
nick overruled" case to work.
Explanations:
The modified nick-introduction syntax allows for a slightly shorter
connect-burst, and most importantly lets the server compare
user@host's when determining which nick to kill: if the user@host
is the same, then the older nick must be killed rather than the
newer.
When talking to a non-TS server, we need to behave exactly like one
because it expects us to. When talkign to a TS server, we don't kill
the nicks it's introducing, as we know it'll be smart enough to do it
itself when seeing our own introduced nick.
When we see a nick arriving from a non-TS server, it won't have a TS,
but it's safe enough to give it the current time rather than keeping
it 0; such TS's won't be the same all across the network (as long as
there is more than one TS zone), and when there's a collision, the TS
used will be the one in the zone the collision occurs in.
Also, it is important to note that by the time a server sees (and
chooses to ignore) a nick introduction, the introducing server has
also had the time to put umode changes for that nick on its queue, so
we must ignore them too... so we need to ignore fake-prefix lines
rather than sending kills for them. This is safe enough, as the rest
of the protocol ensures that they'll get killed anyway (and the
Undernet does it too, so it's been more than enough tested). Just for
an extra bit of compatibility, we still kill fake prefixes coming from
non-TS servers.
This part of the TS protocol is almost exactly the same as the
Undernet's .anc (anti-nick-collide) patches, except that Undernet
servers don't add usermodes to the NICK line.
TimeStamped channel descriptions (avoiding hacked ops and desynchs):
====================================================================
. For each channel, keep a timestamp, set to the current time when the
channel is created by a client on the local server, or to the received
value if the channel has been propagated from a TS server, or to 0
otherwise. This value will have the semantics of "the time of creation
of the current ops on the channel", and 0 will mean that the channel
is in non-TS mode.
A new server protocol command is introduced, SJOIN, which introduces
a full channel description: a timestamp, all the modes (except bans),
and the list of channel members with their ops and voices. This
command will be used instead of JOIN and of (most) MODEs both in
connect bursts and when propagating channel creations among TS
servers. SJOIN will never be accepted from or sent to users.
The syntax for the command is:
SJOIN <TS> #<channel> <modes> :[@][+]<nick_1> ... [@][+]<nick_n>
The fields have the following meanings:
* <TS> is the timestamp for the channel
* <modes> is the list of global channel modes, starting with a +
and a letter for each of the active modes (spmntkil), followed
by an argument for +l if there is a limit, and an argument for
+k if there's a key (in the same order they were mentioned in
the string of letters).
A channel with no modes will have a "+" in that field.
A special value of "0" means that the server does not specify the
modes, and will be used when more than one SJOIN line is needed
to completely describe a channel, or when propagating a SJOIN
the modes of which were rejected.
* Each nick is preceded by a "@" if the user has ops, and a "+" if
the user has a voice. For mode +ov, both flags are used.
SJOINs will be propagated (when appropriate) to neighboring TS
servers, and converted to JOINs and MODEs for neighboring non-TS
servers.
To propagate channels for which not all users fit in one
SJOIN line, several SJOINs will be sent consecutively, only the first
one including actual information in the <mode> field.
An extra ad-hoc restriction is imposed on SJOIN messages, to simplify
processing: if a channel has ops, then the first <nick> of the first
SJOIN sent to propagate that channel must be one of the ops.
Servers will never attempt to reconstruct a SJOIN from JOIN/MODE
information being received at the moment from other servers.
. For each user on a channel, keep an extra flag (like ops and voice)
that is set when the user has received channel ops from another
server (in a SJOIN channel description), which we rejected (ignored).
Mode changes (but NOT kicks) coming from a TS server and from someone
with this flag set will be ignored. The flag will be reset when the
user gets ops from another user or server.
. On deops done by non-local users, coming from TS servers, on channels
with a non-zero TS, do not check that the user has ops but check that
their 'deopped' flag is not set. For kicks coming from a TS server, do
not check either. This will avoid desynchs, and 'bad' modechanges are
avoided anyway. Other mode changes will still only be taken into
account and propagated when done by users that are seen as having ops.
. When a MODE change that ops someone is received from a server for a
channel, that channel's TS is set to 0, and the mode change is
propagated.
. When a SJOIN is received for a channel, deal with it in this way:
* received-TS = 0:
+ if we have ops or the SJOIN doesn't op anyone, SJOIN propagated
with our own TS.
+ otherwise, TS set to 0 and SJOIN propagated with 0.
* received-TS > 0, own-TS = 0:
+ if the SJOIN ops someone or we don't have ops, set our TS to the
received TS and propagate.
+ otherwise, propagate with TS = 0.
* received-TS = own-TS: propagate.
* received-TS < own-TS:
+ if the SJOIN ops someone, remove *all* modes (except bans) from
the channel and propagate these mode changes to all neighboring
non-TS servers, and copy the received TS and propagate the SJOIN.
+ if the SJOIN does not op anyone and we have ops, propagate
with our own TS.
+ otherwise, copy the received TS and propagate the SJOIN.
* received-TS > own-TS:
+ if the SJOIN does not introduce any ops, process and propagate
with our own TS.
+ if we have ops: for each person the mode change would op, set the
'deopped' flag; process all the JOINs ignoring the '@' and '+'
flags; propagate without the flags and with our TS.
+ if we don't have ops: set our TS to the received one, propagate
with the flags.
Explanations:
This part of the protocol is the one that is most different (and
incompatible) with the Undernet's: we never timestamp MODE changes,
but instead we introduce the concept of time-stamped channel
descriptions. This way each server can determine, based on its state
and the received description, what the correct modes for a channel
are, and deop its own users if necessary. With this protocol, there is
*never* the need to reverse and bounce back a mode change. This is
both faster and more bandwith-effective.
The end goal is to have a protocol will eventually protect channels
against hacked ops, while minimizing the impact on a mixed-server net.
In order to do this, whenever there is a conflict between a TS server
and a non-TS one, the non-TS one's idea of the whole situation
prevails. This means that channels will only have a TS when they have
been created on a TS-aware server, and will lose it whenever a server
op comes from a non-TS server. Also, at most one 'zone' will have a TS
for any given channel at any given time, ensuring that there won't be
any deops when zones are merged. However, when TS zones are merged, if
the side that has a TS also has ops, then the TS is kept across the
whole new zone. Effective protection will only be ensured once all
servers run TS patches and channels have been re-created, as there is
no way servers can assign a TS to a channel they are not creating
(like they do with nicks) without having unwanted deops later.
The visible effects of this timestamped channel-description protocol
are that when a split rejoins, and one side has hacked ops, the other
side doesn't see any server mode changes (just like with Undernet's
TS), but the side that has hacked ops sees:
* first the first server on the other side deopping and devoicing
everyone, and fixing the +spmntkli modes
* then other users joining, and getting server ops and voices
The less obvious part of this protocol is its behavior in the case
that the younger side of a rejoin has servers that are lagged with
each other. In such a situation, a SJOIN that clears all modes and
sets the legitimate ones is being propagated from one server, and
lagged illegitimate mode changes and kicks are being propagated in the
opposite direction. In this case, a kick done by someone who is being
deopped by the SJOIN must be taken into account to keep the name list
in sync (and since it can only be kicking someone who also was on the
younger side), while a deop does not matter (and will be ignored by
the first server on the other side), and an opping *needs* to be
discareded to avoid hacked ops.
The main property of timestamped channel descriptions that makes them
a very stable protocol even with lag and splits, is that they leave a
server in the same final state, independently of the order in which
channel descriptions coming from different servers are received. Even
when SJOINs and MODEs for the same channel are being propagated in
different direction because of several splits rejoining, the final
state will be the same, independently of the exact order in which each
server received the SJOINs, and will be the same across all the
servers in the same zone.

Some files were not shown because too many files have changed in this diff Show more