Compare commits

...

314 commits

Author SHA1 Message Date
Martin Weinelt
6b8d4cb307 default.nix: drop rb_setenv for BANDB_PATH
Fixes: "bandb - bandb failure: Unable to open sqlite database: unable to open database file"
2021-06-01 20:12:30 +02:00
Martin Weinelt
66225eb7ef default.nix: enable ziplinks 2021-06-01 20:12:24 +02:00
Martin Weinelt
f5f2190b40 add default.nix 2020-07-28 23:13:35 +02:00
ManiacTwister
529e8705c2 Merge remote-tracking branch 'upstream/release/3.5' into hackint/3.5 2020-03-01 18:15:35 +01:00
Aaron Jones
fca7f870c8
extensions/extb_ssl.c: make certfp parameter case-insensitive
I had the idea that maybe these should be case-sensitive because some
encodings (like Base-64) are. But it turns out it's better to
prioritise not breaking existing configurations / channel mode lists,
and just revisit this in future maybe.

[ci skip]
2020-01-28 20:47:04 +00:00
Aaron Jones
5572f43834
extensions/extb_ssl.c: clean up this logic
This should also be using strcmp(3), not irccmp().
No practical consequence (yet), it just makes more sense.
2020-01-28 20:35:42 +00:00
Aaron Jones
905508885b
Support ECDH X25519 for TLSv1.3 (OpenSSL 1.1.1) 2019-09-08 13:57:53 +00:00
Aaron Jones
88fbca25d0
Charybdis 3.5.7 2019-08-31 19:11:05 +00:00
Simon Arlott
a74ee5d2c7
Revert "ircd: Fix umode orphan scheme."
This reverts commit c1fc044c35.
2019-08-31 15:06:30 +01:00
Simon Arlott
24b8fd0063
m_sasl: Don't process authentication messages if SASL has been aborted 2019-06-08 22:07:36 +01:00
Aaron Jones
a589946b42
Revert "m_sasl: Don't process authentication messages if SASL has been aborted"
SASL does not work with this commit in the tree.

This reverts commit f44a0d7ea2.
2019-06-08 20:59:36 +00:00
Simon Arlott
f44a0d7ea2
m_sasl: Don't process authentication messages if SASL has been aborted 2019-02-23 13:19:13 +00:00
Aaron Jones
358a73c8d5
Merge branch fakelist into release/3.5 2018-11-26 21:24:34 +00:00
Aaron Jones
3c36726f83
src/newconf.c: fakechannel: guard against repeated config options
Also correct another minor memory leak
2018-11-26 21:23:51 +00:00
ManiacTwister
9a10251fd5 Fixed syntax error 2018-11-26 22:10:11 +01:00
ManiacTwister
d7aec4702a Initialize fakechan topic to NULL, allocate an empty string if not overridden 2018-11-26 22:03:42 +01:00
ManiacTwister
908f1c30c4 Proper range for fakechannel user count 2018-11-26 20:13:37 +01:00
ManiacTwister
cee332ab83 Use irccmp instead of strcasecmp for fakechannels 2018-11-26 20:13:20 +01:00
ManiacTwister
0ca3cf0d91 Disable fakechannels by default 2018-11-26 20:13:00 +01:00
ManiacTwister
590a46b165 Fixed fakechannel removal 2018-11-26 20:12:44 +01:00
ManiacTwister
23e6d4ed73 Check if users_max is less than users_min 2018-11-26 20:12:04 +01:00
ManiacTwister
6d01464fc5 Allow fakechannels with 0 users 2018-11-26 20:11:37 +01:00
ManiacTwister
a4e5c2fa61 Added fakechannels to /LIST 2018-11-21 20:19:41 +01:00
ManiacTwister
074e23e4e2 Added SNI support (OpenSSL) 2018-11-21 20:03:48 +01:00
ManiacTwister
0b79494ec9 Added fakechannels to /LIST 2018-10-27 21:47:25 +02:00
ManiacTwister
d89ff1897d Check if ssl_cipher_list is set 2018-10-27 20:59:42 +02:00
ManiacTwister
bec08a8364 Allow fd limit change when rehashing 2018-10-27 20:59:02 +02:00
ManiacTwister
ef70f680c5 Add commit sha1 to charybdis version 2018-10-27 20:53:52 +02:00
Aaron Jones
a034b14fbf
charybdis 3.5.6 2018-08-26 18:50:21 +00:00
Aaron Jones
cc34e7543a
libratbox/src/mbedtls_ratbox.h: remove unnecessary inclusion 2018-08-26 18:50:08 +00:00
Simon Arlott
3ea954da3a
m_nick/m_sasl/m_user: restore check for mixing of client and server protocol 2018-08-15 22:48:08 +01:00
Simon Arlott
28caceba33
m_pass: store unverified SID in preClient for use in m_server 2018-08-15 22:48:07 +01:00
Aaron Jones
4f8ad92ab4
MbedTLS: Support ChaCha20-Poly1305 in TLSv1.2+ 2018-08-13 22:34:16 +00:00
Simon Arlott
151c4614a0
authd: always use an empty buffer to read ident reply
Otherwise we could read uninitialised data beyond the actual reply
2018-08-12 18:57:15 +01:00
Simon Arlott
03f04cd80e
m_sasl: check if the agent is present after every client_exit
When a server disconnects the client_exit hook will only be called once
but there could be multiple servers and clients behind that server.

After any client exits, check if the agent is still present.
2018-08-12 13:06:20 +01:00
Simon Arlott
f515fa9382
doc: build with travis 2018-08-12 10:15:05 +01:00
Simon Arlott
8e02234970
doc: there is no _static directory 2018-08-12 09:42:10 +01:00
Simon Arlott
ccaf2012bd
Merge pull request #263 from anarcat/extban-doc
point users towards HELP EXTBAN for inline help
2018-08-12 09:25:56 +01:00
Antoine Beaupré
6e93b3b153
point users towards HELP EXTBAN for inline help 2018-07-26 16:39:58 -04:00
Aaron Jones
bfffef7436
modules/m_sasl.c: prevent abort_sasl() sending 906 twice 2018-04-06 20:05:48 +00:00
Aaron Jones
11d111c3fa
modules/m_sasl.c: abort session if we receive '*' as data
Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.

cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287

Reported-By: James Wheare
2018-04-06 19:45:56 +00:00
Aaron Jones
6c00795284
libratbox/src/mbedtls.c: check public/private keys match 2018-01-06 15:58:30 +00:00
Aaron Jones
412263854f
src/s_user.c: don't send fake MODE for clients who have CHGHOST
Reported-by: Samuel Hoffman <samuelhoffman2@gmail.com>
2017-12-17 03:20:08 +00:00
Aaron Jones
9d80b087cd
doc/reference.conf: clarify that server link fingerprints aren't optional
[ci skip]
2017-11-04 07:42:21 +00:00
Aaron Jones
cf5b56b06b
Update configure from configure.ac 2017-10-23 11:44:04 +00:00
mniip
5ce1252007
configure.ac: Adjust dlopen/dlsym checks
In modern gcc/clang, libasan (the address sanitizer runtime) exports a
weak definition of `dlopen` so that it can intercept certain flags. If
one tried to `./configure` with address sanitizer enabled, this would
cause AC_SEARCH_LIBS to conclude that dlopen doesn't require any link
flags to use. However libasan does not export `dlsym` and this caused
AC_CHECK_FUNC to fail because it didn't try linking with `-ldl`.
2017-10-23 11:43:42 +00:00
Aaron Jones
e1d4ebda4d
modules/static_modules.c.SH: use correct header file
Commit 4016731b1c missed a file.

Reported-by: mniip (Freenode)

[ci skip]
2017-10-15 06:38:33 +00:00
Aaron Jones
c380c2336a Merge pull request #247 from anarcat/cmode-help-pointer
point to the CMODE help page for more modes
2017-08-29 18:21:56 +00:00
Antoine Beaupré
b018538406
point to the CMODE help page for more modes 2017-08-29 09:10:37 -04:00
Simon Arlott
55735d9d7e
exit_unknown_client: don't delete servers from the client hash
Outgoing servers are not added to the client hash until they reach
IsServer() status, so if they're unknown when they exit then don't
attempt to delete them.
2017-08-24 20:09:17 +01:00
Simon Arlott
754c1edf2e
m_sasl: indicate client connection type for SASL 2017-08-13 21:52:04 +01:00
Aaron Jones
a6485efda0
libratbox/src/commio.c: misc cleanups for compiler warnings
commio.c:2244:11: warning: variable length array used [-Wvla]
commio.c:2253:29: warning: comparison of integers of different signs:
                  'unsigned int' and 'int' [-Wsign-compare]

This use of alloca(3) is okay-ish considering the corresponding function
`rb_recv_fd_buf()` already uses it too, for much the same purpose. Also
remove a redundant return statement.
2017-08-04 12:32:58 +00:00
Simon Arlott
c41d0c0f5f
modules/core/m_join.c: remove global variable parabuf
Edit by @aaronmdjones: m_join() doesn't need it
2017-08-04 12:32:58 +00:00
Simon Arlott
75399a9334
modules/core/m_join.c: remove global variable modebuf 2017-08-04 12:32:58 +00:00
Simon Arlott
18823bcfca
modules/core/m_join.c: remove global variable para 2017-08-04 12:32:58 +00:00
Simon Arlott
1c2012f03b
modules/core/m_join.c: remove global variable pargs 2017-08-04 12:32:58 +00:00
Simon Arlott
6420b39ad0
modules/core/m_join.c: remove global variable mbuf 2017-08-04 12:32:58 +00:00
Simon Arlott
55ae03aee1
libratbox/src/ratbox_lib.c: avoid clang static analysis warning 2017-08-04 12:32:58 +00:00
Simon Arlott
ae6ce6100a
ssld: avoid clang static analysis warning
Don't set `x = 0` twice.

Edit by @aaronmdjones: fix for loop initialisation and inner condition
2017-08-04 12:32:58 +00:00
Simon Arlott
a21843a0a0
ssld: avoid clang static analysis warning 2017-08-04 12:32:58 +00:00
Simon Arlott
8fc0cea653
librb: rb_linebuf_copy_raw: remove unused assignment 2017-08-04 12:32:58 +00:00
Simon Arlott
ed78e97a96
ircd: hostmask: avoid clang static analysis warning
arec->Mask.ipa.bits is unused if arec->masktype == HM_HOST
2017-08-04 12:32:58 +00:00
Simon Arlott
ea3ca814f5
libratbox/src/commio.c: Must set addrlen before every call to accept()
If an IPv4 connection is dropped by the pre-callback, and there is a
pending IPv6 connection on the same listening socket then the retried
accept() will be unable to populate `st` because `addrlen` will be too
small. Also initialise `st` each time to avoid a clang static analysis
warning.
2017-08-04 12:32:58 +00:00
Aaron Jones
e09aeac9ed
src/hash.c: misc cleanup for compiler warnings
hash.c:714:36: warning: comparison of integers of different signs:
               'uint32_t' (aka 'unsigned int') and 'int'
               [-Wsign-compare]

    (... and 1 more of the same)
2017-08-04 12:32:58 +00:00
Aaron Jones
85f46bb59e
libratbox/src/crypt.c: misc cleanup for compiler warning
crypt.c:1979:7: warning: '_STRING_ARCH_unaligned' is not defined,
                evaluates to 0 [-Wundef]
2017-08-04 12:32:58 +00:00
Aaron Jones
e55c29ef11
include/s_user.h: convert raw attribute into already-existing macro call
I overlooked this existing macro when adding this attribute in an earlier
commit.
2017-08-04 12:32:57 +00:00
Aaron Jones
3109b8a636
modules/core/m_mode.c: misc cleanup for compiler warning
core/m_mode.c:378:11: warning: possible misuse of comma operator here
                      [-Wcomma]
2017-08-04 12:32:57 +00:00
Aaron Jones
c67c9451a1
extensions/hurt.c: misc cleanups for compiler warnings
hurt.c:196:16: warning: possible misuse of comma operator here [-Wcomma]

    (... and 3 more of the same)
2017-08-04 12:32:57 +00:00
Aaron Jones
daf1b4b9af
extensions/m_sendbans.c: misc cleanup for compiler warning
m_sendbans.c:76:15: warning: possible misuse of comma operator here
                    [-Wcomma]
2017-08-04 12:32:57 +00:00
Aaron Jones
8952f21843
modules/m_rehash.c: misc cleanups for compiler warnings
m_rehash.c:380:17: warning: possible misuse of comma operator here
                   [-Wcomma]

    (... and 3 more of the same)
2017-08-04 12:32:57 +00:00
Aaron Jones
ec5f6dc23b
src/supported.c: misc cleanups for compiler warnings
supported.c:172:22: warning: possible misuse of comma operator here
                    [-Wcomma]

    (... and 4 more of the same)
2017-08-04 12:32:57 +00:00
Aaron Jones
f21bac62f4
src/chmode.c: misc cleanups for compiler warnings
chmode.c:417:12: warning: possible misuse of comma operator here
                 [-Wcomma]

    (... and 12 more of the same)
2017-08-04 12:32:57 +00:00
Aaron Jones
f54e6c3558
libratbox/src/commio.c: misc cleanup for compiler warning
commio.c:1269:17: warning: possible misuse of comma operator here
                  [-Wcomma]

What an ugly way to use commas!
2017-08-04 12:32:57 +00:00
Aaron Jones
82e920102f
lots of misc cleanups for compiler warnings
ratbox_lib.c:159:1: warning: function 'rb_lib_restart' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]

ratbox_lib.c:220:1: warning: function 'rb_lib_loop' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]

restart.c:55:1: warning: function 'server_reboot' could be declared with
                attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
6f1e0a6f47
src/ircd_signal.c: misc cleanup for compiler warning
ircd_signal.c:59:1: warning: function 'sigterm_handler' could be declared
                    with attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
9ca4bd7e0c
rb_helper: misc cleanups for compiler warning
helper.c:291:1: warning: function 'rb_helper_loop' could be declared
                with attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
7406d7acad
getopt: misc cleanups for compiler warning
getopt.c:124:1: warning: function 'usage' could be declared with
                attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
8c8a219e71
src/bandbi.c: misc cleanup for compiler warning
bandbi.c:389:1: warning: function 'bandb_handle_failure' could be
                declared with attribute 'noreturn'
                [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
bd62a802f9
libratbox/src/balloc.c: misc cleanup for compiler warning
balloc.c:111:1: warning: function '_rb_bh_fail' could be declared with
                attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:57 +00:00
Aaron Jones
efc60d52a3
modules/core/m_server.c: misc cleanup for compiler warnings
core/m_server.c:138:3: warning: 'break' will never be executed
                       [-Wunreachable-code-break]

    (... and 3 more of the same)

Why put an unreachable comment in the code *and then write a
statement following it* ? O_o
2017-08-04 12:32:57 +00:00
Aaron Jones
81e245be5b
modules/core/m_die.c: misc cleanup for compiler warning
core/m_die.c:76:9: warning: 'return' will never be executed
                   [-Wunreachable-code-return]
2017-08-04 12:32:57 +00:00
Aaron Jones
ee0a3970c8
modules/m_whois.c: misc cleanup for compiler warning
m_whois.c:331:8: warning: declaration shadows a local variable [-Wshadow]
2017-08-04 12:32:56 +00:00
Aaron Jones
72fd7c04ac
include/s_user.h: misc cleanup for compiler warning
s_user.c:1428:26: warning: format string is not a string literal
                  [-Wformat-nonliteral]

Adding the printf attribute to the function will make the compiler
assume that the 'format' argument to the function is a string
literal (by warning about the *callers* of the function *not* using
a string literal), thus avoiding the warning in the function.
2017-08-04 12:32:56 +00:00
Aaron Jones
eef58149c7
src/res.c: misc cleanup for compiler warnings
res.c:704:6: warning: 'break' will never be executed
             [-Wunreachable-code-break]

    (... and 2 more of the same)
2017-08-04 12:32:56 +00:00
Aaron Jones
e52356b21e
libratbox/src/commio.c: misc cleanup for compiler warnings
commio.c:1368:3: warning: 'break' will never be executed
                 [-Wunreachable-code-break]

    (... and 2 more of the same)
2017-08-04 12:32:56 +00:00
Aaron Jones
9c7e29bf66
src/chmode.c: misc cleanup for compiler warning
chmode.c:782:3: warning: 'break' will never be executed
                [-Wunreachable-code-break]
2017-08-04 12:32:56 +00:00
Aaron Jones
ef14b780b4
src/modules.c: misc cleanup for compiler warnings
modules.c:799:37: warning: cast from function call of type 'void *' to
                  non-matching type 'uintptr_t' (aka 'unsigned long')
                  [-Wbad-function-cast]

    (... and 1 more of the same)

Redundant double-cast removed.
2017-08-04 12:32:56 +00:00
Aaron Jones
fa2b7ab282
libratbox/src/openssl_ratbox.h: misc cleanup for compiler warning
openssl.c:459:47: warning: cast from 'const char *' to 'char *' drops
                  const qualifier [-Wcast-qual]

(I find it remarkable that SSL_CTX_set1_curves_list() does not accept a
 'const char *' argument...)
2017-08-04 12:32:56 +00:00
Aaron Jones
b253a53c51
modules/m_stats.c: misc cleanup for compiler warnings
m_stats.c:181:22: warning: this function declaration is not a prototype
                  [-Wstrict-prototypes]

m_stats.c:1502:24: warning: format string is not a string literal
                   [-Wformat-nonliteral]
    (... and 2 more of the same)
2017-08-04 12:32:56 +00:00
Aaron Jones
28541a0d96
tools/mkpasswd.c: misc cleanup for compiler warnings
mkpasswd.c:516:1: warning: function 'full_usage' could be declared with
                  attribute 'noreturn' [-Wmissing-noreturn]

mkpasswd.c:537:1: warning: function 'brief_usage' could be declared with
                  attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:56 +00:00
Aaron Jones
3f7ccca917
libratbox/src/crypt.c: misc cleanup for compiler warnings
crypt.c:49:4: warning: 'break' will never be executed
              [-Wunreachable-code-break]
    (... and 3 more of the same)

crypt.c:627:7: warning: variable 'f' may be uninitialized when used
               here [-Wconditional-uninitialized]

crypt.c:539:12: note: initialize the variable 'f' to silence this
                warning
2017-08-04 12:32:56 +00:00
Aaron Jones
9519919ff5
ssld/ssld.c: misc cleanup for compiler warning
ssld.c:1251:14: warning: signed shift result (0x80000000) sets the sign
                bit of the shift expression's type ('int') and becomes
                negative [-Wshift-sign-overflow]
2017-08-04 12:32:56 +00:00
Aaron Jones
846629b388
bandb/bantool.c: misc cleanup for compiler warning
bantool.c:149:4: warning: 'break' will never be executed
                 [-Wunreachable-code-break]
2017-08-04 12:32:56 +00:00
Aaron Jones
9b7cc82b90
ircd: misc cleanup for compiler warnings
ircd.c:125:1: warning: function 'ircd_shutdown' could be declared with
              attribute 'noreturn' [-Wmissing-noreturn]

ircd.c:437:1: warning: function 'ircd_die_cb' could be declared with
              attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:56 +00:00
Aaron Jones
a8517ee77c
bandb/bandb.c: misc cleanup for compiler warnings
bandb.c:243:1: warning: function 'error_cb' could be declared with
               attribute 'noreturn' [-Wmissing-noreturn]

bandb.c:289:1: warning: function 'db_error_cb' could be declared with
               attribute 'noreturn' [-Wmissing-noreturn]

bandb.c:293:13: warning: signed shift result (0x80000000) sets the sign
                bit of the shift expression's type ('int') and becomes
                negative [-Wshift-sign-overflow]
2017-08-04 12:32:56 +00:00
Aaron Jones
81ae0a7d1b
bandb/bantool.c: misc cleanup for compiler warning
bantool.c:872:1: warning: function 'print_help' could be declared with
                 attribute 'noreturn' [-Wmissing-noreturn]
2017-08-04 12:32:53 +00:00
Simon Arlott
9d7c65294f
m_webirc: set sockhost before potentially using it to set host
Remove extra IP check, it's not necessary.
2017-08-01 22:50:30 +01:00
Simon Arlott
ce15ac6c0b
sslproc: check number of arguments to zipstats command 2017-07-29 22:22:34 +01:00
Aaron Jones
705ca33e17
src/channel.c: don't use the bancache in is_banned()/is_quieted()
The bancache will be re-architected onto clients in future for easier
invalidation, but this is a good-enough temporary fix for issue #243

Fixes #243
2017-07-05 17:35:28 +00:00
Aaron Jones
167ca46a04
mbedtls.c: minor fixups
- Add (void) casts for unused function parameters
- Rearrange member in `struct rb_mbedtls_cfg_context' for data alignment
- Document a `clang-4.0 -Weverything' (-Wcast-qual) diagnostic
- Avoid pointless conversions between positive/negative error codes
- Use capital hexadecimals in error codes and properly cast to
  (unsigned int) for %x/%X
2017-07-03 00:21:43 +00:00
Simon Arlott
51d65d191a
m_webirc: use rb_inet_ntop_sock to populate sockhost 2017-06-27 21:15:14 +01:00
Simon Arlott
62c0ac4124
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:54:39 +01:00
Aaron Jones
789bb31c92
configure: allow exact PID file prefix to be specified 2017-06-23 05:55:48 +00:00
Aaron Jones
1b7c6aff1a
MbedTLS: Don't use a dummy CA certificate on new library (no longer required) 2017-06-22 11:12:21 +00:00
Ellenor Malik
e0f1c3b5bc
extensions/extb_ssl.c: add support for matching by certificate fingerprint 2017-06-16 01:51:38 +00:00
Aaron Jones
68ba8e8125
README.md: Update channel
The domain expired and then someone else seems to have reacquired it,
so point users back at Freenode for now as recovery is unlikely.
2017-06-12 17:00:14 +00:00
Aaron Jones
8b96afb67b Merge pull request #241 from anarcat/rst-guide 2017-03-25 16:49:08 +00:00
Antoine Beaupré
7e7107a6b7
fix more headings 2017-03-25 12:35:29 -04:00
Antoine Beaupré
5bc633fd77
fix two headings to be toplevel 2017-03-25 12:33:06 -04:00
Antoine Beaupré
c14e0b9523
do not hardcode theme 2017-03-25 12:29:27 -04:00
Antoine Beaupré
f41c25c0c1
config.rst review 2017-03-25 12:22:36 -04:00
Antoine Beaupré
ea56df54f7
review commands.rst style 2017-03-25 12:07:37 -04:00
Antoine Beaupré
194a960192
fix style in ucommands.rst 2017-03-25 11:49:30 -04:00
Antoine Beaupré
79a69a8e43
fix syntax warning 2017-03-25 11:47:58 -04:00
Antoine Beaupré
8bb743a695
fix ucommands.rst style 2017-03-25 11:47:23 -04:00
Antoine Beaupré
689137420b
review umodes.rst 2017-03-25 11:45:22 -04:00
Antoine Beaupré
2838bd22d6
review oprivs.rst style 2017-03-25 11:44:51 -04:00
Antoine Beaupré
932350e189
review cmodes.rst style 2017-03-25 11:42:51 -04:00
Antoine Beaupré
bdfadfcb99
some styling
turn all +flags into preformatted flags, fix admonitions
2017-03-25 11:33:06 -04:00
Antoine Beaupré
bc9cb138a4
ignore build results 2017-03-25 11:15:08 -04:00
Antoine Beaupré
c74b47583e
fix duplicate headings, remove duplicate ToC 2017-03-25 11:15:03 -04:00
Antoine Beaupré
0da7307521
merge two index pages 2017-03-25 11:09:44 -04:00
Antoine Beaupré
2874f74c81
convert SGML guide to RST
the rationale behind switching away from SGML/Docbook is the following:

 * SGML is hard to edit for humans
 * the output is not much prettier
 * the toolchain is not well supported and missing from the build
 * the build is not hooked into anywhere, no automation

the reason why RST was chosen:

 * it allows for a strong structure like Docbook
 * the theme from Read The Docs is pretty
 * it also supports mobile devices
 * sphinx can easily output to PDF and ePUB formats
 * RST is plaintext that can be easily edited and diff'd
 * RST can be automatically built by ReadTheDocs and the toolchain is
   readily available
 * the output is also parsed by Github so documentation can be read
   straight from GH

the reason why Markdown was not chosen:

 * the current strong structure would be hard to replicate
 * markdown is not standardized and output varies according to the
   implementation

the docs were converted with Pandoc, using the following commands:

    mkdir oper-guide
    for source in sgml/oper-guide/*.sgml; do
        pandoc --toc -s -f docbook -t rst $source -o oper-guide/$(basename $source .sgml).rst
    done
    cd oper-guide
    sphinx-quickstart
    git add *.rst make.bat conf.py
    git add -f Makefile
    git rm -r ../sgml
2017-03-25 10:51:01 -04:00
Aaron Jones
6fa52d140c
Charybdis 3.5.5 2017-03-01 01:08:58 +00:00
Aaron Jones
d8df3c90de
GNUTLS: Log why fingerprint generation fails
This is rudimentary but at least 1 other backend logs why too.
2017-03-01 01:06:57 +00:00
Aaron Jones
5d8a480305
GNUTLS: Don't use VERS-TLS-ALL
It causes problems with older versions of the library.
2017-02-28 22:51:51 +00:00
Aaron Jones
b012874243 Merge pull request #238 from anarcat/gnutls-cert-count
properly call gnutls_x509_crt_list_import
2017-02-28 22:44:35 +00:00
Antoine Beaupré
9f21f1b353
properly call gnutls_x509_crt_list_import
the [manpage][] says:

>  unsigned int * cert_max
>      Initially must hold the maximum number of certs. It will be updated
>      with the number of certs available.

ratbox doesn't actually initialize that variable, so gnutls naturally
fails. i would also recommend considering dynamically allocating the
cert list to deal with that error in other ways than failing to
configured SSL completely in GnuTLS. the apache gnutls module has a
similar problem and came up with a [patch][] to do exactly this which
you may want to consider.

but since our cert chain is only (!) 5 certs long, our itched is
scratch by this particular patch.

[manpage]: https://manpages.debian.org/jessie/gnutls-doc/gnutls_x509_crt_list_import.3.en.html
[patch]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573#35
2017-02-28 17:36:56 -05:00
Aaron Jones
9bd8c1c0dc
Charybdis 3.5.4 2017-02-28 21:28:20 +00:00
Simon Arlott
b04acc54ac
CREDITS: fix my nickname and update my email address 2017-01-06 21:51:05 +00:00
Aaron Jones
5633e89376
MbedTLS: Disable TLSv1.0 2016-12-30 18:00:45 +00:00
Aaron Jones
e140ba71d6
OpenSSL: Disable TLSv1.0 2016-12-30 18:00:43 +00:00
Aaron Jones
6bcfd29624
GNUTLS: Provide a default priority string, disable TLSv1.0 in it
The user can still override this choice with the ssl_cipher_list option
in ircd.conf -- this is the only backend that will allow you to do so.
2016-12-30 18:00:41 +00:00
Keith Buck
4574e77f43 extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret
channels, which prevents trivial ban evasion by setting the target
channel +s. Information leak due to this change is unlikely since the
attacker would have to know that the target channel exists, the name of
the channel (or guess it), have a specific user they wanted to know
whether was in the channel (and not know already), and the target user
would need to have something like autojoin-on-invite enabled (or any of
the other various ways hostname cloaking is attacked).
2016-12-29 05:44:18 +00:00
Aaron Jones
db05a36210
MODRESTART: Defer restart to the event loop
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.

However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.

Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.

Reported-by: mniip (Freenode)
2016-12-28 20:15:39 +00:00
Aaron Jones
9cdd7270f9
mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails 2016-12-20 03:54:08 +00:00
Keith Buck
a91a4515c9 mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:01:22 +00:00
Keith Buck
5fd7e2bb8c m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:03:34 +00:00
Simon Arlott
598a7d3b7e mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-12-04 21:49:59 +00:00
Simon Arlott
8d0153ff55 mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-12-04 21:45:16 +00:00
Simon Arlott
0264fe161f sslproc: don't send updated config to dead/shutdown sslds
They might be running older versions of the SSL library that
doesn't support the key type or ciphers being configured.
2016-12-04 21:40:08 +00:00
Simon Arlott
9c98c1f866 ircd: add missing sslproc function ssld_foreach_info()
Iterate through the ssl daemons and report their status.
2016-12-04 21:25:41 +00:00
Simon Arlott
d4b074a771 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-12-04 21:24:56 +00:00
Aaron Jones
e386d7f362
reference.conf: missed a line
(see previous commit) [ci skip]
2016-12-01 05:15:30 +00:00
Aaron Jones
2815967598
reference.conf: simplify SPKI fingerprint generation commands
[ci skip]
2016-12-01 05:08:15 +00:00
Aaron Jones
256e6fd251
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:50:20 +00:00
Simon Arlott
65b9b1d06d
server_estab: don't try to send to a dead client
If the zlib setup fails the client will be exited, so don't send
to it before checking this.
2016-11-20 21:43:58 +00:00
Simon Arlott
aaf6039eea
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:43:44 +00:00
Aaron Jones
785df805d7
reference.conf: bump the recommended digest algorithm from SHA-1 to SHA2-256
ircd.conf.example still has SHA-1 for the people who want to quickly deploy
by renaming that file and adjusting as appropriate.
2016-11-15 12:34:49 +00:00
Aaron Jones
2afd965b21
TLS: Partially backport the SubjectPublicKeyInfo digesting functionality
This backports the code responsible for SPKI digests from release/4.

It also adjusts doc/reference.conf to note that SPKI digests are now
supported, and how to generate them. It does NOT backport the mkfingerprint
program -- the instructions in reference.conf are sufficient. I am ofcourse
open to anyone else backporting the program, but I don't see the need.
2016-11-15 12:30:09 +00:00
Aaron Jones
0a9598655c
TLS backends: Move some library-dependent functions to the proper location
The comment incorrectly stated these were library-agnostic; infact, they
use library-dependent data types or macro names.
2016-11-15 12:11:12 +00:00
Simon Arlott
95bdc091b2
free cache emptyline rb_dlink_node, allocated automatically but never freed
==00:00:01:09.081 1762== 48 bytes in 2 blocks are definitely lost in loss record 545 of 991
==00:00:01:09.081 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.081 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.081 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.081 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.081 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.081 1762==    by 0x4E52AC3: init_cache (cache.c:67)
==00:00:01:09.081 1762==    by 0x4E69530: charybdis_main (ircd.c:762)
==00:00:01:09.081 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 2,808 bytes in 117 blocks are definitely lost in loss record 960 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E5337A: load_help (cache.c:301)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 5,328 (5,304 direct, 24 indirect) bytes in 221 blocks are definitely lost in loss record 971 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E53278: load_help (cache.c:266)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)
2016-10-30 12:08:13 +00:00
Simon Arlott
ccd9e858f3
free server_p->certfp, allocated in newconf.c
==01:17:20:36.920 5966== 429 bytes in 3 blocks are possibly lost in loss record 899 of 1,020
==01:17:20:36.920 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.920 5966==    by 0x4E73867: rb_strdup (rb_memory.h:70)
==01:17:20:36.920 5966==    by 0x4E7674C: conf_set_connect_fingerprint (newconf.c:1421)
==01:17:20:36.920 5966==    by 0x4E78D55: conf_call_set (newconf.c:2562)
==01:17:20:36.920 5966==    by 0x4E6A33D: yyparse (ircd_parser.y:215)
==01:17:20:36.920 5966==    by 0x4E7FFC7: read_conf (s_conf.c:834)
==01:17:20:36.920 5966==    by 0x4E81718: read_conf_files (s_conf.c:1419)
==01:17:20:36.920 5966==    by 0x4E69567: charybdis_main (ircd.c:775)
==01:17:20:36.920 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:48:23 +00:00
Simon Arlott
2b439b88fc
free localClient->cipher_string, allocated in sslproc.c
==01:17:20:36.919 5966== 280 bytes in 8 blocks are definitely lost in loss record 876 of 1,020
==01:17:20:36.919 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.919 5966==    by 0x4E93F4F: rb_strdup (rb_memory.h:70)
==01:17:20:36.919 5966==    by 0x4E95280: ssl_process_cipher_string (sslproc.c:476)
==01:17:20:36.919 5966==    by 0x4E95540: ssl_process_cmd_recv (sslproc.c:561)
==01:17:20:36.919 5966==    by 0x4E9582A: ssl_read_ctl (sslproc.c:632)
==01:17:20:36.919 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.919 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
==01:17:20:36.919 5966==    by 0x56C7FD6: rb_lib_loop (rb_lib.c:228)
==01:17:20:36.919 5966==    by 0x4E69987: charybdis_main (ircd.c:872)
==01:17:20:36.919 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:29:15 +00:00
Simon Arlott
6f3d3cb6f5
free localClient->zipstats, allocated in sslproc.c
==01:17:20:36.906 5966== 48 bytes in 1 blocks are definitely lost in loss record 544 of 1,020
==01:17:20:36.906 5966==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.906 5966==    by 0x4E93F0C: rb_malloc (rb_memory.h:41)
==01:17:20:36.906 5966==    by 0x4E961E8: start_zlib_session (sslproc.c:901)
==01:17:20:36.906 5966==    by 0x4E86FAC: server_estab (s_serv.c:877)
==01:17:20:36.906 5966==    by 0x13B2921A: mr_server (m_server.c:304)
==01:17:20:36.906 5966==    by 0x4E7AF03: handle_command (parse.c:241)
==01:17:20:36.906 5966==    by 0x4E7A96A: parse (parse.c:157)
==01:17:20:36.906 5966==    by 0x4E7A3DC: client_dopacket (packet.c:354)
==01:17:20:36.906 5966==    by 0x4E798D6: parse_client_queued (packet.c:98)
==01:17:20:36.906 5966==    by 0x4E79FAC: read_packet (packet.c:282)
==01:17:20:36.906 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.906 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
2016-10-30 11:26:37 +00:00
Aaron Jones
0508eea2ed
OpenSSL: Adjust ciphersuite order and update documentation 2016-10-18 11:14:47 +00:00
Aaron Jones
a3868e7141
MbedTLS: Adjust ciphersuite order and update documentation 2016-10-18 10:56:04 +00:00
Aaron Jones
866026ab70
whois: check target is an oper before assuming they have a privset
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.

Related to ircd-seven commit d7b05f7583babf6
2016-09-20 13:46:40 +00:00
William Pitcock
5de892828f Merge pull request #220 from charybdis-ircd/gnutls220
Improvements to the GNUTLS backend
2016-09-16 22:50:27 -07:00
Aaron Jones
ecfdcb08e8
GNUTLS: Reorder all functions to match the other backends
No code was changed in this commit; just entire lines moved up or down.
Ofcourse, most git diff tools won't see it that way.

The diff between the MbedTLS backend and this one is now fairly
minimal.

Note to auditors importing this series of patches for review and
integration: This means you can skip this patch if you don't trust me.
2016-09-17 00:56:54 +00:00
Aaron Jones
fe9fba46cf
GNUTLS: Add some more misc checks to the start of functions 2016-09-17 00:56:54 +00:00
Aaron Jones
70bb2e24e0
GNUTLS: Cosmetic preprocessor cleanliness 2016-09-17 00:56:54 +00:00
Aaron Jones
1a75461594
GNUTLS: Minor fix to rb_ssl_accept_common()/rb_ssl_connect_common()
Properly check whether the library was interrupted by the kernel
before assuming that a nonzero errno was caused by the kernel.

Otherwise, a memory allocation failure in the library for example
would incorrectly be interpreted as a syscall error instead of a
library error.
2016-09-17 00:56:54 +00:00
Aaron Jones
0071c423d5
GNUTLS: Improve rb_ssl_read_or_write()
* Set errno to 0 before attempting any read/write operations as it may
  affect our tests otherwise.

* Properly check whether the gnutls_record_recv()/gnutls_record_send()
  call failed and distinguish between kernel and library errors.
2016-09-17 00:56:54 +00:00
Aaron Jones
d4e71871c0
GNUTLS: rb_ssl_read_or_write(): Use macro to refer to session context 2016-09-17 00:56:54 +00:00
Aaron Jones
939d7ec7fe
GNUTLS: Apply whole-file const correctness 2016-09-17 00:56:54 +00:00
Aaron Jones
9c7dda22e8
GNUTLS: Improve rb_ssl_get_cipher()
* Add debugging assertions.

* Reduce the buffer size in line with the other backends.

* Ask for the cipher name directly instead of constructing it ourselves
  from the key exchange / authentication algorithm, symmetric encryption
  algorithm, and message authentication code algorithm.
2016-09-17 00:56:54 +00:00
Aaron Jones
dd59642de1
GNUTLS: Improve rb_get_ssl_info()
Explicitly ignore the snprintf return value and properly indent
the following line.

Also add a 'v' before the version strings so it reads as e.g.:
  library (v3.3.8), compiled (v3.3.8)
2016-09-17 00:56:54 +00:00
Aaron Jones
67d31a2755
GNUTLS: Improve rb_get_ssl_certfp()
* Give function parameters const correctness.

* Use similar variable names as the other backends -- this will reduce
  the diff between them.

* Check for more kinds of errors in retrieving the peer's certificate.

* Log failure to generate fingerprints, like the MbedTLS backend does.
2016-09-17 00:56:54 +00:00
Aaron Jones
9986455edc
GNUTLS: Log PRNG initialisation 2016-09-17 00:56:53 +00:00
Aaron Jones
2b5bf0bada
GNUTLS: Improve rb_connect_tcp_ssl() and rb_ssl_start_connected()
Use the variable name instead of its type as an argument to a sizeof
allocation. This will prevent possible future errors being introduced
when the type of the variable is changed, but the sizeof argument is
not updated.
2016-09-17 00:56:53 +00:00
Aaron Jones
f4726edf7a
GNUTLS: Fix up rb_ssl_listen()
Declare and assign variables at the same time; give function
parameters const correctness.
2016-09-17 00:56:53 +00:00
Aaron Jones
4369f1fa55
GNUTLS: Improve rb_ssl_connect_common()
This is the same as the previous commit for rb_ssl_accept_common().
2016-09-17 00:56:53 +00:00
Aaron Jones
8ebebff4b4
GNUTLS: Improve rb_ssl_accept_common()
* Add more debugging assertions

* Cancel timeouts and callbacks when handshake succeeds or hard fails

* Differentiate between kernel and library errors

* Increase F->handshake_count on handshake success

  I'm still not exactly sure what this is even used for. It may be
  removed from all backends at a later time if I find it's not being
  used for anything important, as right now it can only have the values
  0 or 1.
2016-09-17 00:56:53 +00:00
Aaron Jones
8099d352c9
GNUTLS: Store error codes properly
This is similar to commit db12df5c16 for
the MbedTLS backend.

The difference is, GNUTLS will not accept positive values as input to
gnutls_strerror(), so we invert the sign bit after retrieving the value
too, not just when storing it.

Also add a forgotten ssl_errno assignment to rb_ssl_connect_common().
2016-09-17 00:56:53 +00:00
Aaron Jones
c6600fe290
GNUTLS: Add rb_ssl_strerror() function in line with other backends 2016-09-17 00:56:53 +00:00
Aaron Jones
d70129a0d6
GNUTLS: Rework rb_init_ssl() and rb_setup_ssl_server()
I did my best to remove all possible memory leaks in the latter.
It's ugly.
2016-09-17 00:56:53 +00:00
Aaron Jones
2d01971d05
GNUTLS: Send do_ssl_handshake() to the depths from whence it came 2016-09-17 00:56:53 +00:00
Aaron Jones
4fc76590b9
GNUTLS: Rework datum loading code 2016-09-17 00:56:53 +00:00
Aaron Jones
25ecd3cc86
GNUTLS: Raise minimum group size for Diffie-Hellman-Merkle key exchange
A 2048-bit long P should really be the minimum these days.
2016-09-17 00:56:53 +00:00
Aaron Jones
5797027e9f
GNUTLS: Add dedicated socket send/recv functions
This avoids a compiler warning regarding casting a file descriptor to a
pointer (as input to gnutls_transport_set_ptr()), and also ensures that
the pointer is valid for the lifetime of the session.
2016-09-17 00:56:53 +00:00
Aaron Jones
3f32d48dab
GNUTLS: Break off TLS setup from callbacks to a dedicated function
This is in line with the other backends; eventually those callbacks
will be moved to a library-agnostic section.
2016-09-17 00:56:52 +00:00
Aaron Jones
4618ec248e
GNUTLS: Improve the connect callback logic 2016-09-17 00:56:52 +00:00
Aaron Jones
77119a5031
GNUTLS: Improve the accept callback logic 2016-09-17 00:56:52 +00:00
Aaron Jones
a41a1d20db
GNUTLS: Fix the SSL_P(x) macro
It previously assumed there was an "F" variable in the scope it was
used in. It now uses its input "x" variable.
2016-09-17 00:56:52 +00:00
Aaron Jones
5103d939d0
GNUTLS: Rename the timeout callback in line with the other backends 2016-09-17 00:56:52 +00:00
Aaron Jones
992aa93b80
GNUTLS: Tidy up rb_init_ssl() and improve its error logging 2016-09-17 00:56:52 +00:00
Aaron Jones
6cc08ecf90
GNUTLS: Move `struct ssl_connect' definition to the top of the file 2016-09-17 00:56:52 +00:00
Aaron Jones
fde101b9b2
GNUTLS: Tidy up the cert authentication callback 2016-09-17 00:56:52 +00:00
Aaron Jones
75d7d47a7e
GNUTLS: Tidy up headers 2016-09-17 00:56:52 +00:00
Aaron Jones
d9e6ff7349
GNUTLS: Tidy up unit-scope variables and give them clearer names 2016-09-17 00:56:11 +00:00
Aaron Jones
4d89c83c32
GNUTLS: Shut down sessions properly
If gnutls_bye() fails with a fatal error, we would reattempt it again
and again, even though this may then go on to e.g. cause a segmentation
fault.

Now we just keep retrying if it was interrupted, in line with the other
backends, up to a maximum of 3 retries.
2016-09-17 00:55:40 +00:00
Aaron Jones
a3a25a4c8a
MbedTLS: A few more minor changes
Yeah, I know, I said I was happy with it and wouldn't be changing it.
However, the new GNUTLS backend I'm working on has prompted this.

E.g. MbedTLS error codes and GNUTLS error codes are both negative ints,
     but GNUTLS will not tolerate positive input values. Let's treat
     both backends the same.
2016-09-17 00:11:46 +00:00
Aaron Jones
159d901e71
MbedTLS & OpenSSL: Purely cosmetic changes.
This further reduces the diff between the backends.
It does not change any of the logic in either backend.
2016-09-16 11:17:29 +00:00
William Pitcock
de78e5906a Merge pull request #219 from aaronmdjones/openssl219
Improve the OpenSSL backend
2016-09-15 21:50:48 -07:00
Aaron Jones
92c04c6b9d
OpenSSL: Final round of const correctness
I'm happy with the state of this backend now.
I don't anticipate making any further changes.
2016-09-15 20:14:01 +00:00
Aaron Jones
5feb292aa9
OpenSSL: Indicate successful RNG initialisation 2016-09-15 20:12:22 +00:00
Aaron Jones
5bb5226edc
OpenSSL: Simplify the RNG code 2016-09-15 20:12:22 +00:00
Aaron Jones
15e2cab1e5
OpenSSL: Add another debugging assert 2016-09-15 20:12:22 +00:00
Aaron Jones
01ce1c508d
OpenSSL: Add a debugging assert for timeouts 2016-09-15 20:12:22 +00:00
Aaron Jones
b4a0b60dff
OpenSSL: Cast sockaddr len variable appropriately 2016-09-15 20:12:22 +00:00
Aaron Jones
d9c825c4de
OpenSSL: Correct closing comment
[ci skip]
2016-09-15 20:12:21 +00:00
Aaron Jones
06c588e535
OpenSSL: Apply consistent coding style
[ci skip]
2016-09-15 20:12:21 +00:00
Aaron Jones
767fad345f
OpenSSL: Properly wrap long lines.
[ci skip]
2016-09-15 20:12:21 +00:00
Aaron Jones
a8db009575
OpenSSL: Modify rb_ssl_strerror() in line with other backends 2016-09-15 20:12:21 +00:00
Aaron Jones
45d05d8882
OpenSSL: Improve error logging in rb_setup_ssl_server() 2016-09-15 20:12:21 +00:00
Aaron Jones
bd8097c459
OpenSSL: Tweak connection shutdown logic 2016-09-15 20:12:21 +00:00
Aaron Jones
485b5b8084
OpenSSL: Import the callback/handshake logic from the MbedTLS backend 2016-09-15 20:12:21 +00:00
Aaron Jones
9114e3a2dc
OpenSSL: Improve rb_setup_ssl_server()
* Move file/data assignments to the top of the function

* Don't attempt to set a hardcoded P-384 ECDH key if we have the new
  SSL_CTX_set1_curves_list() function (OpenSSL 1.0.2+)

* Rename variables consistent with other backends and wrap the function
  arguments.

* Disable OpenSSL's disabling of TLS 1/n-1 record splitting.
  In other words, enable TLS 1/n-1 record splitting.

* Other misc cleanups.
2016-09-15 20:12:21 +00:00
Aaron Jones
47d51fe3ac
OpenSSL: Use C99 __func__ declaration instead of writing function names 2016-09-15 20:12:21 +00:00
Aaron Jones
cc04fbe3f9
OpenSSL: Fix up rb_init_ssl() to use proper define from openssl_ratbox.h 2016-09-15 20:12:21 +00:00
Aaron Jones
62fc0eab03
OpenSSL: Rename error functions consistent with other backends. 2016-09-15 20:12:21 +00:00
Aaron Jones
4e9441a1cb
OpenSSL: Add generic direction enum for negotiation setup.
Also define an SSL_P(x) macro as in other backends and use that to refer
to the client session context.
2016-09-15 20:12:21 +00:00
Aaron Jones
e569720fe1
OpenSSL: Misc code cleanups
Make use of C99 for loop initialisers, declarations with immediate
rvalues, etc.
2016-09-15 20:12:20 +00:00
Aaron Jones
a61e06e1d1
OpenSSL: Add const-correctness to function and variable declarations. 2016-09-15 20:12:20 +00:00
Aaron Jones
1c39c519fe
OpenSSL: Reorder functions in line with the MbedTLS backend.
The diff for this commit will look like I have changed a lot of code;
in reality, nothing was changed, just whole functions moved up or down.
2016-09-15 20:12:20 +00:00
Aaron Jones
1c7d295320
OpenSSL: Move connect structure declaration to top of file 2016-09-15 20:12:20 +00:00
Aaron Jones
8a40573369
OpenSSL: Remove context duplication
OpenSSL is perfectly capable of having a single context that is shared
by both client and server sessions alike; one simply needs to call
SSL_set_accept_state (for server) or SSL_set_connect_state (for client)
before attempting handshaking.
2016-09-15 20:12:20 +00:00
Aaron Jones
2aec9b6d68
OpenSSL: Remove unnecessary handshake info callback 2016-09-15 20:12:20 +00:00
Aaron Jones
1f30c8943b
OpenSSL: Tidy up headers
Move all the header includes to a single header file, rename said file.
2016-09-15 20:12:20 +00:00
Aaron Jones
265dc4e53c
MbedTLS: Final round of const correctness
I'm happy with the state of this backend now.
I don't anticipate making any further changes.
2016-09-15 20:10:43 +00:00
Aaron Jones
f66a6390b0
MbedTLS: More const correctness 2016-09-15 13:24:29 +00:00
Aaron Jones
101c659117
MbedTLS: Cast addrlen rb_ssl_accept_setup to avoid compiler warnings 2016-09-15 13:24:29 +00:00
Aaron Jones
1083d8557b
MbedTLS: Cast return types for reading/writing only on success 2016-09-15 13:24:29 +00:00
Aaron Jones
f0ad82013c
MbedTLS: More const correctness 2016-09-15 13:24:28 +00:00
Aaron Jones
ac62792970
MbedTLS: Correct NULL checks for functions in line with other backends 2016-09-15 13:24:28 +00:00
Aaron Jones
988fedf212
MbedTLS: Move structure cert/key assignment to after cert/key loading 2016-09-15 13:24:28 +00:00
Aaron Jones
bef81a5d45
MbedTLS: Use C99 __func__ declaration instead of writing function names 2016-09-15 13:24:28 +00:00
Aaron Jones
8cd8b24ffb
MbedTLS: Make error string printing prettier. 2016-09-15 13:24:28 +00:00
Aaron Jones
db12df5c16
MbedTLS: Store error codes properly.
OpenSSL uses `unsigned long' type for its error codes, so that's
what (lib)ratbox used to store the error values.

Unfortunately, MbedTLS uses int, and its error codes are negative.
On machines where `int' and `long' are the same size, this could
result in storing a truncated error code.

This patch inverts the sign bit on error codes and then casts them
to unsigned long for storage.

MbedTLS itself (specifically, `mbedtls_strerror()') will function
properly with negative or positive input values. It even converts
negative input values to positive before checking them against the
list of known error codes!

See also: `library/error.c' in the MbedTLS 2.1+ distribution.
2016-09-15 13:24:28 +00:00
Aaron Jones
8668cb9b9d
MbedTLS: Const correctness in rb_ssl_init_fd
We shouldn't ever change this input variable.
Tell the compiler that we won't.
2016-09-15 13:24:28 +00:00
Aaron Jones
46c61dd478
MbedTLS: Set socket send/receive functions after initialising session 2016-09-15 13:24:28 +00:00
Aaron Jones
978c8ae828
MbedTLS: Move memory allocation to the beginning of rb_ssl_init_fd 2016-09-15 13:24:28 +00:00
Aaron Jones
163a4a9d06
MbedTLS: Remove default case in switch for an enum with all values
Having default here doesn't make sense (using something not in that
enum will generate a compile-time warning).
2016-09-15 13:24:28 +00:00
Aaron Jones
5b900411bf
MbedTLS: Rename error printing function
All 3 backends (MbedTLS, OpenSSL, GNUTLS) are going to have the same
function name for returning error strings. This will help to reduce the
diffs between them.
2016-09-15 13:24:28 +00:00
Aaron Jones
295c8f7d37
MbedTLS: Tidy up headers
Move all the header includes to a single header file, rename said file.
2016-09-15 13:24:25 +00:00
Aaron Jones
354e61b4c2
README: Update location of support channel
This was done on v4 and master already, 3.5 slipped between the cracks.

[ci skip]
2016-09-15 09:45:41 +00:00
Aaron Jones
566f46785f
MbedTLS: Misc backend cleanups
* Add generic direction enum for negotiation setup.

* Rename a rather long wrapper function to a shorter one consistent with
  what it does.

* Rework context setup function.

* Don't check for handshake state before beginning handshaking.

  The old backend began a handshake and then stepped into the callback
  function if it was interrupted; the current one just jumps right into
  it, so there is no need to check if it has previously succeeded,
  because it hasn't been attempted yet.

* Add missing errno assignment to one of the handshake wrappers.

* Don't bother checking if SSL_P(F) is NULL when we already checked if
  F->ssl is NULL -- this should be impossible.

* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.

* Change the socket send and recv functions to not peer into a foreign
  ratbox structure -- use the correct function to get the socket fd.

* Rewrap some lines and function arguments.

Other backends will be brought into line with this backend soon.

This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
2016-09-10 08:42:04 +00:00
Aaron Jones
2a8ec58c15
MbedTLS: Treat 0 bytes read/written to socket properly
At the moment, if a link quits in just the right (wrong [1]) way,
the quit reason will resemble:

    <-- foo (~bar@baz) has quit (Read error: (-0x0) )

This should resolve that.

[1] Peers should send a close_notify alert before abruptly shutting
    down their socket. This will result in a sane quit message:

    <-- foo (~bar@baz) has quit (Read error: (-0x7880) SSL -
    The peer notified us that the connection is going to be closed)

[ci skip]
2016-09-09 01:47:08 +00:00
William Pitcock
ee10f6cdcc rebuild configure 2016-09-05 17:33:24 -05:00
William Pitcock
50851b0b55 update NEWS for charybdis 3.5.3. 2016-09-05 17:31:49 -05:00
William Pitcock
1bc097d1ec charybdis 3.5.3. 2016-09-05 17:09:30 -05:00
William Pitcock
89d4c468b6 Merge pull request #214 from aaronmdjones/release/3.5
Fix up the MbedTLS backend
2016-09-03 10:34:43 -07:00
Aaron Jones
818a3fda94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:28:41 +00:00
Aaron Jones
be31ac33d5 MbedTLS: Use correct error code for failed socket writes
This should make writing more efficient.
2016-09-02 00:28:17 +00:00
Aaron Jones
0db0805ed5 MbedTLS: Don't include the sentinel in suites count calculation 2016-09-01 20:57:07 +00:00
Aaron Jones
df51e80717 MbedTLS: Provide default list of configured ciphersuites 2016-09-01 20:47:34 +00:00
Aaron Jones
f92b4d81d4
OpenSSL: Initialise if LibreSSL
LibreSSL's definition of OPENSSL_VERSION_NUMBER bites us in the ass,
*again*.
2016-09-01 19:28:18 +00:00
Aaron Jones
6df12e8169 MbedTLS: Cleaner iteration of ciphersuite list 2016-09-01 18:18:09 +00:00
Aaron Jones
ede25e0a8a MbedTLS: Log success or failure to parse ciphersuite list 2016-08-31 22:03:42 +00:00
Aaron Jones
6f3651f8ec MbedTLS: Remove pointless no-op cast 2016-08-31 18:34:21 +00:00
Aaron Jones
b21ed5c0aa MbedTLS: Ciphersuite configuration fixes 2016-08-31 17:06:51 +00:00
Aaron Jones
42b029d0d6 MbedTLS: Preliminary attempt at ciphersuite configuration 2016-08-31 17:03:02 +00:00
Aaron Jones
6008896554
Backport ffedad8d to release/3.5 2016-08-31 14:21:16 +00:00
Aaron Jones
865e70f529
Revert "Backport c1fc044c to release/3.5"
This reverts commit c9c2d6ea12.

This commit included some as yet untested and unrelated code by mistake.
2016-08-31 14:19:43 +00:00
Aaron Jones
c2af499d4d
Backport c1fc044c to release/3.5 2016-08-31 14:15:28 +00:00
Aaron Jones
c9c2d6ea12
Backport c1fc044c to release/3.5 2016-08-31 14:13:45 +00:00
Aaron Jones
531e6323d8 MbedTLS: Explicitly ignore rb_snprintf() return value 2016-08-31 01:01:42 +00:00
Aaron Jones
036419c344 MbedTLS: Misc security improvements
As a client, require all peers (i.e. other IRC servers) to support secure
renegotiation. Break handshakes with servers that don't. We do not
renegotiate our sessions, but this is the most secure option regardless.

As a client, disable TLS Session Tickets. The server side MbedTLS code
does not have any ticket callbacks configured, so an MbedTLS IRC Server
will not issue tickets -- however, others could. Server connections are
not expected to be short-lived enough to benefit from the usage of tickets,
and their issuance harms forward secrecy.
2016-08-31 00:13:56 +00:00
Aaron Jones
cfcd4615ed README: Fix more MbedTLS casing 2016-08-30 23:39:22 +00:00
Aaron Jones
19d9c417af MbedTLS: Fix casing on opening comment block 2016-08-30 23:38:25 +00:00
Aaron Jones
f2fbec4510 MbedTLS: More const-correctness 2016-08-30 23:31:47 +00:00
Aaron Jones
f89406ac72 MbedTLS: Misc sizeof prettiness 2016-08-30 23:22:41 +00:00
Aaron Jones
c1007a93d5 MbedTLS: Move more code to appropriate section 2016-08-30 23:16:33 +00:00
Aaron Jones
3ba0923c0e MbedTLS: Move some MbedTLS-specific code to the appropriate section 2016-08-30 23:13:53 +00:00
Aaron Jones
4c9ab80f6b MbedTLS: Major restructuring
I have removed all non-MbedTLS-specific code from this backend and
copied the non-OpenSSL-specific portions of the OpenSSL backend code
over; as it seems to be more reliable.
2016-08-30 22:57:25 +00:00
Aaron Jones
07b6e728b5
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.

This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
2016-08-30 10:21:46 +00:00
Aaron Jones
545668de33
Print initialisation notice before forking 2016-08-24 16:43:45 +00:00
Aaron Jones
856ecd0011
startup: fork before initialising the event subsystem
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).

Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.

So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
2016-08-21 22:18:52 +00:00
Aaron Jones
24ba10b6b1
Tidy up daemonisation with regard to file descriptor mess
This moves daemonisation to the end of initialisation which
vastly simplifies the reporting logic and eliminates the need
for the child to communicate to the parent.

This is a backport from the release/4 branch.
2016-08-21 00:34:38 +00:00
Aaron Jones
f70b6f55f9
TLS Backends: Harmomise the rb_ssl_get_cipher() function
The GNUTLS backend reports the version in use for the client as well
as its ciphersuite -- do the same for the other 2 backends.
2016-08-20 04:08:30 +01:00
Aaron Jones
1554951205
Prod AppVeyor into (possible) inaction. Maybe. 2016-08-19 19:59:42 +00:00
Aaron Jones
36335ea3f2
Attempt to disable AppVeyor on this branch 2016-08-19 19:48:30 +00:00
Aaron Jones
3288fc4648
GNUTLS: Fixup fingerprint generation across library versions
Also remove some unnecessary variables, e.g. write directy to the
return buffer, in line with the other backends.
2016-08-19 19:05:22 +00:00
Aaron Jones
f15a30a16f
GNUTLS: I need to wake up. Fix more. 2016-08-17 17:37:03 +00:00
Aaron Jones
b24cfd7c50
GNUTLS: Fix typo on previous commit 2016-08-17 17:27:26 +00:00
Aaron Jones
06feeb244d
GNUTLS: Avoid null derefence in constructing ciphersuite 2016-08-17 16:58:40 +00:00
Aaron Jones
897c10749d
README: Clarify that OpenSSL is not required for ECDHE 2016-08-15 10:53:23 +00:00
Aaron Jones
e5afd80775
mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
2016-08-15 09:49:57 +00:00
Aaron Jones
0bd2f0b710
openssl: Avoid use-after-free when rehashing fails to load new files
Commit 5c8da48 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.

Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.

This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
2016-08-12 13:29:02 +00:00
Aaron Jones
419f0c6af7
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:00 +00:00
Aaron Jones
e719e46d27
mbedtls backend: indicate reason for TLS session termination
[ci skip]
2016-06-12 11:32:30 +00:00
William Pitcock
82ce2ab4da CREDITS: charybdis official channel will now be on irc.charybdis.io. 2016-06-04 23:54:14 -05:00
William Pitcock
cc3e763e26 CREDITS: adjust to reflect present situation 2016-06-04 23:50:10 -05:00
Aaron Jones
03e6030ed2
openssl: More LibreSSL compatibility
LibreSSL does not have the new version macros & functions that OpenSSL
1.1.0 implements. This causes a compile-time failure against LibreSSL.

Further, the runtime function for returning the library version returns
the wrong number (the hardcoded constant number SSLEAY_VERSION_NUMBER
aka OPENSSL_VERSION_NUMBER, instead of LIBRESSL_VERSION_NUMBER).

Add more ifdef soup to remedy the situation.
2016-06-01 17:45:36 +00:00
William Pitcock
bc2eeb0992
Do not shadow OpenSSL-internal symbol "ssl_ok".
This is a backport of commit bfc44622
2016-06-01 16:32:26 +00:00
Aaron Jones
82d827469c
openssl: change how we load DH parameters
The code already assumes the presence of fopen(3) and errno, and, by
extension, fclose(3) and strerror(3), so just use those instead of the
BIO wrappers.

Additionally, don't fail to initialise if the DH file does exist but
parsing it fails, as per the pre-existing comment about them being
optional.
2016-05-25 21:53:09 +00:00
Aaron Jones
828fe03888
ircd_lexer: fix another crash with the same cause 2016-05-15 00:54:26 +00:00
Aaron Jones
f55078bdc7
ircd_lexer: fix crash with very large config option strings 2016-05-14 23:58:07 +00:00
William Pitcock
96129f7d4d charybdis 3.5.2. 2016-05-14 17:00:59 -05:00
Aaron Jones
01fdef77e6
starttls: Allow command usage with backends other than OpenSSL 2016-05-14 00:27:27 +00:00
Aaron Jones
57d3cd1159
[mbedtls] Fix up backend to allow fingerprint generation
See the comments in the newly created file for an explanation.
2016-05-04 09:09:01 +00:00
Aaron Jones
fd5af836b7
[mbedtls] Various fixes and improvements
* Move certificate, key, DH parameters and configuration to heap
  (Documentation states that setting new configuration, e.g.
   during a rehash, is unsupported while connections using that
   configuration are active)

  This is the same approach as the fix for #186

  Refcount these structures so as to not introduce a memory leak

  On rehash, it will use new structures only if there are no
  errors in constructing them

* Add better error-reporting (strings in addition to numbers)
  where possible

* Coalesce several connection memory allocations into one function

* Reduce boilerplate where possible (Charybdis targets C99)

* Support private key being in certificate file, and having no
  DH parameters file

* Correct erroneous closing comment
2016-05-04 02:12:23 +00:00
Aaron Jones
d35caf56cb
[TLS backends] Make version strings more useful and consistent 2016-05-04 00:20:07 +00:00
Aaron Jones
2a1e5de8cb
Travis CI: Build against sqlite3 library, don't autogen 2016-05-03 23:29:27 +00:00
Aaron Jones
ddc6c9a922
Add Travis CI configuration for release/3.5 branch 2016-05-03 23:23:35 +00:00
Aaron Jones
b8cf4b3bf2
[sslproc] Various fixes
* Properly allow no DH parameters (some backends come with defaults)
* If no private key is given, assume it's in the certificate file
* Use correct length calculation in buffer for TLS options
* Fix compiler warnings regarding uint64_t stats counters
2016-05-03 23:19:06 +00:00
Aaron Jones
1ea72c8f86
[ssld] Fix possible crash when DH parameters are not provided
This has ssld calling strlen() on a NULL value

[ci skip]
2016-05-03 17:48:04 +00:00
Aaron Jones
5c8da48264
Backport more TLS backend and ssld fixes & improvements from 3.6
openssl:
 * Don't manually initialise libssl 1.1.0 -- it does this automatically
 * SSL_library_init() should be called first otherwise
 * Move SSL_CTX construction to rb_setup_ssl_server()
 * Test for all required files (certificate & key) before doing anything
 * Free the old CTX before constructing a new one (Fixes #186)
 * Properly abort rb_setup_ssl_server() on CTX construction failures
 * Support ECDHE on more than one curve on OpenSSL 1.0.2 and above
 * Clean up ifdef indentation
 * Fix DH parameters memory leak

mbedtls:
 * Fix certificate fingerprint generation
 * Fix library linking order
 * Fix incorrect printf()-esque argument count
 * Return digest length for fingerprints instead of 1, consistent
   with the other backends

sslproc / ssld:
 * Fingerprint methods have no assocated file descriptors
 * Send TLS information (cipher, fingerprint) before data
 * Use correct header length for fingerprint method

Authored-by: Aaron Jones <aaronmdjones@gmail.com>
Authored-by: William Pitcock <nenolod@dereferenced.org>
Authored-by: Simon Arlott <sa.me.uk>
2016-04-30 21:39:05 +00:00
William Pitcock
1d2ba176ea
ircd: Channel.bants is not a serial but a timestamp.
Previously, the IRCd would increment bants instead of resyncing the timestamp, causing the potential of
false negatives from the bancache system.
2016-04-30 00:14:06 +00:00
Valerii Iatsko
bf9e0a6ed5 Fixed compilation w/ gnutls v3 2016-04-02 17:28:37 -05:00
William Pitcock
558bca8608 news for 3.5.1. 2016-04-02 17:22:14 -05:00
William Pitcock
db1b744e41 charybdis 3.5.1. 2016-04-02 17:21:06 -05:00
William Pitcock
18244e32f3 more ssld ipc improvements from 3.6 2016-04-02 17:20:15 -05:00
William Pitcock
987fa43982 sslproc: partial backport of 3.6 connid changes 2016-04-02 17:16:09 -05:00
William Pitcock
f76b0cee90 s_serv: ensure we use the actual assigned connid on an outbound connection 2016-04-02 17:15:01 -05:00
William Pitcock
d5ff7a9c3c ssld: do not shadow openssl-internal symbol "ssl_ok" (yeah, i know) 2016-04-02 17:12:28 -05:00
William Pitcock
1533b40304 ssld: we use uint8_t for IPC buffers, not char 2016-04-02 17:11:21 -05:00
Simon Arlott
b7cca0143d ssld: change_connid may be called with an unknown ID
If change_connid is called with an unknown ID, conn will be
NULL, check this with an assert and then respond by reporting
the new ID as closed instead of dereferencing a NULL pointer.
2016-04-02 17:11:08 -05:00
Valerii Iatsko
b1f028e5d4 ssld: fix memleak
same as r29199 ircd-ratbox:
free zlib_stream_t with the rest of the conn_t
2016-04-02 17:10:42 -05:00
Aaron Jones
56f1d769bd
Document extb_usermode module in reference.conf
Also add it to the example configuration files

[ci skip]
2016-03-28 03:34:36 +01:00
Aaron Jones
604ab13778
extensions: Fix duplicate extban character usage
extb_usermode and extb_hostmask both use the same extban character
('m'), resulting in only one of the modules being usable (depending
on module load order) and neither one functioning if one of them
is unloaded.

This changes the character for extb_usermode from 'm' to 'u'.

[ci skip]
2016-03-28 03:33:24 +01:00
William Pitcock
e3af723d23 m_cap: ensure that CAP parameters are properly initialized to zero 2016-02-28 19:08:03 -06:00
William Pitcock
e253d010ed libratbox: gnutls: add gnutls 3.4 support (closes #123) 2016-01-24 14:52:40 -05:00
130 changed files with 9155 additions and 6790 deletions

58
.travis.yml Normal file
View file

@ -0,0 +1,58 @@
# Travis-CI Build for charybdis-3.5
# see travis-ci.org for details
language: c
# Use the faster container-based infrastructure.
sudo: false
matrix:
include:
- os: linux
compiler: gcc
addons:
apt:
sources: ['ubuntu-toolchain-r-test']
packages: ['gcc-4.8', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
env: COMPILER=gcc-4.8
- os: linux
compiler: gcc
addons:
apt:
sources: ['ubuntu-toolchain-r-test']
packages: ['gcc-4.9', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
env: COMPILER=gcc-4.9
- os: linux
compiler: gcc
addons:
apt:
sources: ['ubuntu-toolchain-r-test']
packages: ['gcc-5', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
env: COMPILER=gcc-5
- os: linux
compiler: clang
addons:
apt:
sources: ['ubuntu-toolchain-r-test', 'llvm-toolchain-precise-3.7']
packages: ['clang-3.7', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
env: COMPILER=clang-3.7
- os: osx
compiler: clang
env: COMPILER=clang LIBTOOLIZE=glibtoolize
osx_image: xcode7.3
cache:
apt:
ccache:
script:
- CC=$COMPILER ./configure --with-shared-sqlite
- make -j4
- make install
- "if [ ${TRAVIS_OS_NAME} != 'osx' ]; then make -C doc/oper-guide html man info; fi"

22
CREDITS
View file

@ -3,12 +3,21 @@ is led by a team of dedicated developers who have put a lot of time
into the project, and it has seen use on a variety of different
network configurations.
The charybdis core team is listed in nick-alphabetical order:
The Charybdis core team, listed in nick-alphabetical order:
amdj, Aaron Jones <aaronmdjones -at- gmail.com>
Elizafox, Elizabeth Myers <elizabeth -at- interlinked.me>
jilles, Jilles Tjoelker <jilles -at- stack.nl>
mr_flea, Keith Buck <mr_flea -at- esper.net>
kaniini, William Pitcock <nenolod -at- dereferenced.org>
spb, Stephen Bennett <spb -at- attenuate.org>
mr_flea, Keith Buck <mr_flea -at- esper.net>
Simon, Simon Arlott <charybdis -at- uuid.uk>
The following people are also project members, listed in nick-alphabetical
order:
grawity, Mantas Mikulėnas <grawity -at- gmail.com>
jdhore, JD Horelick <jdhore1 -at- gmail.com>
viatsko, Valerii Iatsko <dwr -at- codingbox.io>
The following people have made contributions to the Charybdis releases,
in nick-alphabetical order:
@ -20,11 +29,12 @@ dwr, Valery Yatsko <dwr -at- shadowircd.net>
Elizacat, Elizabeth Myers <elizabeth -at- interlinked.me>
Entrope, Michael Poole <mdpoole -at- trolius.org>
gxti, Michael Tharp <gxti -at- partiallystapled.com>
jdhore, JD Horelick <jdhore1 -at- gmail.com>
mniip <mniip -at- mniip.com>
spb, Stephen Bennett <spb -at- attenuate.org>
Taros, Brett Greenham <taros -at- shadowircd.net>
ThaPrince, Jon Christopherson <jon -at- vile.com>
twincest, River Tarnell <river -at- attenuate.org>
w00t, Robin Burchell <surreal.w00t -at- gmail.com>
Visit the Charybdis website at: http://www.charybdis.io
Visit us on IRC at: irc.freenode.net #charybdis
Visit the Charybdis website at: http://www.charybdis.io/
Visit us on IRC at: irc.charybdis.io #charybdis

107
NEWS.md
View file

@ -1,8 +1,113 @@
# News
This is charybdis 3.5.0, Copyright (c) 2005-2016 Charybdis team.
This is charybdis 3.5.7, Copyright (c) 2005-2019 Charybdis team.
See LICENSE for licensing details (GPL v2).
## charybdis-3.5.7
This is primarily a bugfix release.
### user
- modules/m_sasl.c: don't process messages if SASL has been aborted
- src/s_user.c: don't corrupt usermodes on module unload/reload
### misc
- modules/m_list.c: add fake /LIST reply output to help fight spambots
## charybdis-3.5.6
This is primarily a bugfix release.
### security
- doc/reference.conf: clarify: TLS server fingerprints are not optional
- extensions/extb_ssl.c: add support for matching fingerprints
- libratbox/src/mbedtls.c: check public/private keys match
- libratbox/src/mbedtls.c: support ChaCha20-Poly1305 by default
### user
- libratbox/src/commio.c: fix accept() for IPv6 after dropping IPv4
- src/client.c: don't delete servers from the client hash table
- src/s_user.c: don't send fake MODE for clients with CHGHOST support
- modules/m_sasl.c: abort session if we receive '*' as data
- modules/m_sasl.c: check agent is present after every client exit
### misc
- configure: adjust dlopen/dlsym checks to work under libasan
- configure: allow exact PID file prefix to be specified
- doc/: convert SGML oper guide to RST
- doc/: point users to HELP EXTBAN for inline help
- extensions/m_webirc.c: set sockhost before using it to set host
## charybdis-3.5.5
This is a minor bugfix release only
### misc
- GNUTLS: Initialise a variable before trying to load server certificates
- GNUTLS: Log why certificate fingerprint generation fails
- GNUTLS: Avoid using new tokens in the default priority string
## charybdis-3.5.4
### security
- Disable TLSv1.0 in all backends
- Fix possible NULL dereference in mkpasswd
- Backport SubjectPublicKeyInfo certificate digest methods from version 4
- Backport REHASH SSLD functionality from version 4
- This allows new ssld processes to be started (to inherit a new or upgraded TLS backend
library) without dropping any existing clients or active server links
### misc
- Various memory leak fixes in newconf, sslproc, zlib
- Fix crash bug when performing /whois on someone half-way through a CHALLENGE
- Fix crash bug when performing remote MODRESTART command
- Allow extban matching presence in secret (+s) channels
## charybdis-3.5.3
### security
- incorporate all relevant security patches for charybdis through 6th September 2016:
- fix issue allowing EXTERNAL authentications to be spoofed using a certificate not actually
held by the authenticating user
### misc
- mbedtls TLS backend improvements from charybdis 4 and 5:
- add support for configurable ciphersuites
- disable legacy (SSLv2) renegotiation support if possible
- disable session tickets if possible
- general robustness improvements
- gnutls TLS backend improvements from charybdis 4:
- make certfp support more reliable on newer gnutls versions
- avoid possible null dereference when constructing ciphersuites
- openssl TLS backend improvements from charybdis 4:
- avoid a possible use-after-free issue when newer openssl versions cannot load keypairs in a rehash
- improve compatibility with libressl
- more robustly load DH parameters files
- daemonization improvements from charybdis 4
## charybdis-3.5.2
### user
- Allow IRCv3.1 STARTTLS to work with other SSL backends besides OpenSSL.
- Fix an edge case regression involving channel ban cache that was introduced in 3.5.0.
### misc
- Ensure ssld does not crash when DH parameters are not provided.
- mbedtls TLS backend improvements from charybdis 4:
- add support for CertFP
- provide personalization data for the PRNG
- fix library linking order
- openssl TLS backend improvements from charybdis 4:
- do not manually initialise openssl when running with OpenSSL 1.1.0 or later
- support ECDHE on more than one curve on OpenSSL 1.0.2 and above
- fix DH parameters memory leak
- free the old TLS context before constructing a new one (#186)
## charybdis-3.5.1
### misc
- Backport various ssld IPC improvements from master.
## charybdis-3.5.0
### server protocol

View file

@ -16,22 +16,22 @@ used with an IRCv3-capable services implementation such as [Atheme][atheme] or [
* For SSL/TLS client and server connections, one of:
* OpenSSL 1.0 or newer
* LibreSSL
* mbedTLS
* GnuTLS
* OpenSSL 1.0.0 or newer (--enable-openssl)
* LibreSSL (--enable-openssl)
* MbedTLS (--enable-mbedtls)
* GnuTLS (--enable-gnutls)
* For certificate-based oper CHALLENGE, OpenSSL 1.0 or newer.
* For certificate-based oper CHALLENGE, OpenSSL 1.0.0 or newer.
(Using CHALLENGE is not recommended for new deployments, so if you want to use a different TLS library,
feel free.)
* For ECDHE, OpenSSL 1.0.0 or newer is required. RHEL/Fedora and derivatives like CentOS
will need to compile OpenSSL from source, as ECC/ECDHE-functionality is removed from
the OpenSSL package in these distributions.
* For ECDHE under OpenSSL, on Solaris and RHEL/Fedora (and its derivatives such as CentOS) you will
need to compile your own OpenSSL on these systems, as they have removed support for ECC/ECDHE.
Alternatively, consider using another library (see above).
# tips
* To report bugs in charybdis, visit us at irc.freenode.net #charybdis
* To report bugs in charybdis, visit us on IRC at chat.freenode.net #charybdis
* Please read doc/index.txt to get an overview of the current documentation.

4
aclocal.m4 vendored
View file

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

2
appveyor.yml Normal file
View file

@ -0,0 +1,2 @@
except:
- release/3.5

View file

@ -238,7 +238,7 @@ parse_request(rb_helper *helper)
}
static void
static void __attribute__((noreturn))
error_cb(rb_helper *helper)
{
if(in_transaction)
@ -284,13 +284,13 @@ setup_signals(void)
}
static void
static void __attribute__((noreturn))
db_error_cb(const char *errstr)
{
char buf[256];
rb_snprintf(buf, sizeof(buf), "! :%s", errstr);
rb_helper_write(bandb_helper, "%s", buf);
rb_sleep(2 << 30, 0);
rb_sleep(1 << 30, 0);
exit(1);
}
@ -311,8 +311,7 @@ main(int argc, char *argv[])
rsdb_init(db_error_cb);
check_schema();
rb_helper_loop(bandb_helper, 0);
return 0;
/* UNREACHABLE */
}
static void

View file

@ -123,7 +123,7 @@ static void db_reclaim_slack(void);
static void export_config(const char *conf, int id);
static void import_config(const char *conf, int id);
static void check_schema(void);
static void print_help(int i_exit);
static void print_help(int i_exit) __attribute__((noreturn));
static void wipe_schema(void);
static void drop_dupes(const char *user, const char *host, const char *t);
@ -146,7 +146,7 @@ main(int argc, char *argv[])
{
case 'h':
print_help(EXIT_SUCCESS);
break;
/* noreturn call above, this is unreachable */
case 'i':
flag.none = NO;
flag.import = YES;
@ -867,8 +867,8 @@ bt_smalldate(const char *string)
/**
* you are here ->.
*/
void
print_help(int i_exit)
static void
print_help(const int i_exit)
{
fprintf(stderr, "bantool v.%s - the ircd-ratbox database tool.\n", BT_VERSION);
fprintf(stderr, "Copyright (C) 2008 Daniel J Reidy <dubkat@gmail.com>\n");
@ -899,5 +899,6 @@ print_help(int i_exit)
fprintf(stderr,
" path : An optional directory containing old ratbox configs for import, or export.\n");
fprintf(stderr, " If not specified, it looks in PREFIX/etc.\n");
exit(i_exit);
}

149
configure vendored
View file

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for charybdis 3.5.0.
# Generated by GNU Autoconf 2.69 for charybdis 3.5.7.
#
# $Id: configure.ac 3516 2007-06-10 16:14:03Z jilles $
#
@ -579,8 +579,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='charybdis'
PACKAGE_TARNAME='charybdis'
PACKAGE_VERSION='3.5.0'
PACKAGE_STRING='charybdis 3.5.0'
PACKAGE_VERSION='3.5.7'
PACKAGE_STRING='charybdis 3.5.7'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
@ -635,6 +635,7 @@ MODULES_LIBS
SELECT_TYPE
PROGRAM_PREFIX
PKGRUNDIR
pkgrundir
moduledir
MODULE_DIR
helpdir
@ -659,7 +660,6 @@ PKGLIBEXECDIR
pkglibexecdir
PKGLOCALSTATEDIR
pkglocalstatedir
pkgrundir
rundir
pkglibdir
LEXLIB
@ -713,6 +713,7 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@ -751,6 +752,7 @@ with_logdir
with_helpdir
with_moduledir
with_rundir
with_pkgrundir
with_program_prefix
with_custom_branding
with_custom_version
@ -817,6 +819,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1069,6 +1072,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1206,7 +1218,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@ -1319,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures charybdis 3.5.0 to adapt to many kinds of systems.
\`configure' configures charybdis 3.5.7 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1359,6 +1371,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@ -1380,7 +1393,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of charybdis 3.5.0:";;
short | recursive ) echo "Configuration of charybdis 3.5.7:";;
esac
cat <<\_ACEOF
@ -1416,7 +1429,8 @@ Optional Packages:
--with-logdir=DIR Directory where to write logfiles.
--with-helpdir=DIR Directory to install help files.
--with-moduledir=DIR Directory to install modules.
--with-rundir=DIR Directory in which to store pidfile.
--with-rundir=DIR Directory to use as prefix for pidfile.
--with-pkgrundir=DIR Directory in which to store pidfile.
--with-program-prefix= If set, programs installed into PATH will be
installed with names prefixed by this prefix.
--with-custom-branding=NAME
@ -1518,7 +1532,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
charybdis configure 3.5.0
charybdis configure 3.5.7
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@ -2122,7 +2136,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by charybdis $as_me 3.5.0, which was
It was created by charybdis $as_me 3.5.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@ -5438,7 +5452,6 @@ pkglibdir='${libdir}/${PACKAGE_TARNAME}'
test "x$prefix" = xNONE && prefix="$ac_default_prefix"
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
last_ac_define_dir=`eval echo $pkglocalstatedir`
@ -7732,8 +7745,8 @@ _ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether or modify rundir" >&5
$as_echo_n "checking whether or modify rundir... " >&6; }
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to modify rundir" >&5
$as_echo_n "checking whether to modify rundir... " >&6; }
# Check whether --with-rundir was given.
if test "${with_rundir+set}" = set; then :
@ -7752,6 +7765,22 @@ fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to modify pkgrundir" >&5
$as_echo_n "checking whether to modify pkgrundir... " >&6; }
# Check whether --with-pkgrundir was given.
if test "${with_pkgrundir+set}" = set; then :
withval=$with_pkgrundir; { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
pkgrundir=`echo $withval | sed 's/\/$//'`
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
test "x$prefix" = xNONE && prefix="$ac_default_prefix"
test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
last_ac_define_dir=`eval echo $pkgrundir`
@ -7775,6 +7804,7 @@ _ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for program prefix" >&5
$as_echo_n "checking for program prefix... " >&6; }
@ -7828,6 +7858,13 @@ $as_echo "no" >&6; }
fi
if git rev-parse --git-dir > /dev/null 2>&1; then
GITSHA=$(git rev-parse --short HEAD)
else
GITSHA="unknown"
fi
cat >>confdefs.h <<_ACEOF
#define BRANDING_NAME "$BRANDING_NAME"
@ -7835,10 +7872,11 @@ _ACEOF
cat >>confdefs.h <<_ACEOF
#define BRANDING_VERSION "$BRANDING_VERSION"
#define BRANDING_VERSION "${BRANDING_VERSION}-${GITSHA}"
_ACEOF
if test "x$BRANDING_NAME" != "x$PACKAGE_NAME"; then
$as_echo "#define CUSTOM_BRANDING 1" >>confdefs.h
@ -8441,6 +8479,67 @@ ac_res=$ac_cv_search_dlopen
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing dlsym" >&5
$as_echo_n "checking for library containing dlsym... " >&6; }
if ${ac_cv_search_dlsym+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_func_search_save_LIBS=$LIBS
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
/* Override any GCC internal prototype to avoid an error.
Use char because int might match the return type of a GCC
builtin and then its argument prototype would still apply. */
#ifdef __cplusplus
extern "C"
#endif
char dlsym ();
int
main ()
{
return dlsym ();
;
return 0;
}
_ACEOF
for ac_lib in '' dl c_r; do
if test -z "$ac_lib"; then
ac_res="none required"
else
ac_res=-l$ac_lib
LIBS="-l$ac_lib $ac_func_search_save_LIBS"
fi
if ac_fn_c_try_link "$LINENO"; then :
ac_cv_search_dlsym=$ac_res
fi
rm -f core conftest.err conftest.$ac_objext \
conftest$ac_exeext
if ${ac_cv_search_dlsym+:} false; then :
break
fi
done
if ${ac_cv_search_dlsym+:} false; then :
else
ac_cv_search_dlsym=no
fi
rm conftest.$ac_ext
LIBS=$ac_func_search_save_LIBS
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_dlsym" >&5
$as_echo "$ac_cv_search_dlsym" >&6; }
ac_res=$ac_cv_search_dlsym
if test "$ac_res" != no; then :
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
if
test "$ac_cv_search_dlopen" != "none required" &&
test "$ac_cv_search_dlsym" != "none required" &&
test "$ac_cv_search_dlopen" != "$ac_cv_search_dlsym"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: dlopen and dlsym from different sources" >&5
$as_echo "$as_me: WARNING: dlopen and dlsym from different sources" >&2;}
fi
$as_echo "#define HAVE_DLOPEN 1" >>confdefs.h
@ -8461,17 +8560,6 @@ fi
done
fi
ac_fn_c_check_func "$LINENO" "dlsym" "ac_cv_func_dlsym"
if test "x$ac_cv_func_dlsym" = xyes; then :
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: dlsym is not available, shared modules disabled" >&5
$as_echo "$as_me: WARNING: dlsym is not available, shared modules disabled" >&2;}
shared_modules=no
fi
for ac_func in dlfunc
do :
ac_fn_c_check_func "$LINENO" "dlfunc" "ac_cv_func_dlfunc"
@ -8491,6 +8579,13 @@ else
fi
else
shared_modules=no
fi
fi
fi
@ -10389,7 +10484,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by charybdis $as_me 3.5.0, which was
This file was extended by charybdis $as_me 3.5.7, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -10455,7 +10550,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
charybdis config.status 3.5.0
charybdis config.status 3.5.7
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"

View file

@ -10,7 +10,7 @@ AC_PREREQ(2.57)
dnl Sneaky way to get an Id tag into the configure script
AC_COPYRIGHT([$Id: configure.ac 3516 2007-06-10 16:14:03Z jilles $])
AC_INIT([charybdis], [3.5.0])
AC_INIT([charybdis], [3.5.7])
AC_CONFIG_MACRO_DIR([m4])
AC_CONFIG_HEADER(include/setup.h)
@ -243,7 +243,6 @@ AS_IF([test "x$enable_fhs_paths" = "xyes"],
pkglibdir='${libdir}/${PACKAGE_TARNAME}'
AC_SUBST([pkglibdir])
AC_SUBST([rundir])
AC_SUBST([pkgrundir])
AC_SUBST([pkglocalstatedir])
AC_DEFINE_DIR([PKGLOCALSTATEDIR], [pkglocalstatedir], [[Directory in which to store state, such as ban database]])
AC_SUBST([pkglibexecdir])
@ -684,21 +683,40 @@ AC_ARG_WITH(moduledir,
AC_DEFINE_DIR(MODULE_DIR, moduledir, [Prefix where modules are installed.])
AC_SUBST_DIR([moduledir])
dnl **********************************************************************
dnl Check for --with-rundir
dnl **********************************************************************
AC_MSG_CHECKING([whether or modify rundir])
AC_MSG_CHECKING([whether to modify rundir])
AC_ARG_WITH([rundir],
[AC_HELP_STRING([--with-rundir=DIR],
[Directory in which to store pidfile.])],
[Directory to use as prefix for pidfile.])],
[AC_MSG_RESULT([yes])
rundir=`echo $withval | sed 's/\/$//'`],
[AC_MSG_RESULT([no])
AS_IF([test "x$enable_fhs_paths" = "xyes"],
[rundir='${prefix}/run'],
[rundir='${sysconfdir}'])])
AC_SUBST([rundir])
dnl **********************************************************************
dnl Check for --with-pkgrundir
dnl **********************************************************************
AC_MSG_CHECKING([whether to modify pkgrundir])
AC_ARG_WITH([pkgrundir],
[AC_HELP_STRING([--with-pkgrundir=DIR],
[Directory in which to store pidfile.])],
[AC_MSG_RESULT([yes])
pkgrundir=`echo $withval | sed 's/\/$//'`],
[AC_MSG_RESULT([no])])
AC_SUBST([pkgrundir])
AC_DEFINE_DIR([PKGRUNDIR], [pkgrundir], [Directory to store pidfile in.])
dnl **********************************************************************
dnl Check for --with-program-prefix
dnl **********************************************************************
dnl Installed utility program prefixes (does not affect binaries
dnl installed into pkglibexecdir)
AC_MSG_CHECKING([for program prefix])
@ -735,8 +753,16 @@ AC_HELP_STRING([--with-custom-version=NAME],
AC_MSG_RESULT([no])]
)
if git rev-parse --git-dir > /dev/null 2>&1; then
GITSHA=$(git rev-parse --short HEAD)
else
GITSHA="unknown"
fi
AC_DEFINE_UNQUOTED(BRANDING_NAME, ["$BRANDING_NAME"], [Custom branding name.])
AC_DEFINE_UNQUOTED(BRANDING_VERSION, ["$BRANDING_VERSION"], [Custom branding name.])
AC_DEFINE_UNQUOTED(BRANDING_VERSION, ["${BRANDING_VERSION}-${GITSHA}"], [Custom branding name.])
if test "x$BRANDING_NAME" != "x$PACKAGE_NAME"; then
AC_DEFINE(CUSTOM_BRANDING, 1, [Define if custom branding is enabled.])
@ -1005,6 +1031,14 @@ if test "$shared_modules" = yes; then
dnl standard dlopen
AC_SEARCH_LIBS(dlopen, [dl c_r],
[
AC_SEARCH_LIBS(dlsym, [dl c_r],
[
if
test "$ac_cv_search_dlopen" != "none required" &&
test "$ac_cv_search_dlsym" != "none required" &&
test "$ac_cv_search_dlopen" != "$ac_cv_search_dlsym"; then
AC_MSG_WARN([dlopen and dlsym from different sources])
fi
AC_DEFINE(HAVE_DLOPEN, 1, [Define if the dlopen function is available.])
SUFFIX=".so"
MOD_TARGET=shared_modules
@ -1012,12 +1046,11 @@ if test "$shared_modules" = yes; then
if test "$AppleGCC" = yes; then
AC_CHECK_HEADERS([mach-o/dyld.h])
fi
AC_CHECK_FUNC(dlsym, ,
AC_CHECK_FUNCS(dlfunc)
],
[
AC_MSG_WARN([dlsym is not available, shared modules disabled])
shared_modules=no
])
AC_CHECK_FUNCS(dlfunc)
],
[
shared_modules=no

26
default.nix Normal file
View file

@ -0,0 +1,26 @@
{ stdenv, bash
, flex, bison
, openssl, gnutls, zlib }:
stdenv.mkDerivation {
pname = "charybdis";
version = "3.5.7";
src = ./.;
patches = [
./patches/bandb-remove-setenv.patch
];
configureFlags = [
"--enable-epoll"
"--enable-ipv6"
"--with-zlib-path=${zlib.dev}/lib"
"--enable-openssl=${openssl.dev}"
"--with-program-prefix=charybdis-"
"--sysconfdir=/etc/charybdis"
];
nativeBuildInputs = [ bison flex ];
buildInputs = [ openssl gnutls zlib ];
}

View file

@ -24,6 +24,7 @@
#loadmodule "extensions/extb_realname.so";
#loadmodule "extensions/extb_server.so";
#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/extb_usermode.so";
#loadmodule "extensions/hurt.so";
#loadmodule "extensions/m_findforwards.so";
#loadmodule "extensions/m_identify.so";
@ -450,6 +451,14 @@ alias "MS" {
target = "MemoServ";
};
/*
fakechannel "#honeypot" {
topic = "Come in";
users_min = 50;
users_max = 300;
};
*/
general {
hide_error_messages = opers;
hide_spoof_ips = yes;
@ -519,6 +528,7 @@ general {
caller_id_wait = 1 minute;
pace_wait_simple = 1 second;
pace_wait = 10 seconds;
listfake_wait = 180 seconds;
short_motd = no;
ping_cookie = no;
connect_timeout = 30 seconds;
@ -547,3 +557,17 @@ modules {
path = "modules";
path = "modules/autoload";
};
/*
vhost "selfsigned.hades.arpa" {
ssl_private_key = "etc/selfssl.key";
ssl_cert = "etc/selfssl.pem";
};
vhost "oldca.hades.arpa" {
ssl_private_key = "etc/oldssl.key";
ssl_cert = "etc/oldssl2.pem";
ssl_dh_params = "etc/olddh.pem";
ssl_cipher_list = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL";;
};
*/

1
doc/oper-guide/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
_build

225
doc/oper-guide/Makefile Normal file
View file

@ -0,0 +1,225 @@
# Makefile for Sphinx documentation
#
# You can set these variables from the command line.
SPHINXOPTS =
SPHINXBUILD = sphinx-build
PAPER =
BUILDDIR = _build
# Internal variables.
PAPEROPT_a4 = -D latex_paper_size=a4
PAPEROPT_letter = -D latex_paper_size=letter
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
# the i18n builder cannot share the environment and doctrees with the others
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) .
.PHONY: help
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " html to make standalone HTML files"
@echo " dirhtml to make HTML files named index.html in directories"
@echo " singlehtml to make a single large HTML file"
@echo " pickle to make pickle files"
@echo " json to make JSON files"
@echo " htmlhelp to make HTML files and a HTML help project"
@echo " qthelp to make HTML files and a qthelp project"
@echo " applehelp to make an Apple Help Book"
@echo " devhelp to make HTML files and a Devhelp project"
@echo " epub to make an epub"
@echo " epub3 to make an epub3"
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
@echo " latexpdf to make LaTeX files and run them through pdflatex"
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
@echo " text to make text files"
@echo " man to make manual pages"
@echo " texinfo to make Texinfo files"
@echo " info to make Texinfo files and run them through makeinfo"
@echo " gettext to make PO message catalogs"
@echo " changes to make an overview of all changed/added/deprecated items"
@echo " xml to make Docutils-native XML files"
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
@echo " linkcheck to check all external links for integrity"
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
@echo " coverage to run coverage check of the documentation (if enabled)"
@echo " dummy to check syntax errors of document sources"
.PHONY: clean
clean:
rm -rf $(BUILDDIR)/*
.PHONY: html
html:
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
.PHONY: dirhtml
dirhtml:
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
@echo
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
.PHONY: singlehtml
singlehtml:
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
@echo
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
.PHONY: pickle
pickle:
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
@echo
@echo "Build finished; now you can process the pickle files."
.PHONY: json
json:
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
@echo
@echo "Build finished; now you can process the JSON files."
.PHONY: htmlhelp
htmlhelp:
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
@echo
@echo "Build finished; now you can run HTML Help Workshop with the" \
".hhp project file in $(BUILDDIR)/htmlhelp."
.PHONY: qthelp
qthelp:
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
@echo
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Charybdisoperatorguide.qhcp"
@echo "To view the help file:"
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Charybdisoperatorguide.qhc"
.PHONY: applehelp
applehelp:
$(SPHINXBUILD) -b applehelp $(ALLSPHINXOPTS) $(BUILDDIR)/applehelp
@echo
@echo "Build finished. The help book is in $(BUILDDIR)/applehelp."
@echo "N.B. You won't be able to view it unless you put it in" \
"~/Library/Documentation/Help or install it in your application" \
"bundle."
.PHONY: devhelp
devhelp:
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
@echo
@echo "Build finished."
@echo "To view the help file:"
@echo "# mkdir -p $$HOME/.local/share/devhelp/Charybdisoperatorguide"
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Charybdisoperatorguide"
@echo "# devhelp"
.PHONY: epub
epub:
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
@echo
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
.PHONY: epub3
epub3:
$(SPHINXBUILD) -b epub3 $(ALLSPHINXOPTS) $(BUILDDIR)/epub3
@echo
@echo "Build finished. The epub3 file is in $(BUILDDIR)/epub3."
.PHONY: latex
latex:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
@echo "Run \`make' in that directory to run these through (pdf)latex" \
"(use \`make latexpdf' here to do that automatically)."
.PHONY: latexpdf
latexpdf:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through pdflatex..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: latexpdfja
latexpdfja:
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
@echo "Running LaTeX files through platex and dvipdfmx..."
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
.PHONY: text
text:
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
@echo
@echo "Build finished. The text files are in $(BUILDDIR)/text."
.PHONY: man
man:
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
@echo
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
.PHONY: texinfo
texinfo:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
@echo "Run \`make' in that directory to run these through makeinfo" \
"(use \`make info' here to do that automatically)."
.PHONY: info
info:
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
@echo "Running Texinfo files through makeinfo..."
make -C $(BUILDDIR)/texinfo info
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
.PHONY: gettext
gettext:
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
@echo
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
.PHONY: changes
changes:
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
@echo
@echo "The overview file is in $(BUILDDIR)/changes."
.PHONY: linkcheck
linkcheck:
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
@echo
@echo "Link check complete; look for any errors in the above output " \
"or in $(BUILDDIR)/linkcheck/output.txt."
.PHONY: doctest
doctest:
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
@echo "Testing of doctests in the sources finished, look at the " \
"results in $(BUILDDIR)/doctest/output.txt."
.PHONY: coverage
coverage:
$(SPHINXBUILD) -b coverage $(ALLSPHINXOPTS) $(BUILDDIR)/coverage
@echo "Testing of coverage in the sources finished, look at the " \
"results in $(BUILDDIR)/coverage/python.txt."
.PHONY: xml
xml:
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
@echo
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
.PHONY: pseudoxml
pseudoxml:
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
@echo
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
.PHONY: dummy
dummy:
$(SPHINXBUILD) -b dummy $(ALLSPHINXOPTS) $(BUILDDIR)/dummy
@echo
@echo "Build finished. Dummy builder generates no files."

264
doc/oper-guide/cmodes.rst Normal file
View file

@ -0,0 +1,264 @@
Channel modes
=============
Channel modes are determined by the various plugins loaded by the
server. The following consists only of a base list of common modes:
your server may have more plugins available, which you can see with
the following server command, depending on your IRC client::
/QUOTE HELP CMODE
or::
/RAW HELP CMODE
``+b``, channel ban
-------------------
Bans take one parameter which can take several forms. The most common
form is ``+b nick!user@host``. The wildcards ``*`` and ``?`` are
allowed, matching zero-or-more, and exactly-one characters
respectively. The masks will be trimmed to fit the maximum allowable
length for the relevant element. Bans are also checked against the IP
address, even if it resolved or is spoofed. CIDR is supported, like
``*!*@10.0.0.0/8``. This is most useful with IPv6. Bans are not
checked against the real hostname behind any kind of spoof, except if
host mangling is in use (e.g. ``extensions/ip_cloaking.so``): if the
user's host is mangled, their real hostname is checked additionally,
and if a user has no spoof but could enable mangling, the mangled form
of their hostname is checked additionally. Hence, it is not possible
to evade bans by toggling host mangling.
The second form (extban) is ``+b $type`` or ``+b $type:data``. type is
a single character (case insensitive) indicating the type of match,
optionally preceded by a tilde (``~``) to negate the comparison. data
depends on type. Each type is loaded as a module. The available types
(if any) are listed in the ``EXTBAN`` token of the 005
(``RPL_ISUPPORT``) numeric. See ``doc/extban.txt`` in the source
distribution or ``HELP EXTBAN`` for more information.
If no parameter is given, the list of bans is returned. All users can
use this form. The plus sign should also be omitted.
Matching users will not be allowed to join the channel or knock on it.
If they are already on the channel, they may not send to it or change
their nick.
``+c``, colour filter
---------------------
This cmode activates the colour filter for the channel. This filters out
bold, underline, reverse video, beeps, mIRC colour codes, and ANSI
escapes. Note that escape sequences will usually leave cruft sent to the
channel, just without the escape characters themselves.
``+e``, ban exemption
---------------------
This mode takes one parameter of the same form as bans, which overrides
``+b`` and ``+q`` bans for all clients it matches.
This can be useful if it is necessary to ban an entire ISP due to
persistent abuse, but some users from that ISP should still be allowed
in. For example::
/mode #channel +be *!*@*.example.com *!*someuser@host3.example.com
Only channel operators can see ``+e`` changes or request the list.
``+f``, channel forwarding
--------------------------
This mode takes one parameter, the name of a channel (``+f
#channel``). If the channel also has the ``+i`` cmode set, and
somebody attempts to join without either being expliticly invited, or
having an invex (``+I``), then they will instead join the channel
named in the mode parameter. The client will also be sent a 470
numeric giving the original and target channels.
Users are similarly forwarded if the ``+j`` cmode is set and their attempt
to join is throttled, if ``+l`` is set and there are already too many users
in the channel or if ``+r`` is set and they are not identified.
Forwards may only be set to ``+F`` channels, or to channels the setter has
ops in.
Without parameter (``/mode #channel f`` or ``/mode #channel +f``) the forward
channel is returned. This form also works off channel.
``+F``, allow anybody to forward to this
----------------------------------------
When this mode is set, anybody may set a forward from a channel they
have ops in to this channel. Otherwise they have to have ops in this
channel.
``+g``, allow anybody to invite
-------------------------------
When this mode is set, anybody may use the ``INVITE`` command on the channel
in question. When it is unset, only channel operators may use the ``INVITE``
command.
When this mode is set together with ``+i``, ``+j``, ``+l`` or ``+r``, all channel
members can influence who can join.
``+i``, invite only
-------------------
When this cmode is set, no client can join the channel unless they have
an invex (``+I``) or are invited with the ``INVITE`` command.
``+I``, invite exception (invex)
--------------------------------
This mode takes one parameter of the same form as bans. Matching clients
do not need to be invited to join the channel when it is invite-only
(``+i``). Unlike the ``INVITE`` command, this does not override ``+j``, ``+l`` and ``+r``.
Only channel operators can see ``+I`` changes or request the list.
``+j``, join throttling
-----------------------
This mode takes one parameter of the form n:t, where n and t are
positive integers. Only n users may join in each period of t seconds.
Invited users can join regardless of ``+j``, but are counted as normal.
Due to propagation delays between servers, more users may be able to
join (by racing for the last slot on each server).
``+k``, key (channel password)
------------------------------
Taking one parameter, when set, this mode requires a user to supply the
key in order to join the channel: ``/JOIN #channel key``.
``+l``, channel member limit
----------------------------
Takes one numeric parameter, the number of users which are allowed to be
in the channel before further joins are blocked. Invited users may join
regardless.
Due to propagation delays between servers, more users may be able to
join (by racing for the last slot on each server).
``+L``, large ban list
----------------------
Channels with this mode will be allowed larger banlists (by default, 500
instead of 50 entries for ``+b``, ``+q``, ``+e`` and ``+I`` together). Only network
operators with resv privilege may set this mode.
``+m``, moderated
-----------------
When a channel is set ``+m``, only users with ``+o`` or ``+v`` on the channel can
send to it.
Users can still knock on the channel or change their nick.
``+n``, no external messages
----------------------------
When set, this mode prevents users from sending to the channel without
being in it themselves. This is recommended.
``+o``, channel operator
------------------------
This mode takes one parameter, a nick, and grants or removes channel
operator privilege to that user. Channel operators have full control
over the channel, having the ability to set all channel modes except ``+L``
and ``+P``, and kick users. Like voiced users, channel operators can always
send to the channel, overriding ``+b``, ``+m`` and ``+q`` modes and the per-channel
flood limit. In most clients channel operators are marked with an '@'
sign.
The privilege is lost if the user leaves the channel or server in any
way.
Most networks will run channel registration services (e.g. ChanServ)
which ensure the founder (and users designated by the founder) can
always gain channel operator privileges and provide some features to
manage the channel.
``+p``, paranoid channel
------------------------
When set, the ``KNOCK`` command cannot be used on the channel to request an
invite, and users will not be shown the channel in ``WHOIS`` replies unless
they are on it. Unlike in traditional IRC, ``+p`` and ``+s`` can be set
together.
``+P``, permanent channel
-------------------------
Channels with this mode (which is accessible only to network operators
with resv privilege) set will not be destroyed when the last user
leaves.
This makes it less likely modes, bans and the topic will be lost and
makes it harder to abuse network splits, but also causes more unwanted
restoring of old modes, bans and topics after long splits.
``+q``, quiet
-------------
This mode behaves exactly like ``+b`` (ban), except that the user may still
join the channel. The net effect is that they cannot knock on the
channel, send to the channel or change their nick while on channel.
``+Q``, block forwarded users
-----------------------------
Channels with this mode set are not valid targets for forwarding. Any
attempt to forward to this channel will be ignored, and the user will be
handled as if the attempt was never made (by sending them the relevant
error message).
This does not affect the ability to set ``+f``.
``+r``, block unidentified
--------------------------
When set, this mode prevents unidentified users from joining. Invited
users can still join.
``+s``, secret channel
----------------------
When set, this mode prevents the channel from appearing in the output of
the ``LIST``, ``WHO`` and ``WHOIS`` command by users who are not on it. Also, the
server will refuse to answer ``WHO``, ``NAMES``, ``TOPIC`` and ``LIST`` queries from
users not on the channel.
``+t``, topic limit
-------------------
When set, this mode prevents users who are not channel operators from
changing the topic.
``+v``, voice
-------------
This mode takes one parameter, a nick, and grants or removes voice
privilege to that user. Voiced users can always send to the channel,
overriding ``+b``, ``+m`` and ``+q`` modes and the per-channel flood limit. In most
clients voiced users are marked with a plus sign.
The privilege is lost if the user leaves the channel or server in any
way.
``+z``, reduced moderation
--------------------------
When ``+z`` is set, the effects of ``+m``, ``+b`` and ``+q`` are relaxed. For each
message, if that message would normally be blocked by one of these
modes, it is instead sent to all channel operators. This is intended for
use in moderated debates.
Note that ``+n`` is unaffected by this. To silence a given user completely,
remove them from the channel.

754
doc/oper-guide/commands.rst Normal file
View file

@ -0,0 +1,754 @@
Operator Commands
=================
Network management commands
~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. note:: All commands and names are case insensitive. Parameters
consisting of one or more separate letters, such as in ``MODE``,
``STATS`` and ``WHO``, are case sensitive.
CONNECT
-------
::
CONNECT target [port] [source]
Initiate a connection attempt to server target. If a port is given,
connect to that port on the target, otherwise use the one given in
``ircd.conf``. If source is given, tell that server to initiate the
connection attempt, otherwise it will be made from the server you are
attached to.
To use the default port with source, specify 0 for port.
SQUIT
-----
::
SQUIT server [reason]
Closes down the link to server from this side of the network. If a
reason is given, it will be sent out in the server notices on both sides
of the link.
REHASH
------
::
REHASH [BANS | DNS | MOTD | OMOTD | TKLINES | TDLINES | TXLINES | TRESVS | REJECTCACHE | HELP] [server]
With no parameter given, ``ircd.conf`` will be reread and parsed. The
server argument is a wildcard match of server names.
``BANS``
Rereads ``kline.conf``, ``dline.conf``, ``xline.conf``,
``resv.conf`` and their .perm variants
``DNS``
Reread ``/etc/resolv.conf``.
``MOTD``
Reload the ``MOTD`` file
``OMOTD``
Reload the operator ``MOTD`` file
``TKLINES``
Clears temporary ``K:lines``.
``TDLINES``
Clears temporary ``D:lines``.
``TXLINES``
Clears temporary ``X:lines``.
``TRESVS``
Clears temporary reservations.
``REJECTCACHE``
Clears the client rejection cache.
``HELP``
Refreshes the help system cache.
RESTART
-------
::
RESTART server
Cause an immediate total shutdown of the IRC server, and restart from
scratch as if it had just been executed.
This reexecutes the ircd using the compiled-in path, visible as ``SPATH`` in
``INFO``.
.. note:: This command cannot be used remotely. The server name is
used only as a safety measure.
DIE
---
::
DIE server
Immediately terminate the IRC server, after sending notices to all
connected clients and servers
.. note:: This command cannot be used remotely. The server name is
used only as a safety measure.
SET
---
::
SET [ ADMINSTRING | AUTOCONN | AUTOCONNALL | FLOODCOUNT | IDENTTIMEOUT | MAX | OPERSTRING | SPAMNUM | SPAMTIME | SPLITMODE | SPLITNUM | SPLITUSERS ] value
The ``SET`` command sets a runtime-configurable value.
Most of the ``ircd.conf`` equivalents have a ``default_prefix`` and are
only read on startup. ``SET`` is the only way to change these at run time.
Most of the values can be queried by omitting value.
``ADMINSTRING``
Sets string shown in ``WHOIS`` for admins. (umodes +o and +a set, umode
+S not set).
``AUTOCONN``
Sets auto-connect on or off for a particular server. Takes two
parameters, server name and new state.
To see these values, use ``/stats c``. Changes to this are lost on a
rehash.
``AUTOCONNALL``
Globally sets auto-connect on or off. If disabled, no automatic
connections are done; if enabled, automatic connections are done
following the rules for them.
``FLOODCOUNT``
The number of lines allowed to be sent to a connection before
throttling it due to flooding. Note that this variable is used for
both channels and clients.
For channels, op or voice overrides this; for users, IRC operator
status or op or voice on a common channel overrides this.
``IDENTTIMEOUT``
Timeout for requesting ident from a client.
``MAX``
Sets the maximum number of connections to value.
This number cannot exceed maxconnections - ``MAX_BUFFER``.
maxconnections is the rlimit for number of open files. ``MAX_BUFFER``
is defined in config.h, normally 60.
``MAXCLIENTS`` is an alias for this.
``OPERSTRING``
Sets string shown in ``WHOIS`` for opers (umode ``+o`` set, umodes ``+a`` and ``+S``
not set).
``SPAMNUM``
Sets how many join/parts to channels constitutes a possible spambot.
``SPAMTIME``
Below this time on a channel counts as a join/part as above.
``SPLITMODE``
Sets splitmode to value:
``ON``
splitmode is permanently on
``OFF``
splitmode is permanently off (default if ``no_create_on_split``
and ``no_join_on_split`` are disabled)
``AUTO``
ircd chooses splitmode based on ``SPLITUSERS`` and ``SPLITNUM`` (default
if ``no_create_on_split`` or ``no_join_on_split`` are enabled)
``SPLITUSERS``
Sets the minimum amount of users needed to deactivate automatic
splitmode.
``SPLITNUM``
Sets the minimum amount of servers needed to deactivate automatic
splitmode. Only servers that have finished bursting count for this.
User management commands
~~~~~~~~~~~~~~~~~~~~~~~~
KILL
----
::
KILL nick [reason]
Disconnects the user with the given nick from the server they are
connected to, with the reason given, if present, and broadcast a server
notice announcing this.
Your nick and the reason will appear on channels.
CLOSE
-----
Closes all connections from and to clients and servers who have not
completed registering.
KLINE
-----
::
KLINE [length] [user@host | user@a.b.c.d] [ON servername] [:reason]
Adds a ``K:line`` to ``kline.conf`` to ban the given ``user@host`` from using
that server.
If the optional parameter length is given, the ``K:line`` will be temporary
(i.e. it will not be stored on disk) and last that long in minutes.
If an IP address is given, the ban will be against all hosts matching
that IP regardless of DNS. The IP address can be given as a full address
(``192.168.0.1``), as a CIDR mask (``192.168.0.0/24``), or as a glob
(``192.168.0.*``).
All clients matching the ``K:line`` will be disconnected from the server
immediately.
If a reason is specified, it will be sent to the client when they are
disconnected, and whenever a connection is attempted which is banned.
If the ON part is specified, the ``K:line`` is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there). Otherwise,
if specified in a ``cluster{}`` block, the ``K:Line`` will be propagated across
the network accordingly.
UNKLINE
-------
::
UNKLINE user@host [ON servername]
Will attempt to remove a ``K:line`` matching ``user@host`` from ``kline.conf``,
and will flush a temporary ``K:line``.
XLINE
-----
::
XLINE [length] mask [ON servername] [:reason]
Works similarly to ``KLINE``, but matches against the real name field. The
wildcards are ``*`` (any sequence), ``?`` (any character), ``#`` (a digit) and ``@`` (a
letter); wildcard characters can be escaped with a backslash. The
sequence ``\s`` matches a space.
All clients matching the ``X:line`` will be disconnected from the server
immediately.
The reason is never sent to users. Instead, they will be exited with
"Bad user info".
If the ON part is specified, the ``X:line`` is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there). Otherwise,
if specified in a ``cluster{}`` block, the ``X:line`` will be propagated across
the network accordingly.
UNXLINE
-------
::
UNXLINE mask [ON servername]
Will attempt to remove an ``X:line`` from ``xline.conf``, and will flush a
temporary ``X:line``.
RESV
----
::
RESV [length] [channel | mask] [ON servername] [:reason]
If used on a channel, “jupes” the channel locally. Joins to the channel
will be disallowed and generate a server notice on ``+y``, and users will
not be able to send to the channel. Channel jupes cannot contain
wildcards.
If used on a nickname mask, prevents local users from using a nick
matching the mask (the same wildcard characters as xlines). There is no
way to exempt the initial nick from this.
In neither case will current users of the nick or channel be kicked or
disconnected.
This facility is not designed to make certain nicks or channels
oper-only.
The reason is never sent to users.
If the ON part is specified, the resv is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there). Otherwise,
if specified in a ``cluster{}`` block, the resv will be propagated across
the network accordingly.
UNRESV
------
::
UNRESV [channel | mask] [ON servername]
Will attempt to remove a resv from ``resv.conf``, and will flush a
temporary resv.
DLINE
-----
::
DLINE [length] a.b.c.d [ON servername] [:reason]
Adds a ``D:line`` to ``dline.conf``, which will deny any connections from
the given IP address. The IP address can be given as a full address
(``192.168.0.1``) or as a CIDR mask (``192.168.0.0/24``).
If the optional parameter length is given, the ``D:line`` will be temporary
(i.e. it will not be stored on disk) and last that long in minutes.
All clients matching the ``D:line`` will be disconnected from the server
immediately.
If a reason is specified, it will be sent to the client when they are
disconnected, and, if ``dline_reason`` is enabled, whenever a connection is
attempted which is banned.
``D:lines`` are less load on a server, and may be more appropriate if
somebody is flooding connections.
If the ON part is specified, the ``D:line`` is set on servers matching the
given mask (provided a matching ``shared{}`` block exists there, which is
not the case by default). Otherwise, the D:Line will be set on the local
server only.
Only ``exempt{}`` blocks exempt from ``D:lines``. Being a server or having
``kline_exempt`` in ``auth{}`` does *not* exempt (different from ``K/G/X:lines``).
UNDLINE
-------
::
UNDLINE a.b.c.d [ON servername]
Will attempt to remove a ``D:line`` from ``dline.conf``, and will flush a
temporary ``D:line``.
TESTGECOS
---------
::
TESTGECOS gecos
Looks up X:Lines matching the given gecos.
TESTLINE
--------
::
TESTLINE [nick!] [user@host | a.b.c.d]
Looks up the given hostmask or IP address and reports back on any ``auth{}``
blocks, D: or K: lines found. If nick is given, also searches for nick
resvs.
For temporary items the number of minutes until the item expires is
shown (as opposed to the hit count in STATS q/Q/x/X).
This command will not perform DNS lookups; for best results you must
testline a host and its IP form.
The given username should begin with a tilde (~) if identd is not in
use. As of charybdis 2.1.1, ``no_tilde`` and username truncation will be
taken into account like in the normal client access check.
As of charybdis 2.2.0, a channel name can be specified and the RESV will
be returned, if there is one.
TESTMASK
--------
::
TESTMASK hostmask [gecos]
Searches the network for users that match the hostmask and gecos given,
returning the number of matching users on this server and other servers.
The hostmask is of the form user@host or user@ip/cidr with \* and ?
wildcards, optionally preceded by nick!.
The gecos field accepts the same wildcards as xlines.
The IP address checked against is ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or 0 if the IP address is hidden
(``auth{}`` spoof).
LUSERS
------
::
LUSERS [mask] [nick | server]
Shows various user and channel counts.
The mask parameter is obsolete but must be used when querying a remote
server.
TRACE
-----
::
TRACE [server | nick] [location]
With no argument or one argument which is the current server, TRACE
gives a list of all connections to the current server and a summary of
connection classes.
With one argument which is another server, TRACE displays the path to
the specified server, and all servers, opers and -i users on that
server, along with a summary of connection classes.
With one argument which is a client, TRACE displays the path to that
client, and that client's information.
If location is given, the command is executed on that server; no path is
displayed.
When listing connections, type, name and class is shown in addition to
information depending on the type:
Try.
A server we are trying to make a TCP connection to.
H.S.
A server we have established a TCP connection to, but is not yet
registered.
\?\?\?\?
An incoming connection that has not yet registered as a user or a
server (“unknown”). Shows the username, hostname, IP address and the
time the connection has been open. It is possible that the ident or
DNS lookups have not completed yet, and in any case no tildes are
shown here. Unknown connections may not have a name yet.
User
A registered unopered user. Shows the username, hostname, IP
address, the time the client has not sent anything (as in STATS l)
and the time the user has been idle (from PRIVMSG only, as in
WHOIS).
Oper
Like User, but opered.
Serv
A registered server. Shows the number of servers and users reached
via this link, who made this connection and the time the server has
not sent anything.
ETRACE
------
::
ETRACE [nick]
Shows client information about the given target, or about all local
clients if no target is specified.
PRIVS
-----
::
PRIVS [nick]
Displays effective operator privileges for the specified nick, or for
yourself if no nick is given. This includes all privileges from the
operator block, the name of the operator block and those privileges from
the auth block that have an effect after the initial connection.
The exact output depends on the server the nick is on, see the matching
version of this document. If the remote server does not support this
extension, you will not receive a reply.
MASKTRACE
---------
::
MASKTRACE hostmask [gecos]
Searches the local server or network for users that match the hostmask
and gecos given. Network searches require the ``oper_spy`` privilege and an
'!' before the hostmask. The matching works the same way as TESTMASK.
The hostmask is of the form ``user@host`` or ``user@ip/cidr`` with ``*`` and ``?``
wildcards, optionally preceded by ``nick!``.
The gecos field accepts the same wildcards as xlines.
The IP address field contains ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or ``0`` if the IP address is hidden
(``auth{}`` spoof).
CHANTRACE
---------
::
CHANTRACE channel
Displays information about users in a channel. Opers with the ``oper_spy``
privilege can get the information without being on the channel, by
prefixing the channel name with an ``!``.
The IP address field contains ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or ``0`` if the IP address is hidden
(``auth{}`` spoof).
SCAN
----
::
SCAN UMODES +modes-modes [no-list] [list] [global] [list-max number] [mask nick!user@host]
Searches the local server or network for users that have the umodes
given with + and do not have the umodes given with -. no-list disables
the listing of matching users and only shows the count. list enables the
listing (default). global extends the search to the entire network
instead of local users only. list-max limits the listing of matching
users to the given amount. mask causes only users matching the given
nick!user@host mask to be selected. Only the displayed host is
considered, not the IP address or real host behind dynamic spoofs.
The IP address field contains ``255.255.255.255`` if the IP address is
unknown (remote client on a TS5 server) or 0 if the IP address is hidden
(``auth{}`` spoof).
Network searches where a listing is given are operspy commands.
CHGHOST
-------
::
CHGHOST nick value
Set the hostname associated with a particular nick for the duration of
this session. This command is disabled by default because of the abuse
potential and little practical use.
Miscellaneous commands
~~~~~~~~~~~~~~~~~~~~~~
ADMIN
-----
::
ADMIN [nick | server]
Shows the information in the ``admin{}`` block.
INFO
----
::
INFO [nick | server]
Shows information about the authors of the IRC server, and some
information about this server instance. Opers also get a list of
configuration options.
TIME
----
::
TIME [nick | server]
Shows the local time on the given server, in a human-readable format.
VERSION
-------
::
VERSION [nick | server]
Shows version information, a few compile/config options, the SID and the
005 numerics. The 005 numeric will be remapped to 105 for remote
requests.
STATS
-----
::
STATS [type] [nick | server]
Display various statistics and configuration information.
A
Show DNS servers
b
Show active nick delays
B
Show hash statistics
c
Show connect blocks
d
Show temporary ``D:lines``
D
Show permanent ``D:lines``
e
Show exempt blocks (exceptions to ``D:lines``)
E
Show events
f
Show file descriptors
h
Show ``hub_mask``/``leaf_mask``
i
Show auth blocks, or matched auth blocks
k
Show temporary ``K:lines``, or matched ``K:lines``
K
Show permanent ``K:lines``, or matched ``K:lines``
l
Show hostname and link information about the given nick. With a
server name, show information about opers and servers on that
server; opers get information about all local connections if they
query their own server. No hostname is shown for server connections.
L
Like l, but show IP address instead of hostname
m
Show commands and their usage statistics (total counts, total bytes,
counts from server connections)
n
Show blacklist blocks (DNS blacklists) with hit counts since last
rehash and (parenthesized) reference counts. The reference count
shows how many clients are waiting on a lookup of this blacklist or
have been found and are waiting on registration to complete.
o
Show operator blocks
O
Show privset blocks
p
Show logged on network operators which are not set AWAY.
P
Show listen blocks (ports)
q
Show temporarily resv'ed nicks and channels with hit counts
Q
Show permanently resv'ed nicks and channels with hit counts since
last rehash bans
r
Show resource usage by the ircd
t
Show generic server statistics about local connections
u
Show server uptime
U
Show shared (c), cluster (C) and service (s) blocks
v
Show connected servers and brief status
x
Show temporary ``X:lines`` with hit counts
X
Show permanent ``X:lines`` with hit counts since last rehash bans
y
Show class blocks
z
Show memory usage statistics
Z
Show ziplinks statistics
?
Show connected servers and link information about them
WALLOPS
-------
::
WALLOPS :message
Sends a WALLOPS message to all users who have the +w umode set. This is
for things you don't mind the whole network knowing about.
OPERWALL
--------
::
OPERWALL :message
Sends an OPERWALL message to all opers who have the +z umode set. +z is
restricted, OPERWALL should be considered private communications.

423
doc/oper-guide/conf.py Normal file
View file

@ -0,0 +1,423 @@
# -*- coding: utf-8 -*-
#
# Charybdis operator guide documentation build configuration file, created by
# sphinx-quickstart on Sat Mar 25 10:41:29 2017.
#
# This file is execfile()d with the current directory set to its
# containing dir.
#
# Note that not all possible configuration values are present in this
# autogenerated file.
#
# All configuration values have a default; values that are commented out
# serve to show the default.
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
#
# needs_sphinx = '1.0'
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
#
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#
# source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = u'Charybdis operator guide'
copyright = u'2009, Jilles Tjoelker'
author = u'Jilles Tjoelker'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = u'3.5'
# The full version, including alpha/beta/rc tags.
release = u'3.5'
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = None
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:
#
# today = ''
#
# Else, today_fmt is used as the format for a strftime call.
#
# today_fmt = '%B %d, %Y'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This patterns also effect to html_static_path and html_extra_path
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
# The reST default role (used for this markup: `text`) to use for all
# documents.
#
# default_role = None
# If true, '()' will be appended to :func: etc. cross-reference text.
#
# add_function_parentheses = True
# If true, the current module name will be prepended to all description
# unit titles (such as .. function::).
#
# add_module_names = True
# If true, sectionauthor and moduleauthor directives will be shown in the
# output. They are ignored by default.
#
# show_authors = False
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# A list of ignored prefixes for module index sorting.
# modindex_common_prefix = []
# If true, keep warnings as "system message" paragraphs in the built documents.
# keep_warnings = False
# If true, `todo` and `todoList` produce output, else they produce nothing.
todo_include_todos = False
# -- Options for HTML output ----------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
#html_theme = 'alabaster'
# Theme options are theme-specific and customize the look and feel of a theme
# further. For a list of options available for each theme, see the
# documentation.
#
# html_theme_options = {}
# Add any paths that contain custom themes here, relative to this directory.
# html_theme_path = []
# The name for this set of Sphinx documents.
# "<project> v<release> documentation" by default.
#
# html_title = u'Charybdis operator guide v3.5'
# A shorter title for the navigation bar. Default is the same as html_title.
#
# html_short_title = None
# The name of an image file (relative to this directory) to place at the top
# of the sidebar.
#
# html_logo = None
# The name of an image file (relative to this directory) to use as a favicon of
# the docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
#
# html_favicon = None
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
# html_static_path = ['_static']
# Add any extra paths that contain custom files (such as robots.txt or
# .htaccess) here, relative to this directory. These files are copied
# directly to the root of the documentation.
#
# html_extra_path = []
# If not None, a 'Last updated on:' timestamp is inserted at every page
# bottom, using the given strftime format.
# The empty string is equivalent to '%b %d, %Y'.
#
# html_last_updated_fmt = None
# If true, SmartyPants will be used to convert quotes and dashes to
# typographically correct entities.
#
# html_use_smartypants = True
# Custom sidebar templates, maps document names to template names.
#
# html_sidebars = {}
# Additional templates that should be rendered to pages, maps page names to
# template names.
#
# html_additional_pages = {}
# If false, no module index is generated.
#
# html_domain_indices = True
# If false, no index is generated.
#
# html_use_index = True
# If true, the index is split into individual pages for each letter.
#
# html_split_index = False
# If true, links to the reST sources are added to the pages.
#
# html_show_sourcelink = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
#
# html_show_sphinx = True
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
#
# html_show_copyright = True
# If true, an OpenSearch description file will be output, and all pages will
# contain a <link> tag referring to it. The value of this option must be the
# base URL from which the finished HTML is served.
#
# html_use_opensearch = ''
# This is the file name suffix for HTML files (e.g. ".xhtml").
# html_file_suffix = None
# Language to be used for generating the HTML full-text search index.
# Sphinx supports the following languages:
# 'da', 'de', 'en', 'es', 'fi', 'fr', 'hu', 'it', 'ja'
# 'nl', 'no', 'pt', 'ro', 'ru', 'sv', 'tr', 'zh'
#
# html_search_language = 'en'
# A dictionary with options for the search language support, empty by default.
# 'ja' uses this config value.
# 'zh' user can custom change `jieba` dictionary path.
#
# html_search_options = {'type': 'default'}
# The name of a javascript file (relative to the configuration directory) that
# implements a search results scorer. If empty, the default will be used.
#
# html_search_scorer = 'scorer.js'
# Output file base name for HTML help builder.
htmlhelp_basename = 'Charybdisoperatorguidedoc'
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
#
# 'papersize': 'letterpaper',
# The font size ('10pt', '11pt' or '12pt').
#
# 'pointsize': '10pt',
# Additional stuff for the LaTeX preamble.
#
# 'preamble': '',
# Latex figure (float) alignment
#
# 'figure_align': 'htbp',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'Charybdisoperatorguide.tex', u'Charybdis operator guide Documentation',
u'Jilles Tjoelker', 'manual'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
#
# latex_logo = None
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#
# latex_use_parts = False
# If true, show page references after internal links.
#
# latex_show_pagerefs = False
# If true, show URL addresses after external links.
#
# latex_show_urls = False
# Documents to append as an appendix to all manuals.
#
# latex_appendices = []
# It false, will not define \strong, \code, itleref, \crossref ... but only
# \sphinxstrong, ..., \sphinxtitleref, ... To help avoid clash with user added
# packages.
#
# latex_keep_old_macro_names = True
# If false, no module index is generated.
#
# latex_domain_indices = True
# -- Options for manual page output ---------------------------------------
# One entry per manual page. List of tuples
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, 'charybdisoperatorguide', u'Charybdis operator guide Documentation',
[author], 1)
]
# If true, show URL addresses after external links.
#
# man_show_urls = False
# -- Options for Texinfo output -------------------------------------------
# Grouping the document tree into Texinfo files. List of tuples
# (source start file, target name, title, author,
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'Charybdisoperatorguide', u'Charybdis operator guide Documentation',
author, 'Charybdisoperatorguide', 'One line description of project.',
'Miscellaneous'),
]
# Documents to append as an appendix to all manuals.
#
# texinfo_appendices = []
# If false, no module index is generated.
#
# texinfo_domain_indices = True
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#
# texinfo_show_urls = 'footnote'
# If true, do not generate a @detailmenu in the "Top" node's menu.
#
# texinfo_no_detailmenu = False
# -- Options for Epub output ----------------------------------------------
# Bibliographic Dublin Core info.
epub_title = project
epub_author = author
epub_publisher = author
epub_copyright = copyright
# The basename for the epub file. It defaults to the project name.
# epub_basename = project
# The HTML theme for the epub output. Since the default themes are not
# optimized for small screen space, using the same theme for HTML and epub
# output is usually not wise. This defaults to 'epub', a theme designed to save
# visual space.
#
# epub_theme = 'epub'
# The language of the text. It defaults to the language option
# or 'en' if the language is not set.
#
# epub_language = ''
# The scheme of the identifier. Typical schemes are ISBN or URL.
# epub_scheme = ''
# The unique identifier of the text. This can be a ISBN number
# or the project homepage.
#
# epub_identifier = ''
# A unique identification for the text.
#
# epub_uid = ''
# A tuple containing the cover image and cover page html template filenames.
#
# epub_cover = ()
# A sequence of (type, uri, title) tuples for the guide element of content.opf.
#
# epub_guide = ()
# HTML files that should be inserted before the pages created by sphinx.
# The format is a list of tuples containing the path and title.
#
# epub_pre_files = []
# HTML files that should be inserted after the pages created by sphinx.
# The format is a list of tuples containing the path and title.
#
# epub_post_files = []
# A list of files that should not be packed into the epub file.
epub_exclude_files = ['search.html']
# The depth of the table of contents in toc.ncx.
#
# epub_tocdepth = 3
# Allow duplicate toc entries.
#
# epub_tocdup = True
# Choose between 'default' and 'includehidden'.
#
# epub_tocscope = 'default'
# Fix unsupported image types using the Pillow.
#
# epub_fix_images = False
# Scale large images.
#
# epub_max_image_width = 0
# How to display URL addresses: 'footnote', 'no', or 'inline'.
#
# epub_show_urls = 'inline'
# If false, no index is generated.
#
# epub_use_index = True

825
doc/oper-guide/config.rst Normal file
View file

@ -0,0 +1,825 @@
Server config file format
=========================
General format
~~~~~~~~~~~~~~
The config file consists of a series of BIND-style blocks. Each block
consists of a series of values inside it which pertain to configuration
settings that apply to the given block.
Several values take lists of values and have defaults preset inside
them. Prefix a keyword with a tilde (``~``) to override the default and
disable it.
A line may also be a .include directive, which is of the form::
.include "file"
and causes file to be read in at that point, before the rest of
the current file is processed. Relative paths are first tried relative
to ``PREFIX`` and then relative to ``ETCPATH`` (normally ``PREFIX``/etc).
Anything from a ``#`` to the end of a line is a comment. Blank lines are
ignored. C-style comments are also supported.
Specific blocks and directives
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Not all configuration blocks and directives are listed here, only the
most common ones. More blocks and directives will be documented in later
revisions of this manual.
loadmodule directive
--------------------
::
loadmodule "text";
Loads a module into the IRCd. In charybdis 1.1, most modules are
automatically loaded in. In future versions, it is intended to remove
this behaviour as to allow for easy customization of the IRCd's
featureset.
serverinfo {} block
-------------------
::
serverinfo {
name = "text";
sid = "text";
description = "text";
network_name = "text";
network_desc = "text";
hub = boolean;
vhost = "text";
vhost6 = "text";
};
The serverinfo {} block defines the core operational parameters of the
IRC server.
**serverinfo {} variables**
name
The name of the IRC server that you are configuring. This must
contain at least one dot. It is not necessarily equal to any DNS
name. This must be unique on the IRC network.
sid
A unique ID which describes the server. This consists of one digit
and two characters which can be digits or letters.
description
A user-defined field of text which describes the IRC server. This
information is used in ``/links`` and ``/whois`` requests. Geographical
location information could be a useful use of this field, but most
administrators put a witty saying inside it instead.
network\_name
The name of the IRC network that this server will be a member of.
This is used in the welcome message and ``NETWORK=`` in 005.
hub
A boolean which defines whether or not this IRC server will be
serving as a hub, i.e. have multiple servers connected to it.
vhost
An optional text field which defines an IP from which to connect
outward to other IRC servers.
vhost6
An optional text field which defines an IPv6 IP from which to
connect outward to other IRC servers.
admin {} block
--------------
::
admin {
name = "text";
description = "text";
email = "text";
};
This block provides the information which is returned by the ``ADMIN``
command.
name
The name of the administrator running this service.
description
The description of the administrator's position in the network.
email
A point of contact for the administrator, usually an e-mail address.
class {} block
--------------
::
class "name" {
ping_time = duration;
number_per_ident = number;
number_per_ip = number;
number_per_ip_global = number;
cidr_ipv4_bitlen = number;
cidr_ipv6_bitlen = number;
number_per_cidr = number;
max_number = number;
sendq = size;
};
class "name" {
ping_time = duration;
connectfreq = duration;
max_number = number;
sendq = size;
};
Class blocks define classes of connections for later use. The class name
is used to connect them to other blocks in the config file (auth{} and
connect{}). They must be defined before they are used.
Classes are used both for client and server connections, but most
variables are different.
**class {} variables: client classes**
ping\_time
The amount of time between checking pings for clients, e.g.: 2
minutes
number\_per\_ident
The amount of clients which may be connected from a single identd
username on a per-IP basis, globally. Unidented clients all count as
the same username.
number\_per\_ip
The amount of clients which may be connected from a single IP
address.
number\_per\_ip\_global
The amount of clients which may be connected globally from a single
IP address.
cidr\_ipv4\_bitlen
The netblock length to use with CIDR-based client limiting for IPv4
users in this class (between 0 and 32).
cidr\_ipv6\_bitlen
The netblock length to use with CIDR-based client limiting for IPv6
users in this class (between 0 and 128).
number\_per\_cidr
The amount of clients which may be connected from a single netblock.
If this needs to differ between IPv4 and IPv6, make different
classes for IPv4 and IPv6 users.
max\_number
The maximum amount of clients which may use this class at any given
time.
sendq
The maximum size of the queue of data to be sent to a client before
it is dropped.
**class {} variables: server classes**
ping\_time
The amount of time between checking pings for servers, e.g.: 2
minutes
connectfreq
The amount of time between autoconnects. This must at least be one
minute, as autoconnects are evaluated with that granularity.
max\_number
The amount of servers to autoconnect to in this class. More
precisely, no autoconnects are done if the number of servers in this
class is greater than or equal max\_number
sendq
The maximum size of the queue of data to be sent to a server before
it is dropped.
auth {} block
-------------
::
auth {
user = "hostmask";
password = "text";
spoof = "text";
flags = list;
class = "text";
};
auth {} blocks allow client connections to the server, and set various
properties concerning those connections.
Auth blocks are evaluated from top to bottom in priority, so put special
blocks first.
auth {} variables
~~~~~~~~~~~~~~~~~
user
A hostmask (``user@host``) that the auth {} block applies to. It is
matched against the hostname and IP address (using :: shortening for
IPv6 and prepending a 0 if it starts with a colon) and can also use
CIDR masks. You can have multiple user entries.
password
An optional password to use for authenticating into this auth{}
block. If the password is wrong the user will not be able to connect
(will not fall back on another auth{} block).
spoof
An optional fake hostname (or ``user@host``) to apply to users
authenticated to this auth{} block. In ``STATS i`` and ``TESTLINE``, an
equals sign (=) appears before the ``user@host`` and the spoof is shown.
flags
A list of flags to apply to this ``auth{}`` block. They are listed
below. Some of the flags appear as a special character,
parenthesized in the list, before the ``user@host`` in ``STATS i`` and
``TESTLINE``.
class
A name of a class to put users matching this auth{} block into.
auth {} flags
~~~~~~~~~~~~~
encrypted
The password used has been encrypted.
spoof\_notice
Causes the IRCd to send out a server notice when activating a spoof
provided by this auth{} block.
exceed\_limit (>)
Users in this auth{} block can exceed class-wide limitations.
dnsbl\_exempt ($)
Users in this auth{} block are exempted from DNS blacklist checks.
However, they will still be warned if they are listed.
kline\_exempt (^)
Users in this auth{} block are exempted from DNS blacklists, k:lines
and x:lines.
spambot\_exempt
Users in this auth{} block are exempted from spambot checks.
shide\_exempt
Users in this auth{} block are exempted from some serverhiding
effects.
jupe\_exempt
Users in this auth{} block do not trigger an alarm when joining
juped channels.
resv\_exempt
Users in this auth{} block may use reserved nicknames and channels.
.. note:: The initial nickname may still not be reserved.
flood\_exempt (\|) Users in this auth{} block may send arbitrary
amounts of commands per time unit to the server. This does not
exempt them from any other flood limits. You should use this
setting with caution.
no\_tilde (-)
Users in this auth{} block will not have a tilde added to their
username if they do not run identd.
need\_ident (+)
Users in this auth{} block must have identd, otherwise they will be
rejected.
need\_ssl
Users in this auth{} block must be connected via SSL/TLS, otherwise
they will be rejected.
need\_sasl
Users in this auth{} block must identify via SASL, otherwise they
will be rejected.
exempt {} block
---------------
::
exempt {
ip = "ip";
};
An exempt block specifies IP addresses which are exempt from ``D:lines`` and
throttling. Multiple addresses can be specified in one block. Clients
coming from these addresses can still be ``K/G/X:lined`` or banned by a DNS
blacklist unless they also have appropriate flags in their auth{} block.
**exempt {} variables**
ip
The IP address or CIDR range to exempt.
privset {} block
----------------
::
privset {
extends = "name";
privs = list;
};
A privset (privilege set) block specifies a set of operator privileges.
**privset {} variables**
extends
An optional privset to inherit. The new privset will have all
privileges that the given privset has.
privs
Privileges to grant to this privset. These are described in the
operator privileges section.
operator {} block
-----------------
::
operator "name" {
user = "hostmask";
password = "text";
rsa_public_key_file = "text";
umodes = list;
snomask = "text";
flags = list;
};
Operator blocks define who may use the ``OPER`` command to gain extended
privileges.
**operator {} variables**
user
A hostmask that users trying to use this operator {} block must
match. This is checked against the original host and IP address;
CIDR is also supported. So auth {} spoofs work in operator {}
blocks; the real host behind them is not checked. Other kind of
spoofs do not work in operator {} blocks; the real host behind them
is checked.
Note that this is different from charybdis 1.x where all kinds of
spoofs worked in operator {} blocks.
password
A password used with the ``OPER`` command to use this operator {} block.
Passwords are encrypted by default, but may be unencrypted if
~encrypted is present in the flags list.
rsa\_public\_key\_file
An optional path to a RSA public key file associated with the
operator {} block. This information is used by the ``CHALLENGE``
command, which is an alternative authentication scheme to the
traditional ``OPER`` command.
umodes
A list of usermodes to apply to successfully opered clients.
snomask
An snomask to apply to successfully opered clients.
privset
The privilege set granted to successfully opered clients. This must
be defined before this operator{} block.
flags
A list of flags to apply to this operator{} block. They are listed
below.
**operator {} flags**
encrypted
The password used has been encrypted. This is enabled by default,
use ~encrypted to disable it.
need\_ssl
Restricts use of this operator{} block to SSL/TLS connections only.
connect {} block
----------------
::
connect "name" {
host = "text";
send_password = "text";
accept_password = "text";
port = number;
hub_mask = "mask";
leaf_mask = "mask";
class = "text";
flags = list;
aftype = protocol;
};
Connect blocks define what servers may connect or be connected to.
**connect {} variables**
host
The hostname or IP to connect to.
.. note:: Furthermore, if a hostname is used, it must have an
``A`` or ``AAAA`` record (no ``CNAME``) and it must be
the primary hostname for inbound connections to work.
IPv6 addresses must be in ``::`` shortened form; addresses which
then start with a colon must be prepended with a zero, for
example ``0::1``.
send\_password
The password to send to the other server.
accept\_password
The password that should be accepted from the other server.
port
The port on the other server to connect to.
hub\_mask
An optional domain mask of servers allowed to be introduced by this
link. Usually, "\*" is fine. Multiple hub\_masks may be specified,
and any of them may be introduced. Violation of hub\_mask and
leaf\_mask restrictions will cause the local link to be closed.
leaf\_mask
An optional domain mask of servers not allowed to be introduced by
this link. Multiple leaf\_masks may be specified, and none of them
may be introduced. leaf\_mask has priority over hub\_mask.
class
The name of the class this server should be placed into.
flags
A list of flags concerning the connect block. They are listed below.
aftype
The protocol that should be used to connect with, either ipv4 or
ipv6. This defaults to ipv4 unless host is a numeric IPv6 address.
**connect {} flags**
encrypted
The value for accept\_password has been encrypted.
autoconn
The server should automatically try to connect to the server defined
in this connect {} block if it's not connected already and
max\_number in the class is not reached yet.
compressed
Ziplinks should be used with this server connection. This compresses
traffic using zlib, saving some bandwidth and speeding up netbursts.
If you have trouble setting up a link, you should turn this off as
it often hides error messages.
topicburst
Topics should be bursted to this server.
This is enabled by default.
listen {} block
---------------
::
listen {
host = "text";
port = number;
};
A listen block specifies what ports a server should listen on.
**listen {} variables**
host
An optional host to bind to. Otherwise, the ircd will listen on all
available hosts.
port
A port to listen on. You can specify multiple ports via commas, and
define a range by seperating the start and end ports with two dots
(..).
modules {} block
----------------
::
modules {
path = "text";
module = text;
};
The modules block specifies information for loadable modules.
**modules {} variables**
path
Specifies a path to search for loadable modules.
module
Specifies a module to load, similar to loadmodule.
general {} block
----------------
::
modules {
values
};
The general block specifies a variety of options, many of which were in
``config.h`` in older daemons. The options are documented in
``reference.conf``.
channel {} block
----------------
::
modules {
values
};
The channel block specifies a variety of channel-related options, many
of which were in ``config.h`` in older daemons. The options are
documented in ``reference.conf``.
serverhide {} block
-------------------
::
modules {
values
};
The serverhide block specifies options related to server hiding. The
options are documented in ``reference.conf``.
blacklist {} block
------------------
::
blacklist {
host = "text";
reject_reason = "text";
};
The blacklist block specifies DNS blacklists to check. Listed clients
will not be allowed to connect. IPv6 clients are not checked against
these.
Multiple blacklists can be specified, in pairs with first host then
reject\_reason.
**blacklist {} variables**
host
The DNSBL to use.
reject\_reason
The reason to send to listed clients when disconnecting them.
alias {} block
--------------
::
alias "name" {
target = "text";
};
Alias blocks allow the definition of custom commands. These commands
send ``PRIVMSG`` to the given target. A real command takes precedence above
an alias.
**alias {} variables**
target
The target nick (must be a network service (umode ``+S``)) or
user@server. In the latter case, the server cannot be this server,
only opers can use user starting with "opers" reliably and the user
is interpreted on the target server only so you may need to use
nick@server instead).
cluster {} block
----------------
::
cluster {
name = "text";
flags = list;
};
The cluster block specifies servers we propagate things to
automatically. This does not allow them to set bans, you need a separate
shared{} block for that.
Having overlapping cluster{} items will cause the command to be executed
twice on the target servers. This is particularly undesirable for ban
removals.
The letters in parentheses denote the flags in ``/stats`` U.
**cluster {} variables**
name
The server name to share with, this may contain wildcards and may be
stacked.
flags
The list of what to share, all the name lines above this (up to
another flags entry) will receive these flags. They are listed
below.
**cluster {} flags**
kline (K)
Permanent ``K:lines``
tkline (k)
Temporary ``K:lines``
unkline (U)
``K:line`` removals
xline (X)
Permanent ``X:lines``
txline (x)
Temporary ``X:lines``
unxline (Y)
``X:line`` removals
resv (Q)
Permanently reserved nicks/channels
tresv (q)
Temporarily reserved nicks/channels
unresv (R)
``RESV`` removals
locops (L)
``LOCOPS`` messages (sharing this with \* makes ``LOCOPS`` rather similar to
``OPERWALL`` which is not useful)
all
All of the above
shared {} block
---------------
::
shared {
oper = "user@host", "server";
flags = list;
};
The shared block specifies opers allowed to perform certain actions on
our server remotely. These are ordered top down. The first one matching
will determine the oper's access. If access is denied, the command will
be silently ignored.
The letters in parentheses denote the flags in ``/stats U``.
**shared {} variables**
oper
The user@host the oper must have, and the server they must be on.
This may contain wildcards.
flags
The list of what to allow, all the oper lines above this (up to
another flags entry) will receive these flags. They are listed
below.
.. note:: While they have the same names, the flags have subtly
different meanings from those in the cluster{} block.
**shared {} flags**
kline (K)
Permanent and temporary ``K:lines``
tkline (k)
Temporary ``K:lines``
unkline (U)
``K:line`` removals
xline (X)
Permanent and temporary ``X:lines``
txline (x)
Temporary ``X:lines``
unxline (Y)
``X:line`` removals
resv (Q)
Permanently and temporarily reserved nicks/channels
tresv (q)
Temporarily reserved nicks/channels
unresv (R)
``RESV`` removals
all
All of the above; this does not include locops, rehash, dline,
tdline or undline.
locops (L)
``LOCOPS`` messages (accepting this from \* makes ``LOCOPS`` rather similar
to ``OPERWALL`` which is not useful); unlike the other flags, this can
only be accepted from \*@\* although it can be restricted based on
source server.
rehash (H)
``REHASH`` commands; all options can be used
dline (D)
Permanent and temporary ``D:lines``
tdline (d)
Temporary ``D:lines``
undline (E)
``D:line`` removals
none
Allow nothing to be done
service {} block
----------------
::
service {
name = "text";
};
The service block specifies privileged servers (services). These servers
have extra privileges such as setting login names on users and
introducing clients with umode ``+S`` (unkickable, hide channels, etc). This
does not allow them to set bans, you need a separate shared{} block for
that.
Do not place normal servers here.
Multiple names may be specified but there may be only one service{}
block.
**service {} variables**
name
The server name to grant special privileges. This may not contain
wildcards.
Hostname resolution (DNS)
~~~~~~~~~~~~~~~~~~~~~~~~~
Charybdis uses solely DNS for all hostname/address lookups (no
``/etc/hosts`` or anything else). The DNS servers are taken from
``/etc/resolv.conf``. If this file does not exist or no valid IP
addresses are listed in it, the local host (``127.0.0.1``) is used. (Note
that the latter part did not work in older versions of Charybdis.)
IPv4 as well as IPv6 DNS servers are supported, but it is not possible
to use both IPv4 and IPv6 in ``/etc/resolv.conf``.
For both security and performance reasons, it is recommended that a
caching nameserver such as BIND be run on the same machine as Charybdis
and that ``/etc/resolv.conf`` only list ``127.0.0.1``.

29
doc/oper-guide/index.rst Normal file
View file

@ -0,0 +1,29 @@
.. Charybdis operator guide documentation master file, created by
sphinx-quickstart on Sat Mar 25 10:41:29 2017.
You can adapt this file completely to your liking, but it should at least
contain the root `toctree` directive.
============================================
Operators guide for the charybdis IRC server
============================================
Contents:
.. toctree::
:maxdepth: 1
intro
umodes
cmodes
ucommands
commands
oprivs
config
Indices and tables
==================
* :ref:`genindex`
* :ref:`modindex`
* :ref:`search`

17
doc/oper-guide/intro.rst Normal file
View file

@ -0,0 +1,17 @@
Scope of this document
======================
This document describes the commands and functions available to
operators in the charybdis ircd, as used on
`AthemeNet <http://www.atheme.net>`__.
This document, and various ideas for features of charybdis, have been
taken from dancer-ircd/hyperion, the ircd used on freenode, mainly
written by Andrew Suffield and Jilles Tjoelker.
While this document may be of some interest to the users of charybdis
servers, it is intended as a reference for network staff.
Charybdis is based on ircd-ratbox 2.1.4, although much has changed.
`ircd-ratbox <http://www.ircd-ratbox.org>`__ is commonly used on efnet,
and some other networks.

281
doc/oper-guide/make.bat Normal file
View file

@ -0,0 +1,281 @@
@ECHO OFF
REM Command file for Sphinx documentation
if "%SPHINXBUILD%" == "" (
set SPHINXBUILD=sphinx-build
)
set BUILDDIR=_build
set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
set I18NSPHINXOPTS=%SPHINXOPTS% .
if NOT "%PAPER%" == "" (
set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%
)
if "%1" == "" goto help
if "%1" == "help" (
:help
echo.Please use `make ^<target^>` where ^<target^> is one of
echo. html to make standalone HTML files
echo. dirhtml to make HTML files named index.html in directories
echo. singlehtml to make a single large HTML file
echo. pickle to make pickle files
echo. json to make JSON files
echo. htmlhelp to make HTML files and a HTML help project
echo. qthelp to make HTML files and a qthelp project
echo. devhelp to make HTML files and a Devhelp project
echo. epub to make an epub
echo. epub3 to make an epub3
echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter
echo. text to make text files
echo. man to make manual pages
echo. texinfo to make Texinfo files
echo. gettext to make PO message catalogs
echo. changes to make an overview over all changed/added/deprecated items
echo. xml to make Docutils-native XML files
echo. pseudoxml to make pseudoxml-XML files for display purposes
echo. linkcheck to check all external links for integrity
echo. doctest to run all doctests embedded in the documentation if enabled
echo. coverage to run coverage check of the documentation if enabled
echo. dummy to check syntax errors of document sources
goto end
)
if "%1" == "clean" (
for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
del /q /s %BUILDDIR%\*
goto end
)
REM Check if sphinx-build is available and fallback to Python version if any
%SPHINXBUILD% 1>NUL 2>NUL
if errorlevel 9009 goto sphinx_python
goto sphinx_ok
:sphinx_python
set SPHINXBUILD=python -m sphinx.__init__
%SPHINXBUILD% 2> nul
if errorlevel 9009 (
echo.
echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
echo.installed, then set the SPHINXBUILD environment variable to point
echo.to the full path of the 'sphinx-build' executable. Alternatively you
echo.may add the Sphinx directory to PATH.
echo.
echo.If you don't have Sphinx installed, grab it from
echo.http://sphinx-doc.org/
exit /b 1
)
:sphinx_ok
if "%1" == "html" (
%SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/html.
goto end
)
if "%1" == "dirhtml" (
%SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
goto end
)
if "%1" == "singlehtml" (
%SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
goto end
)
if "%1" == "pickle" (
%SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can process the pickle files.
goto end
)
if "%1" == "json" (
%SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can process the JSON files.
goto end
)
if "%1" == "htmlhelp" (
%SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can run HTML Help Workshop with the ^
.hhp project file in %BUILDDIR%/htmlhelp.
goto end
)
if "%1" == "qthelp" (
%SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished; now you can run "qcollectiongenerator" with the ^
.qhcp project file in %BUILDDIR%/qthelp, like this:
echo.^> qcollectiongenerator %BUILDDIR%\qthelp\Charybdisoperatorguide.qhcp
echo.To view the help file:
echo.^> assistant -collectionFile %BUILDDIR%\qthelp\Charybdisoperatorguide.ghc
goto end
)
if "%1" == "devhelp" (
%SPHINXBUILD% -b devhelp %ALLSPHINXOPTS% %BUILDDIR%/devhelp
if errorlevel 1 exit /b 1
echo.
echo.Build finished.
goto end
)
if "%1" == "epub" (
%SPHINXBUILD% -b epub %ALLSPHINXOPTS% %BUILDDIR%/epub
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The epub file is in %BUILDDIR%/epub.
goto end
)
if "%1" == "epub3" (
%SPHINXBUILD% -b epub3 %ALLSPHINXOPTS% %BUILDDIR%/epub3
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The epub3 file is in %BUILDDIR%/epub3.
goto end
)
if "%1" == "latex" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
if errorlevel 1 exit /b 1
echo.
echo.Build finished; the LaTeX files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "latexpdf" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
cd %BUILDDIR%/latex
make all-pdf
cd %~dp0
echo.
echo.Build finished; the PDF files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "latexpdfja" (
%SPHINXBUILD% -b latex %ALLSPHINXOPTS% %BUILDDIR%/latex
cd %BUILDDIR%/latex
make all-pdf-ja
cd %~dp0
echo.
echo.Build finished; the PDF files are in %BUILDDIR%/latex.
goto end
)
if "%1" == "text" (
%SPHINXBUILD% -b text %ALLSPHINXOPTS% %BUILDDIR%/text
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The text files are in %BUILDDIR%/text.
goto end
)
if "%1" == "man" (
%SPHINXBUILD% -b man %ALLSPHINXOPTS% %BUILDDIR%/man
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The manual pages are in %BUILDDIR%/man.
goto end
)
if "%1" == "texinfo" (
%SPHINXBUILD% -b texinfo %ALLSPHINXOPTS% %BUILDDIR%/texinfo
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The Texinfo files are in %BUILDDIR%/texinfo.
goto end
)
if "%1" == "gettext" (
%SPHINXBUILD% -b gettext %I18NSPHINXOPTS% %BUILDDIR%/locale
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The message catalogs are in %BUILDDIR%/locale.
goto end
)
if "%1" == "changes" (
%SPHINXBUILD% -b changes %ALLSPHINXOPTS% %BUILDDIR%/changes
if errorlevel 1 exit /b 1
echo.
echo.The overview file is in %BUILDDIR%/changes.
goto end
)
if "%1" == "linkcheck" (
%SPHINXBUILD% -b linkcheck %ALLSPHINXOPTS% %BUILDDIR%/linkcheck
if errorlevel 1 exit /b 1
echo.
echo.Link check complete; look for any errors in the above output ^
or in %BUILDDIR%/linkcheck/output.txt.
goto end
)
if "%1" == "doctest" (
%SPHINXBUILD% -b doctest %ALLSPHINXOPTS% %BUILDDIR%/doctest
if errorlevel 1 exit /b 1
echo.
echo.Testing of doctests in the sources finished, look at the ^
results in %BUILDDIR%/doctest/output.txt.
goto end
)
if "%1" == "coverage" (
%SPHINXBUILD% -b coverage %ALLSPHINXOPTS% %BUILDDIR%/coverage
if errorlevel 1 exit /b 1
echo.
echo.Testing of coverage in the sources finished, look at the ^
results in %BUILDDIR%/coverage/python.txt.
goto end
)
if "%1" == "xml" (
%SPHINXBUILD% -b xml %ALLSPHINXOPTS% %BUILDDIR%/xml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The XML files are in %BUILDDIR%/xml.
goto end
)
if "%1" == "pseudoxml" (
%SPHINXBUILD% -b pseudoxml %ALLSPHINXOPTS% %BUILDDIR%/pseudoxml
if errorlevel 1 exit /b 1
echo.
echo.Build finished. The pseudo-XML files are in %BUILDDIR%/pseudoxml.
goto end
)
if "%1" == "dummy" (
%SPHINXBUILD% -b dummy %ALLSPHINXOPTS% %BUILDDIR%/dummy
if errorlevel 1 exit /b 1
echo.
echo.Build finished. Dummy builder generates no files.
goto end
)
:end

124
doc/oper-guide/oprivs.rst Normal file
View file

@ -0,0 +1,124 @@
Oper privileges
===============
These are specified in privset{}.
oper:admin, server administrator
--------------------------------
Various privileges intended for server administrators. Among other
things, this automatically sets umode +a and allows loading modules.
oper:die, die and restart
-------------------------
This grants permission to use ``DIE`` and ``RESTART``, shutting down or
restarting the server.
oper:global\_kill, global kill
------------------------------
Allows using ``KILL`` on users on any server.
oper:hidden, hide from /stats p
-------------------------------
This privilege currently does nothing, but was designed to hide bots
from /stats p so users will not message them for help.
oper:hidden\_admin, hidden administrator
----------------------------------------
This grants everything granted to the oper:admin privilege, except the
ability to set umode +a. If both oper:admin and oper:hidden\_admin are
possessed, umode +a can still not be used.
oper:kline, kline and dline
---------------------------
Allows using ``KLINE`` and ``DLINE``, to ban users by user@host mask or IP
address.
oper:local\_kill, kill local users
----------------------------------
This grants permission to use ``KILL`` on users on the same server,
disconnecting them from the network.
oper:mass\_notice, global notices and wallops
---------------------------------------------
Allows using server name ($$mask) and hostname ($#mask) masks in ``NOTICE``
and ``PRIVMSG`` to send a message to all matching users, and allows using
the ``WALLOPS`` command to send a message to all users with umode +w set.
oper:operwall, send/receive operwall
------------------------------------
Allows using the ``OPERWALL`` command and umode +z to send and receive
operwalls.
oper:rehash, rehash
-------------------
Allows using the ``REHASH`` command, to rehash various configuration files
or clear certain lists.
oper:remoteban, set remote bans
-------------------------------
This grants the ability to use the ON argument on ``DLINE``/``KLINE``/``XLINE``/``RESV``
and ``UNDLINE``/``UNKLINE``/``UNXLINE``/``UNRESV`` to set and unset bans on other
servers, and the server argument on ``REHASH``. This is only allowed if the
oper may perform the action locally, and if the remote server has a
shared{} block.
.. note:: If a cluster{} block is present, bans are sent remotely even
if the oper does not have oper:remoteban privilege.
oper:resv, channel control
--------------------------
This allows using /resv, /unresv and changing the channel modes +L and
+P.
oper:routing, remote routing
----------------------------
This allows using the third argument of the ``CONNECT`` command, to instruct
another server to connect somewhere, and using ``SQUIT`` with an argument
that is not locally connected. (In both cases all opers with +w set will
be notified.)
oper:spy, use operspy
---------------------
This allows using ``/mode !#channel``, ``/whois !nick``, ``/who !#channel``,
``/chantrace !#channel``, ``/topic !#channel``, ``/who !mask``, ``/masktrace
!user@host :gecos`` and ``/scan umodes +modes-modes global list`` to see
through secret channels, invisible users, etc.
All operspy usage is broadcasted to opers with snomask ``+Z`` set (on the
entire network) and optionally logged. If you grant this to anyone, it
is a good idea to establish concrete policies describing what it is to
be used for, and what not.
If ``operspy_dont_care_user_info`` is enabled, ``/who mask`` is operspy
also, and ``/who !mask``, ``/who mask``, ``/masktrace !user@host :gecos`` and ``/scan
umodes +modes-modes global list`` do not generate ``+Z`` notices or logs.
oper:unkline, unkline and undline
---------------------------------
Allows using ``UNKLINE`` and ``UNDLINE``.
oper:xline, xline and unxline
-----------------------------
Allows using ``XLINE`` and ``UNXLINE``, to ban/unban users by realname.
snomask:nick\_changes, see nick changes
---------------------------------------
Allows using snomask ``+n`` to see local client nick changes. This is
designed for monitor bots.

View file

@ -0,0 +1,183 @@
User Commands
=============
Standard IRC commands are not listed here. Several of the commands in
the operator commands chapter can also be used by normal users.
ACCEPT
------
::
ACCEPT nick, -nick, ...
Adds or removes users from your accept list for umode +g and +R. Users
are automatically removed when they quit, split or change nick.
::
ACCEPT *
Lists all users on your accept list.
Support of this command is indicated by the ``CALLERID`` token in
``RPL_ISUPPORT`` (005); the optional parameter indicates the letter of the
“only allow accept users to send private messages” umode, otherwise +g.
In charybdis this is always +g.
CNOTICE
-------
::
CNOTICE nick channel :text
Providing you are opped (+o) or voiced (+v) in channel, and nick is a
member of channel, ``CNOTICE`` generates a ``NOTICE`` towards nick.
``CNOTICE`` bypasses any anti-spam measures in place. If you get “Targets
changing too fast, message dropped”, you should probably use this
command, for example sending a notice to every user joining a certain
channel.
As of charybdis 3.1, ``NOTICE`` automatically behaves as ``CNOTICE`` if you are
in a channel fulfilling the conditions.
Support of this command is indicated by the ``CNOTICE`` token in
``RPL_ISUPPORT`` (005).
CPRIVMSG
--------
::
CPRIVMSG nick channel :text
Providing you are opped (+o) or voiced (+v) in channel, and nick is a
member of channel, ``CPRIVMSG`` generates a ``PRIVMSG`` towards nick.
``CPRIVMSG`` bypasses any anti-spam measures in place. If you get “Targets
changing too fast, message dropped”, you should probably use this
command.
As of charybdis 3.1, ``PRIVMSG`` automatically behaves as ``CPRIVMSG`` if you
are in a channel fulfilling the conditions.
Support of this command is indicated by the ``CPRIVMSG`` token in
``RPL_ISUPPORT`` (005).
FINDFORWARDS
------------
::
FINDFORWARDS channel
.. note:: This command is only available if the ``m_findforwards.so``
extension is loaded.
Displays which channels forward to the given channel (via cmode +f). If
there are very many channels the list will be truncated.
You must be a channel operator on the channel or an IRC operator to use
this command.
HELP
----
::
HELP [topic]
Displays help information. topic can be ``INDEX``, ``CREDITS``, ``UMODE``, ``CMODE``,
``SNOMASK`` or a command name.
There are separate help files for users and opers. Opers can use ``UHELP``
to query the user help files.
IDENTIFY
--------
::
IDENTIFY parameters...
.. note:: This command is only available if the ``m_identify.so``
extension is loaded.
Sends an identify command to either NickServ or ChanServ. If the first
parameter starts with #, the command is sent to ChanServ, otherwise to
NickServ. The word ``IDENTIFY``, a space and all parameters are concatenated
and sent as a ``PRIVMSG`` to the service. If the service is not online or
does not have umode +S set, no message will be sent.
The exact syntax for this command depends on the services package in
use.
KNOCK
-----
::
KNOCK channel
Requests an invite to the given channel. The channel must be locked
somehow (+ikl), must not be +p and you may not be banned or quieted.
Also, this command is rate limited.
If successful, all channel operators will receive a 710 numeric. The
recipient field of this numeric is the channel.
Support of this command is indicated by the ``KNOCK`` token in ``RPL_ISUPPORT``
(005).
MONITOR
-------
Server side notify list. This list contains nicks. When a user connects,
quits with a listed nick or changes to or from a listed nick, you will
receive a 730 numeric if the nick went online and a 731 numeric if the
nick went offline.
Support of this command is indicated by the ``MONITOR`` token in
``RPL_ISUPPORT`` (005); the parameter indicates the maximum number of
nicknames you may have in your monitor list.
You may only use this command once per second.
More details can be found in ``doc/monitor.txt`` in the source
distribution.
::
MONITOR + nick, ...
Adds nicks to your monitor list. You will receive 730 and 731 numerics
for the nicks.
::
MONITOR - nick, ...
Removes nicks from your monitor list. No output is generated for this
command.
::
MONITOR C
Clears your monitor list. No output is generated for this command.
::
MONITOR L
Lists all nicks on your monitor list, using 732 numerics and ending with
a 733 numeric.
::
MONITOR S
Shows status for all nicks on your monitor list, using 730 and 731
numerics.

276
doc/oper-guide/umodes.rst Normal file
View file

@ -0,0 +1,276 @@
User modes
==========
``+a``, server administrator
----------------------------
This vanity usermode is used to denote a server administrator in WHOIS
output. All local “admin” privileges are independent of it, though
services packages may grant extra privileges to ``+a`` users.
``+D``, deaf
------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Users with the ``+D`` umode set will not receive messages sent to channels.
Joins, parts, topic changes, mode changes, etc are received as normal,
as are private messages.
Support of this umode is indicated by the ``DEAF`` token in ``RPL_ISUPPORT``
(005); the parameter indicates the letter of the umode. Note that
several common IRCD implementations have an umode like this (typically
``+d``) but do not have the token in 005.
``+g``, Caller ID
-----------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Users with the ``+g`` umode set will only receive private messages
from users on a session-defined whitelist, defined by the ``/accept``
command. If a user who is not on the whitelist attempts to send a
private message, the target user will receive a rate-limited notice
saying that the user wishes to speak to them.
Network operators are not affected by the callerid whitelist system in
the event that they need to speak to users who have it enabled.
Support of this umode is indicated by the ``CALLERID`` token in
``RPL_ISUPPORT`` (005); the optional parameter indicates the letter of
the umode, otherwise ``+g``.
``+i``, invisible
-----------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Invisible users do not show up in ``WHO`` and ``NAMES`` unless you can see them.
``+l``, receive locops
----------------------
``LOCOPS`` is a version of ``OPERWALL`` that is sent to opers on a single server
only. With cluster{} and shared{} blocks they can optionally be
propagated further.
Unlike ``OPERWALL``, any oper can send and receive ``LOCOPS``.
``+o``, operator
----------------
This indicates global operator status.
``+Q``, disable forwarding
--------------------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
This umode prevents you from being affected by channel forwarding. If
enabled on a channel, channel forwarding sends you to another channel if
you could not join. See channel mode ``+f`` for more information.
``+R``, reject messages from unauthenticated users
--------------------------------------------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
If a user has the ``+R`` umode set, then any users who are not authenticated
will receive an error message if they attempt to send a private message
or notice to the ``+R`` user.
Opers and accepted users (like in ``+g``) are exempt. Unlike ``+g``, the target
user is not notified of failed messages.
``+s``, receive server notices
------------------------------
This umode allows an oper to receive server notices. The requested types
of server notices are specified as a parameter (“snomask”) to this
umode.
``+S``, network service
-----------------------
.. note:: This umode can only be set by servers named in a service{}
block.
This umode grants various features useful for services. For example,
clients with this umode cannot be kicked or deopped on channels, can
send to any channel, do not show channels in ``WHOIS``, can be the target of
services aliases and do not appear in ``/stats p``. No server notices are
sent for hostname changes by services clients; server notices about
kills are sent to snomask ``+k`` instead of ``+s``.
The exact effects of this umode are variable; no user or oper on an
actual charybdis server can set it.
``+w``, receive wallops
-----------------------
.. note:: This is a user umode, which anybody can set. It is not
specific to operators.
Users with the ``+w`` umode set will receive ``WALLOPS`` messages sent by opers.
Opers with ``+w`` additionally receive ``WALLOPS`` sent by servers (e.g. remote
``CONNECT``, remote ``SQUIT``, various severe misconfigurations, many services
packages).
``+z``, receive operwall
------------------------
``OPERWALL`` differs from ``WALLOPS`` in that the ability to receive such
messages is restricted. Opers with ``+z`` set will receive ``OPERWALL``
messages.
``+Z``, SSL user
----------------
This umode is set on clients connected via SSL/TLS. It cannot be set or
unset after initial connection.
Snomask usage
=============
Usage is as follows::
MODE nick +s +/-flags
To set snomasks.
::
MODE nick -s
To clear all snomasks.
Umode ``+s`` will be set if at least one snomask is set.
Umode ``+s`` is oper only by default, but even if you allow nonopers to set
it, they will not get any server notices.
Meanings of server notice masks
===============================
``+b``, bot warnings
--------------------
Opers with the ``+b`` snomask set will receive warning messages from the
server when potential flooders and spambots are detected.
``+c``, client connections
--------------------------
Opers who have the ``+c`` snomask set will receive server notices when
clients attach to the local server.
``+C``, extended client connection notices
------------------------------------------
Opers who have the ``+C`` snomask set will receive server notices when
clients attach to the local server. Unlike the ``+c`` snomask, the
information is displayed in a format intended to be parsed by scripts,
and includes the two unused fields of the ``USER`` command.
``+d``, debug
-------------
The ``+d`` snomask provides opers extra information which may be of interest
to debuggers. It will also cause the user to receive server notices if
certain assertions fail inside the server. Its precise meaning is
variable. Do not depend on the effects of this snomask as they can and
will change without notice in later revisions.
``+f``, full warning
--------------------
Opers with the ``+f`` snomask set will receive notices when a user
connection is denied because a connection limit is exceeded (one of the
limits in a class{} block, or the total per-server limit settable with
``/quote set max``).
``+F``, far client connection notices
-------------------------------------
.. note:: This snomask is only available if the ``sno_farconnect.so``
extension is loaded.
Opers with ``+F`` receive server notices when clients connect or disconnect
on other servers. The notices have the same format as those from the ``+c``
snomask, except that the class is ? and the source server of the notice
is the server the user is/was on.
No notices are generated for netsplits and netjoins. Hence, these
notices cannot be used to keep track of all clients on the network.
There is no far equivalent of the ``+C`` snomask.
``+k``, server kill notices
---------------------------
Opers with the ``+k`` snomask set will receive server notices when services
kill users and when other servers kill and save (forced nick change to
UID) users. Kills and saves by this server are on ``+d`` or ``+s``.
``+n``, nick change notices
---------------------------
An oper with ``+n`` set will receive a server notice every time a local user
changes their nick, giving the old and new nicks. This is mostly useful
for bots that track all users on a single server.
``+r``, notices on name rejections
----------------------------------
Opers with this snomask set will receive a server notice when somebody
tries to use an invalid username, or if a dumb HTTP proxy tries to
connect.
``+s``, generic server notices
------------------------------
This snomask allows an oper to receive generic server notices. This
includes kills from opers (except services).
``+u``, unauthorized connections
--------------------------------
This snomask allows an oper to see when users try to connect who do not
have an available auth{} block.
``+W``, whois notifications
---------------------------
.. note:: This snomask is only available if the ``sno_whois.so``
extension is loaded.
Opers with ``+W`` receive notices when a ``WHOIS`` is executed on them on their
server (showing idle time).
``+x``, extra routing notices
-----------------------------
Opers who have the ``+x`` snomask set will get notices about servers
connecting and disconnecting on the whole network. This includes all
servers connected behind the affected link. This can get rather noisy
but is useful for keeping track of all linked servers.
``+y``, spy
-----------
Opers with ``+y`` receive notices when users try to join ``RESV``'ed (“juped”)
channels. Additionally, if certain extension modules are loaded, they
will receive notices when special commands are used.
``+Z``, operspy notices
-----------------------
Opers with ``+Z`` receive notices whenever an oper anywhere on the network
uses operspy.
This snomask can be configured to be only effective for admins.

View file

@ -61,6 +61,7 @@
* Realname (gecos) bans (+b $r:mask) -- extb_realname.so
* Server bans (+b $s:mask) -- extb_server.so
* SSL bans (+b $z) -- extb_ssl.so
* User mode bans (+b $u:modes) -- extb_usermode.so
* HURT system -- hurt.so
* New host mangling (umode +x) -- ip_cloaking_4.0.so
* Old host mangling (umode +h) -- ip_cloaking.so
@ -91,6 +92,7 @@
#loadmodule "extensions/extb_realname.so";
#loadmodule "extensions/extb_server.so";
#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/extb_usermode.so";
#loadmodule "extensions/hurt.so";
#loadmodule "extensions/ip_cloaking_4.0.so";
#loadmodule "extensions/ip_cloaking.so";
@ -140,7 +142,7 @@ serverinfo {
/* vhost6: the IP to bind to when we connect outward to ipv6 servers.
* This should be an ipv6 IP only.
*/
#vhost6 = "2001:db7:2::6";
#vhost6 = "2001:db8:2::6";
/* ssl_private_key: our ssl private key */
ssl_private_key = "etc/ssl.key";
@ -528,9 +530,9 @@ connect "irc.uplink.com" {
send_password = "password";
accept_password = "anotherpassword";
/* fingerprint: if specified, the server's client certificate
* fingerprint will be checked against the specified fingerprint
* below.
/* fingerprint: if flags = ssl is specified, the server's
* certificate fingerprint will be checked against the fingerprint
* specified below. required if using flags = ssl.
*/
#fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
@ -925,6 +927,14 @@ alias "MS" {
target = "MemoServ";
};
/*
fakechannel "#honeypot" {
topic = "Come in";
users_min = 50;
users_max = 300;
};
*/
/* The general block contains many of the options that were once compiled
* in options in config.h. The general block is read at start time.
*/
@ -1179,6 +1189,9 @@ general {
*/
pace_wait = 10 seconds;
/* listfake_wait: time until real list command can be used */
listfake_wait = 180 seconds;
/* short motd: send clients a notice telling them to read the motd
* instead of forcing a motd to clients who may simply ignore it.
*/
@ -1314,10 +1327,27 @@ general {
away_interval = 30;
/* certfp_method: the method that should be used for computing certificate fingerprints.
* Acceptable options are sha1, sha256 and sha512. Networks running versions of charybdis
* prior to charybdis 3.5 MUST use sha1 for certfp_method.
* Acceptable options are sha1, sha256, spki_sha256, sha512 and spki_sha512. Networks
* running versions of charybdis prior to charybdis 3.5 MUST use sha1 for certfp_method.
*
* The spki_* variants operate on the SubjectPublicKeyInfo of the certificate, which does
* not change unless the private key is changed. This allows the fingerprint to stay
* constant even if the certificate is reissued. These fingerprints will be prefixed with
* "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. These fingerprints
* are not supported on servers running charybdis 3.5.3 or earlier.
*
* To generate a fingerprint from a certificate file, run the following:
* $ openssl x509 -outform DER -in your.crt | sha1sum (or sha256sum, or sha512sum)
*
* To generate a SPKI SHA-256 fingerprint, run the following:
* $ openssl x509 -pubkey -noout -in your.crt | openssl pkey -pubin -outform DER | \
* sha256sum | sed -r -e 's/^/SPKI:SHA2-256:/'
*
* To generate a SPKI SHA-512 fingerprint, run the following:
* $ openssl x509 -pubkey -noout -in your.crt | openssl pkey -pubin -outform DER | \
* sha512sum | sed -r -e 's/^/SPKI:SHA2-512:/'
*/
certfp_method = sha1;
certfp_method = sha256;
};
modules {
@ -1330,3 +1360,17 @@ modules {
/* module: the name of a module to load on startup/rehash */
#module = "some_module.so";
};
/*
vhost "selfsigned.hades.arpa" {
ssl_private_key = "etc/selfssl.key";
ssl_cert = "etc/selfssl.pem";
};
vhost "oldca.hades.arpa" {
ssl_private_key = "etc/oldssl.key";
ssl_cert = "etc/oldssl2.pem";
ssl_dh_params = "etc/olddh.pem";
ssl_cipher_list = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL";
};
*/

View file

@ -1,60 +0,0 @@
<!DOCTYPE Book PUBLIC "-//OASIS//DTD DocBook V4.2//EN" [
<!ENTITY intro SYSTEM "intro.sgml">
<!ENTITY oprivs SYSTEM "oprivs.sgml">
<!ENTITY umodes SYSTEM "umodes.sgml">
<!ENTITY cmodes SYSTEM "cmodes.sgml">
<!ENTITY ucommands SYSTEM "ucommands.sgml">
<!ENTITY commands SYSTEM "commands.sgml">
<!ENTITY config SYSTEM "config.sgml">
]>
<book id="charybdis-oper-guide">
<bookinfo>
<date>2009</date>
<title>Operators guide for the charybdis IRC server</title>
<author>
<firstname>William</firstname>
<surname>Pitcock</surname>
</author>
<author>
<firstname>Jilles</firstname>
<surname>Tjoelker</surname>
</author>
<copyright>
<year>2005-2009</year>
<holder>William Pitcock and Jilles Tjoelker</holder>
</copyright>
<legalnotice>
<para>
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU
General Public License, Version 2 or any later version published by the Free Software Foundation
</para>
</legalnotice>
</bookinfo>
<toc>
</toc>
&intro;
&umodes;
&cmodes;
&ucommands;
&commands;
&oprivs;
&config;
</book>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-exposed-tags:nil
sgml-local-catalogs:("/usr/lib/sgml/catalog")
sgml-local-ecat-files:nil
fill-column: 105
End:
-->

View file

@ -1,324 +0,0 @@
<chapter id="cmodes">
<title>Cmodes</title>
<sect1>
<title>Meanings of channel modes</title>
<sect2>
<title>+b, channel ban</title>
<para>
Bans take one parameter which can take several forms.
The most common form is +b nick!user@host.
The wildcards * and ? are allowed, matching zero-or-more, and
exactly-one characters respectively. The masks will be trimmed to fit the maximum allowable
length for the relevant element.
Bans are also checked against the IP address, even if it resolved or
is spoofed.
CIDR is supported, like *!*@10.0.0.0/8. This is most useful with
IPv6.
Bans are not checked against the real hostname behind any kind
of spoof, except if host mangling is in use (e.g.
<filename>extensions/ip_cloaking.so</filename>):
if the user's host is mangled, their real hostname is checked
additionally, and if a user has no spoof but could enable mangling,
the mangled form of their hostname is checked additionally.
Hence, it is not possible to evade bans by toggling
host mangling.
</para>
<para>
The second form (extban) is +b $type or +b $type:data.
type is a single character (case insensitive) indicating the
type of match, optionally preceded by a tilde (~) to negate the
comparison. data depends on type. Each type is loaded as a module.
The available types (if any)
are listed in the EXTBAN token of the 005 (RPL_ISUPPORT) numeric.
See <filename>doc/extban.txt</filename> in the source distribution
for more information.
</para>
<para>
If no parameter is given, the list of bans is returned. All users
can use this form. The plus sign should also be omitted.
</para>
<para>
Matching users will not be allowed to join the channel or knock
on it. If they are already on the channel, they may not send to
it or change their nick.
</para>
</sect2>
<sect2>
<title>+c, colour filter</title>
<para>
This cmode activates the colour filter for the channel. This filters out bold, underline,
reverse video, beeps, mIRC colour codes, and ANSI escapes. Note that escape sequences will
usually leave cruft sent to the channel, just without the escape characters themselves.
</para>
</sect2>
<sect2>
<title>+e, ban exemption</title>
<para>
This mode takes one parameter of the same form as bans, which
overrides +b and +q bans for all clients it matches.
</para>
<para>
This can be useful if it is necessary to ban an entire ISP
due to persistent abuse, but some users from that ISP should
still be allowed in. For example:
/mode #channel +be *!*@*.example.com *!*someuser@host3.example.com
</para>
<para>
Only channel operators can see +e changes or request the list.
</para>
</sect2>
<sect2>
<title>+f, channel forwarding</title>
<para>
This mode takes one parameter, the name of a channel (+f #channel). If the channel also has the
+i cmode set, and somebody attempts to join without either being expliticly invited, or having
an invex (+I), then they will instead join the channel named in the mode parameter. The client
will also be sent a 470 numeric giving the original and target channels.
</para>
<para>
Users are similarly forwarded if the +j cmode is set and their attempt to join is throttled,
if +l is set and there are already too many users in the channel
or if +r is set and they are not identified.
</para>
<para>
Forwards may only be set to +F channels, or to channels the setter
has ops in.
</para>
<para>
Without parameter (/mode #channel f or /mode #channel +f) the
forward channel is returned. This form also works off channel.
</para>
</sect2>
<sect2>
<title>+F, allow anybody to forward to this</title>
<para>
When this mode is set, anybody may set a forward from a channel
they have ops in to this channel. Otherwise they have to have ops
in this channel.
</para>
</sect2>
<sect2>
<title>+g, allow anybody to invite</title>
<para>
When this mode is set, anybody may use the INVITE command on the channel in question. When it
is unset, only channel operators may use the INVITE command.
</para>
<para>
When this mode is set together with +i, +j, +l or +r, all channel members can influence who can join.
</para>
</sect2>
<sect2>
<title>+i, invite only</title>
<para>
When this cmode is set, no client can join the channel unless they have an invex (+I) or are
invited with the INVITE command.
</para>
</sect2>
<sect2>
<title>+I, invite exception (invex)</title>
<para>
This mode takes one parameter of the same form as bans. Matching
clients do not need to be invited to join the channel when it is invite-only (+i).
Unlike the INVITE command, this does not override +j, +l and +r.
</para>
<para>
Only channel operators can see +I changes or request the list.
</para>
</sect2>
<sect2>
<title>+j, join throttling</title>
<para>
This mode takes one parameter of the form <replaceable>n</replaceable>:<replaceable>t</replaceable>, where <replaceable>n</replaceable> and <replaceable>t</replaceable> are positive integers. Only <replaceable>n</replaceable> users may join in each period of <replaceable>t</replaceable> seconds.
</para>
<para>
Invited users can join regardless of +j, but are counted as normal.
</para>
<para>
Due to propagation delays between servers, more users may be
able to join (by racing for the last slot on each server).
</para>
</sect2>
<sect2>
<title>+k, key (channel password)</title>
<para>
Taking one parameter, when set, this mode requires a user to supply the key in order to join
the channel: /JOIN #channel key.
</para>
</sect2>
<sect2>
<title>+l, channel member limit</title>
<para>
Takes one numeric parameter, the number of users which are allowed to be in the channel before
further joins are blocked.
Invited users may join regardless.
</para>
<para>
Due to propagation delays between servers, more users may be
able to join (by racing for the last slot on each server).
</para>
</sect2>
<sect2>
<title>+L, large ban list</title>
<para>
Channels with this mode will be allowed larger banlists (by default,
500 instead of 50 entries for +b, +q, +e and +I together).
Only network operators with resv privilege may set this mode.
</para>
</sect2>
<sect2>
<title>+m, moderated</title>
<para>
When a channel is set +m, only users with +o or +v on the channel can send to it.
</para>
<para>
Users can still knock on the channel or change their nick.
</para>
</sect2>
<sect2>
<title>+n, no external messages</title>
<para>
When set, this mode prevents users from sending to the channel without being in it themselves.
This is recommended.
</para>
</sect2>
<sect2>
<title>+o, channel operator</title>
<para>
This mode takes one parameter, a nick, and grants or removes channel
operator privilege to that user. Channel operators have full control
over the channel, having the ability to set all channel modes except
+L and +P, and kick users.
Like voiced users, channel operators can always
send to the channel, overriding +b, +m and +q modes and the
per-channel flood limit.
In most clients channel operators are marked with an '@' sign.
</para>
<para>
The privilege is lost if the user leaves the channel or server
in any way.
</para>
<para>
Most networks will run channel registration services (e.g. ChanServ)
which ensure the founder (and users designated by the founder) can
always gain channel operator privileges and provide some features
to manage the channel.
</para>
</sect2>
<sect2>
<title>+p, paranoid channel</title>
<para>
When set, the KNOCK command cannot be used on the channel
to request an invite, and users will not be shown the
channel in WHOIS replies unless they are on it.
Unlike in traditional IRC, +p and +s can be set together.
</para>
</sect2>
<sect2>
<title>+P, permanent channel</title>
<para>
Channels with this mode (which is accessible only to network operators with resv privilege) set will not be destroyed
when the last user leaves.
</para>
<para>
This makes it less likely modes, bans and the topic will be lost and
makes it harder to abuse network splits, but also causes more
unwanted restoring of old modes, bans and topics after long splits.
</para>
</sect2>
<sect2>
<title>+q, quiet</title>
<para>
This mode behaves exactly like +b (ban), except that the user may still join
the channel. The net effect is that they cannot knock on the channel,
send to the channel or change their nick while on channel.
</para>
</sect2>
<sect2>
<title>+Q, block forwarded users</title>
<para>
Channels with this mode set are not valid targets for forwarding. Any attempt to forward to
this channel will be ignored, and the user will be handled as if the attempt was never made (by
sending them the relevant error message).
</para>
<para>
This does not affect the ability to set +f.
</para>
</sect2>
<sect2>
<title>+r, block unidentified</title>
<para>
When set, this mode prevents unidentified users from joining.
Invited users can still join.
</para>
</sect2>
<!-- not planned (jilles)
<sect2>
<title>+R, quiet unidentified</title>
<para>
When set, this mode prevents unidentified users from sending to the channel, although they can
still join.
</para>
<para>
Please note that this mode is not implemented in Charybdis 1.0.x, and is documented in
expectation for upcoming Charybdis 1.1.
</para>
</sect2>
-->
<sect2>
<title>+s, secret channel</title>
<para>
When set, this mode prevents the channel from appearing in the
output of the LIST, WHO and WHOIS command by users who are not on
it. Also, the server will refuse to answer WHO, NAMES, TOPIC and
LIST queries from users not on the channel.
</para>
</sect2>
<sect2>
<title>+t, topic limit</title>
<para>
When set, this mode prevents users who are not channel operators
from changing the topic.
</para>
</sect2>
<sect2>
<title>+v, voice</title>
<para>
This mode takes one parameter, a nick, and grants or removes voice
privilege to that user. Voiced users can always send to the channel,
overriding +b, +m and +q modes and the per-channel flood limit.
In most clients voiced users are marked with a plus sign.
</para>
<para>
The privilege is lost if the user leaves the channel or server
in any way.
</para>
</sect2>
<sect2>
<title>+z, reduced moderation</title>
<para>
When +z is set, the effects of +m, +b and +q are relaxed. For each message, if that message
would normally be blocked by one of these modes, it is instead sent to all channel operators. This is intended for use in moderated debates.
</para>
<para>
Note that +n is unaffected by this. To silence a given user completely,
remove them from the channel.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column:105
End:
-->

File diff suppressed because it is too large Load diff

File diff suppressed because it is too large Load diff

View file

@ -1,41 +0,0 @@
<chapter id="intro">
<title>Introduction</title>
<sect1>
<title>Scope of this document</title>
<para>
This document describes the commands and functions available to operators in
the charybdis ircd, as used on <ulink url="http://www.atheme.net">AthemeNet</ulink>.
</para>
<para>
This document, and various ideas for features of charybdis, have
been taken from dancer-ircd/hyperion, the ircd used on freenode,
mainly written by Andrew Suffield and Jilles Tjoelker.
</para>
<para>
While this document may be of some interest to the users of charybdis servers,
it is intended as a reference for network staff.
</para>
<para>
Charybdis is based on ircd-ratbox 2.1.4, although much has changed.
<ulink url="http://www.ircd-ratbox.org">ircd-ratbox</ulink> is commonly used
on efnet, and some other networks.
</para>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column:105
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
End:
-->

View file

@ -1,171 +0,0 @@
<chapter id="oprivs">
<title>Oper privileges</title>
<sect1 id="oprivlist">
<title>Meanings of oper privileges</title>
<para>
These are specified in privset{}.
</para>
<sect2>
<title>oper:admin, server administrator</title>
<para>
Various privileges intended for server administrators.
Among other things, this automatically sets umode +a and allows
loading modules.
</para>
</sect2>
<sect2>
<title>oper:die, die and restart</title>
<para>
This grants permission to use DIE and RESTART, shutting down
or restarting the server.
</para>
</sect2>
<sect2>
<title>oper:global_kill, global kill</title>
<para>
Allows using KILL on users on any server.
</para>
</sect2>
<sect2>
<title>oper:hidden, hide from /stats p</title>
<para>
This privilege currently does nothing, but was designed
to hide bots from /stats p so users will not message them
for help.
</para>
</sect2>
<sect2>
<title>oper:hidden_admin, hidden administrator</title>
<para>
This grants everything granted to the oper:admin privilege,
except the ability to set umode +a. If both oper:admin and oper:hidden_admin
are possessed, umode +a can still not be used.
</para>
</sect2>
<sect2>
<title>oper:kline, kline and dline</title>
<para>
Allows using KLINE and DLINE, to ban users by user@host mask
or IP address.
</para>
</sect2>
<sect2>
<title>oper:local_kill, kill local users</title>
<para>
This grants permission to use KILL on users on the same server,
disconnecting them from the network.
</para>
</sect2>
<sect2>
<title>oper:mass_notice, global notices and wallops</title>
<para>
Allows using server name ($$mask) and hostname ($#mask) masks in
NOTICE and PRIVMSG to send a message to all matching users, and
allows using the WALLOPS command to send a message to all users
with umode +w set.
</para>
</sect2>
<sect2>
<title>oper:operwall, send/receive operwall</title>
<para>
Allows using the OPERWALL command and umode +z to send and
receive operwalls.
</para>
</sect2>
<sect2>
<title>oper:rehash, rehash</title>
<para>
Allows using the REHASH command, to rehash various configuration
files or clear certain lists.
</para>
</sect2>
<sect2>
<title>oper:remoteban, set remote bans</title>
<para>
This grants the ability to use the ON argument on
DLINE/KLINE/XLINE/RESV and UNDLINE/UNKLINE/UNXLINE/UNRESV to set
and unset bans on other servers, and the server argument on REHASH.
This is only allowed if the oper may perform the action locally,
and if the remote server has a shared{} block.
</para>
<note><para>
If a cluster{} block is present, bans are sent remotely even
if the oper does not have oper:remoteban privilege.
</para></note>
</sect2>
<sect2>
<title>oper:resv, channel control</title>
<para>
This allows using /resv, /unresv and changing the channel
modes +L and +P.
</para>
</sect2>
<sect2>
<title>oper:routing, remote routing</title>
<para>
This allows using the third argument of the CONNECT command, to
instruct another server to connect somewhere, and using SQUIT
with an argument that is not locally connected.
(In both cases all opers with +w set will be notified.)
</para>
</sect2>
<sect2>
<title>oper:spy, use operspy</title>
<para>
This allows using /mode !#channel, /whois !nick, /who !#channel,
/chantrace !#channel, /topic !#channel, /who !mask,
/masktrace !user@host :gecos and /scan umodes +modes-modes global list
to see through secret channels, invisible users, etc.
</para>
<para>
All operspy usage is broadcasted to opers with snomask +Z set
(on the entire network) and optionally logged.
If you grant this to anyone, it is a good idea to establish
concrete policies describing what it is to be used for, and
what not.
</para>
<para>
If operspy_dont_care_user_info is enabled, /who mask is operspy
also, and /who !mask, /who mask, /masktrace !user@host :gecos
and /scan umodes +modes-modes global list do not generate +Z notices
or logs.
</para>
</sect2>
<sect2>
<title>oper:unkline, unkline and undline</title>
<para>
Allows using UNKLINE and UNDLINE.
</para>
</sect2>
<sect2>
<title>oper:xline, xline and unxline</title>
<para>
Allows using XLINE and UNXLINE, to ban/unban users by realname.
</para>
</sect2>
<sect2>
<title>snomask:nick_changes, see nick changes</title>
<para>
Allows using snomask +n to see local client nick changes.
This is designed for monitor bots.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column: 105
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
End:
-->

View file

@ -1,33 +0,0 @@
<!DOCTYPE style-sheet PUBLIC "-//James Clark//DTD DSSSL Style Sheet//EN" [
<!ENTITY docbook-html.dsl PUBLIC "-//Norman Walsh//DOCUMENT DocBook HTML Stylesheet//EN" CDATA DSSSL>
<!ENTITY docbook-print.dsl PUBLIC "-//Norman Walsh//DOCUMENT DocBook Print Stylesheet//EN" CDATA DSSSL>
]>
<style-sheet>
<style-specification id="print" use="print-stylesheet">
<style-specification-body>
(define %generate-book-titlepage% #t)
(define %generate-book-titlepage-on-separate-page% #t)
(define %generate-book-toc% #t)
(define %generate-book-toc-on-titlepage% #f)
</style-specification-body>
</style-specification>
<style-specification id="html" use="html-stylesheet">
<style-specification-body>
(define %header-navigation% #t)
(define %section-autolabel% #t)
(define %root-filename% "index")
(define %use-id-as-filename% #t)
(define %css-decoration% #t)
(define %example-rules% #t)
</style-specification-body>
</style-specification>
<external-specification id="print-stylesheet" document="docbook-print.dsl">
<external-specification id="html-stylesheet" document="docbook-html.dsl">
</style-sheet>

View file

@ -1,239 +0,0 @@
<chapter id="ucommands">
<title>User Commands</title>
<sect1>
<title>User commands</title>
<para>
Standard IRC commands are not listed here.
Several of the commands in the operator commands chapter
can also be used by normal users.
</para>
<sect2>
<title>ACCEPT</title>
<cmdsynopsis><command>ACCEPT</command>
<arg choice=plain><replaceable>nick</replaceable>,</arg>
<arg choice=plain>-<replaceable>nick</replaceable>,</arg>
<arg choice=plain><replaceable>...</replaceable></arg>
</cmdsynopsis>
<para>
Adds or removes users from your accept list for umode +g and +R.
Users are automatically removed when they quit, split or change
nick.
</para>
<cmdsynopsis><command>ACCEPT</command>
<arg choice=plain>*</arg>
</cmdsynopsis>
<para>
Lists all users on your accept list.
</para>
<para>
Support of this command is indicated by the CALLERID token in
RPL_ISUPPORT (005); the optional parameter indicates the letter
of the <quote>only allow accept users to send private messages</quote>
umode, otherwise +g. In charybdis this is always +g.
</para>
</sect2>
<sect2>
<title>CNOTICE</title>
<cmdsynopsis><command>CNOTICE</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain><replaceable>channel</replaceable></arg>
<arg choice=plain>:<replaceable>text</replaceable></arg>
</cmdsynopsis>
<para>
Providing you are opped (+o) or voiced (+v) in
<replaceable>channel</replaceable>, and <replaceable>nick</replaceable>
is a member of <replaceable>channel</replaceable>, CNOTICE generates a NOTICE towards
<replaceable>nick</replaceable>.
</para>
<para>
CNOTICE bypasses any anti-spam measures in place.
If you get <quote>Targets changing too fast, message dropped</quote>,
you should probably use this command, for example sending a
notice to every user joining a certain channel.
</para>
<para>
As of charybdis 3.1, NOTICE automatically behaves as CNOTICE
if you are in a channel fulfilling the conditions.
</para>
<para>
Support of this command is indicated by the CNOTICE token in
RPL_ISUPPORT (005).
</para>
</sect2>
<sect2>
<title>CPRIVMSG</title>
<cmdsynopsis><command>CPRIVMSG</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain><replaceable>channel</replaceable></arg>
<arg choice=plain>:<replaceable>text</replaceable></arg>
</cmdsynopsis>
<para>
Providing you are opped (+o) or voiced (+v) in
<replaceable>channel</replaceable>, and <replaceable>nick</replaceable>
is a member of <replaceable>channel</replaceable>, CPRIVMSG generates a PRIVMSG towards
<replaceable>nick</replaceable>.
</para>
<para>
CPRIVMSG bypasses any anti-spam measures in place.
If you get <quote>Targets changing too fast, message dropped</quote>,
you should probably use this command.
</para>
<para>
As of charybdis 3.1, PRIVMSG automatically behaves as CPRIVMSG
if you are in a channel fulfilling the conditions.
</para>
<para>
Support of this command is indicated by the CPRIVMSG token in
RPL_ISUPPORT (005).
</para>
</sect2>
<sect2>
<title>FINDFORWARDS</title>
<cmdsynopsis><command>FINDFORWARDS</command>
<arg choice=plain><replaceable>channel</replaceable></arg>
</cmdsynopsis>
<para>
<note>
<para>
This command is only available if the <filename>m_findforwards.so</filename> extension is loaded.
</para>
</note>
Displays which channels forward to the given channel (via cmode +f).
If there are very many channels the list will be truncated.
</para>
<para>
You must be a channel operator on the channel or an IRC operator
to use this command.
</para>
</sect2>
<sect2>
<title>HELP</title>
<cmdsynopsis><command>HELP</command>
<arg><replaceable>topic</replaceable></arg>
</cmdsynopsis>
<para>
Displays help information. <replaceable>topic</replaceable> can
be INDEX, CREDITS, UMODE, CMODE, SNOMASK or a command name.
</para>
<para>
There are separate help files for users and opers. Opers can use
UHELP to query the user help files.
</para>
</sect2>
<sect2>
<title>IDENTIFY</title>
<cmdsynopsis><command>IDENTIFY</command>
<arg choice=plain><replaceable>parameters...</replaceable></arg>
</cmdsynopsis>
<para>
<note>
<para>
This command is only available if the <filename>m_identify.so</filename> extension is loaded.
</para>
</note>
Sends an identify command to either NickServ or ChanServ.
If the first parameter starts with #, the command is sent to
ChanServ, otherwise to NickServ.
The word IDENTIFY, a space and all parameters are concatenated
and sent as a PRIVMSG to the service.
If the service is not online or does not have umode +S set,
no message will be sent.
</para>
<para>
The exact syntax for this command depends on the services package
in use.
</para>
</sect2>
<sect2>
<title>KNOCK</title>
<cmdsynopsis><command>KNOCK</command>
<arg choice=plain><replaceable>channel</replaceable></arg>
</cmdsynopsis>
<para>
Requests an invite to the given channel. The channel must be
locked somehow (+ikl), must not be +p and you may not be banned
or quieted. Also, this command is rate limited.
</para>
<para>
If successful, all channel operators will receive a 710 numeric.
The recipient field of this numeric is the channel.
</para>
<para>
Support of this command is indicated by the KNOCK token in
RPL_ISUPPORT (005).
</para>
</sect2>
<sect2>
<title>MONITOR</title>
<para>
Server side notify list. This list contains nicks. When a user
connects, quits with a listed nick or changes to or from a listed
nick, you will receive a 730 numeric if the nick went online and
a 731 numeric if the nick went offline.
</para>
<para>
Support of this command is indicated by the MONITOR token in
RPL_ISUPPORT (005); the parameter indicates the maximum number
of nicknames you may have in your monitor list.
</para>
<para>
You may only use this command once per second.
</para>
<para>
More details can be found in <filename>doc/monitor.txt</filename>
in the source distribution.
</para>
<cmdsynopsis><command>MONITOR +</command>
<arg choice=plain><replaceable>nick</replaceable>,</arg>
<arg choice=plain><replaceable>...</replaceable></arg>
</cmdsynopsis>
<para>
Adds nicks to your monitor list. You will receive 730 and 731
numerics for the nicks.
</para>
<cmdsynopsis><command>MONITOR -</command>
<arg choice=plain><replaceable>nick</replaceable>,</arg>
<arg choice=plain><replaceable>...</replaceable></arg>
</cmdsynopsis>
<para>
Removes nicks from your monitor list. No output is generated for
this command.
</para>
<cmdsynopsis><command>MONITOR C</command>
</cmdsynopsis>
<para>
Clears your monitor list. No output is generated for
this command.
</para>
<cmdsynopsis><command>MONITOR L</command>
</cmdsynopsis>
<para>
Lists all nicks on your monitor list, using 732 numerics and
ending with a 733 numeric.
</para>
<cmdsynopsis><command>MONITOR S</command>
</cmdsynopsis>
<para>
Shows status for all nicks on your monitor list, using 730 and 731
numerics.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
sgml-local-ecat-files:nil
fill-column:105
End:
-->

View file

@ -1,377 +0,0 @@
<chapter id="umodes">
<title>Umodes</title>
<sect1 id="umodelist">
<title>Meanings of user modes</title>
<sect2>
<title>+a, server administrator</title>
<para>
This vanity usermode is used to denote a server administrator in WHOIS output.
All local <quote>admin</quote> privileges are independent of it, though services
packages may grant extra privileges to +a users.
</para>
</sect2>
<sect2>
<title>+D, deaf</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Users with the +D umode set will not receive messages sent to
channels. Joins, parts, topic changes, mode changes, etc are
received as normal, as are private messages.
</para>
<para>
Support of this umode is indicated by the DEAF token in
RPL_ISUPPORT (005); the parameter indicates the letter
of the umode. Note that several common IRCD implementations have
an umode like this (typically +d) but do not have the token in 005.
</para>
</sect2>
<sect2>
<title>+g, Caller ID</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Users with the +g umode set will only receive private messages from users on a
session-defined whitelist, defined by the /accept command. If a user who is not
on the whitelist attempts to send a private message, the target user will receive a rate-limited notice saying that the user
wishes to speak to them.
</para>
<para>
Network operators are not affected by the callerid whitelist system in the event
that they need to speak to users who have it enabled.
</para>
<para>
Support of this umode is indicated by the CALLERID token in
RPL_ISUPPORT (005); the optional parameter indicates the letter
of the umode, otherwise +g.
</para>
</sect2>
<sect2>
<title>+i, invisible</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Invisible users do not show up in WHO and NAMES unless you can see them.
</para>
</sect2>
<!-- not planned (jilles)
<sect2>
<title>+I, refuse invite</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
If you have the +I umode set, nobody will be able to issue an INVITE to let you
in to a channel.
</para>
<para>
This mode is not yet implemented. It will be implemented in Charybdis 1.1.
</para>
</sect2>
-->
<sect2>
<title>+l, receive locops</title>
<para>
LOCOPS is a version of OPERWALL that is sent to opers on a single
server only. With cluster{} and shared{} blocks they can optionally
be propagated further.
</para>
<para>
Unlike OPERWALL, any oper can send and receive LOCOPS.
</para>
</sect2>
<sect2>
<title>+o, operator</title>
<para>
This indicates global operator status.
</para>
</sect2>
<sect2>
<title>+Q, disable forwarding</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
This umode prevents you from being affected by channel forwarding.
If enabled on a channel, channel forwarding sends you to another
channel if you could not join. See channel mode +f for more
information.
</para>
</sect2>
<sect2>
<title>+R, reject messages from unauthenticated users</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
If a user has the +R umode set, then any users who are not authenticated
will receive an error message if they attempt to send a private
message or notice to the +R user.
</para>
<para>
Opers and accepted users (like in +g) are exempt.
Unlike +g, the target user is not notified of failed messages.
</para>
</sect2>
<sect2>
<title>+s, receive server notices</title>
<para>
This umode allows an oper to receive server notices.
The requested types of server notices are specified as a
parameter (<quote>snomask</quote>) to this umode.
</para>
</sect2>
<sect2>
<title>+S, network service</title>
<para>
<note>
<para>
This umode can only be set by servers named in a service{}
block.
</para>
</note>
This umode grants various features useful for services. For example,
clients with this umode cannot be kicked or deopped on channels,
can send to any channel, do not show channels in WHOIS,
can be the target of services aliases and do not appear in /stats p.
No server notices are sent for hostname changes by services clients;
server notices about kills are sent to snomask +k instead of +s.
</para>
<para>
The exact effects of this umode are variable; no user or oper on
an actual charybdis server can set it.
</para>
</sect2>
<sect2>
<title>+w, receive wallops</title>
<para>
<note>
<para>
This is a user umode, which anybody can set. It is not specific to operators.
</para>
</note>
Users with the +w umode set will receive WALLOPS messages sent by opers.
Opers with +w additionally receive WALLOPS sent by servers (e.g.
remote CONNECT, remote SQUIT, various severe misconfigurations,
many services packages).
</para>
</sect2>
<sect2>
<title>+z, receive operwall</title>
<para>
OPERWALL differs from WALLOPS in that the ability to receive such messages is
restricted. Opers with +z set will receive OPERWALL messages.
</para>
</sect2>
<sect2>
<title>+Z, SSL user</title>
<para>
This umode is set on clients connected via SSL/TLS.
It cannot be set or unset after initial connection.
</para>
</sect2>
</sect1>
<sect1 id="snomaskusage">
<title>Snomask usage</title>
<para>
Usage is as follows:
</para>
<cmdsynopsis><command>MODE</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain>+s</arg>
<arg choice=plain><replaceable>+/-flags</replaceable></arg>
</cmdsynopsis>
<para>
To set snomasks.
</para>
<cmdsynopsis><command>MODE</command>
<arg choice=plain><replaceable>nick</replaceable></arg>
<arg choice=plain>-s</arg>
</cmdsynopsis>
<para>
To clear all snomasks.
</para>
<para>
Umode +s will be set if at least one snomask is set.
</para>
<para>
Umode +s is oper only by default, but even if you allow nonopers to
set it, they will not get any server notices.
</para>
</sect1>
<sect1 id="snomasklist">
<title>Meanings of server notice masks</title>
<sect2>
<title>+b, bot warnings</title>
<para>
Opers with the +b snomask set will receive warning messages from the server when potential
flooders and spambots are detected.
</para>
</sect2>
<sect2>
<title>+c, client connections</title>
<para>
Opers who have the +c snomask set will receive server notices when clients attach to the
local server.
</para>
</sect2>
<sect2>
<title>+C, extended client connection notices</title>
<para>
Opers who have the +C snomask set will receive server notices when clients attach to the
local server. Unlike the +c snomask, the information is displayed in a format intended
to be parsed by scripts, and includes the two unused fields of the USER command.
</para>
</sect2>
<sect2>
<title>+d, debug</title>
<para>
The +d snomask provides opers extra information which may be of interest to debuggers.
It will also cause the user to receive server notices if certain assertions fail inside the
server. Its precise meaning is variable. Do not depend on the
effects of this snomask as they can and will change without notice in later revisions.
</para>
</sect2>
<sect2>
<title>+f, full warning</title>
<para>
Opers with the +f snomask set will receive notices when a user
connection is denied because a connection limit is exceeded
(one of the limits in a class{} block, or the total per-server
limit settable with /quote set max).
</para>
</sect2>
<sect2>
<title>+F, far client connection notices</title>
<para>
<note>
<para>
This snomask is only available if the <filename>sno_farconnect.so</filename> extension is loaded.
</para>
</note>
Opers with +F receive server notices when clients connect or
disconnect on other servers. The notices have the same format
as those from the +c snomask, except that the class is ? and
the source server of the notice is the server the user is/was on.
</para>
<para>
No notices are generated for netsplits and netjoins.
Hence, these notices cannot be used to keep track of all
clients on the network.
</para>
<para>
There is no far equivalent of the +C snomask.
</para>
</sect2>
<sect2>
<title>+k, server kill notices</title>
<para>
Opers with the +k snomask set will receive server notices when
services kill users and when
other servers kill and save (forced nick change to UID) users.
Kills and saves by this server are on +d or +s.
</para>
</sect2>
<sect2>
<title>+n, nick change notices</title>
<para>
An oper with +n set will receive a server notice every time a local user changes their nick,
giving the old and new nicks.
This is mostly useful for bots that track all users on a single server.
</para>
</sect2>
<sect2>
<title>+r, notices on name rejections</title>
<para>
Opers with this snomask set will receive a server notice when somebody tries to use an
invalid username, or if a dumb HTTP proxy tries to connect.
</para>
</sect2>
<sect2>
<title>+s, generic server notices</title>
<para>
This snomask allows an oper to receive generic server notices.
This includes kills from opers (except services).
</para>
</sect2>
<sect2>
<title>+u, unauthorized connections</title>
<para>
This snomask allows an oper to see when users try to connect who do not have an
available auth{} block.
</para>
</sect2>
<sect2>
<title>+W, whois notifications</title>
<para>
<note>
<para>
This snomask is only available if the <filename>sno_whois.so</filename> extension is loaded.
</para>
</note>
Opers with +W receive notices when a WHOIS is executed on them
on their server (showing idle time).
</para>
</sect2>
<sect2>
<title>+x, extra routing notices</title>
<para>
Opers who have the +x snomask set will get notices about servers
connecting and disconnecting on the whole network. This includes
all servers connected behind the affected link. This can get
rather noisy but is useful for keeping track of all linked
servers.
</para>
</sect2>
<sect2>
<title>+y, spy</title>
<para>
Opers with +y receive notices when users try to join RESV'ed (<quote>juped</quote>) channels.
Additionally, if certain extension modules are loaded, they will
receive notices when special commands are used.
</para>
</sect2>
<sect2>
<title>+Z, operspy notices</title>
<para>
Opers with +Z receive notices whenever an oper anywhere on the
network uses operspy.
</para>
<para>
This snomask can be configured to be only effective for admins.
</para>
</sect2>
</sect1>
</chapter>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-namecase-general:t
sgml-general-insert-case:lower
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document: ("charybdis-oper-guide.sgml" "book")
sgml-exposed-tags:nil
fill-column: 105
sgml-validate-command: "nsgmls -e -g -s -u charybdis-oper-guide.sgml"
End:
-->

View file

@ -766,6 +766,16 @@ Part of a SASL authentication exchange. The mode is 'C' to send some data
termination: 'A' for abort, 'F' for authentication failure, 'S' for
authentication success).
3.
encap target: *
source: server
parameters: source uid, '*', 'H', hostname, ip, tls
Provides information on a client. The "tls" data is either 'P' for a
plaintext connection or any other string for a TLS connection.
The source uid is that of an unregistered client. This is why it is not sent
as the prefix.
SAVE
capab: SAVE
source: server

View file

@ -1,5 +1,5 @@
/*
* Channel extban type: matches users who are in a certain public channel
* Channel extban type: matches users who are in a certain channel
* -- jilles
*
* $Id: extb_channel.c 1723 2006-07-06 15:23:58Z jilles $
@ -47,8 +47,5 @@ static int eb_channel(const char *data, struct Client *client_p,
/* require consistent target */
if (chptr->chname[0] == '#' && data[0] == '&')
return EXTBAN_INVALID;
/* privacy! don't allow +s/+p channels to influence another channel */
if (!PubChannel(chptr2) && chptr2 != chptr)
return EXTBAN_INVALID;
return IsMember(client_p, chptr2) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
}

View file

@ -1,5 +1,9 @@
/* SSL extban type: matches ssl users */
/* This file is available under the same conditions as the rest of
https://github.com/asterIRC/ircd-chatd, and by extension, the rest
of Charybdis. */
#include "stdinc.h"
#include "modules.h"
#include "client.h"
@ -9,7 +13,7 @@ static int _modinit(void);
static void _moddeinit(void);
static int eb_ssl(const char *data, struct Client *client_p, struct Channel *chptr, long mode_type);
DECLARE_MODULE_AV1(extb_ssl, _modinit, _moddeinit, NULL, NULL, NULL, "$Revision$");
DECLARE_MODULE_AV1(extb_ssl, _modinit, _moddeinit, NULL, NULL, NULL, "1.05");
static int
_modinit(void)
@ -31,7 +35,18 @@ static int eb_ssl(const char *data, struct Client *client_p,
(void)chptr;
(void)mode_type;
if (! IsSSLClient(client_p))
return EXTBAN_NOMATCH;
if (data != NULL)
return EXTBAN_INVALID;
return IsSSLClient(client_p) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
{
if (EmptyString(client_p->certfp))
return EXTBAN_NOMATCH;
if (irccmp(data, client_p->certfp) != 0)
return EXTBAN_NOMATCH;
}
return EXTBAN_MATCH;
}

View file

@ -24,7 +24,7 @@ DECLARE_MODULE_AV1(extb_usermode, _modinit, _moddeinit, NULL, NULL, NULL, "$Revi
static int
_modinit(void)
{
extban_table['m'] = eb_usermode;
extban_table['u'] = eb_usermode;
return 0;
}
@ -32,7 +32,7 @@ _modinit(void)
static void
_moddeinit(void)
{
extban_table['m'] = NULL;
extban_table['u'] = NULL;
}
static int eb_usermode(const char *data, struct Client *client_p,

View file

@ -193,9 +193,17 @@ mo_hurt(struct Client *client_p, struct Client *source_p,
}
if (parc == 3)
expire = NULL, ip = parv[1], reason = parv[2];
{
expire = NULL;
ip = parv[1];
reason = parv[2];
}
else
expire = parv[1], ip = parv[2], reason = parv[3];
{
expire = parv[1];
ip = parv[2];
reason = parv[3];
}
if (!expire)
expire_time = HURT_DEFAULT_EXPIRE;

View file

@ -189,36 +189,31 @@ char *
generate_poor_salt(char *salt, int length)
{
int i;
srand(time(NULL));
for(i = 0; i < length; i++)
{
salt[i] = saltChars[rand() % 64];
}
return (salt);
}
char *
generate_random_salt(char *salt, int length)
{
char *buf;
int fd, i;
if((fd = open("/dev/random", O_RDONLY)) < 0)
{
if((fd = open("/dev/urandom", O_RDONLY)) < 0)
return (generate_poor_salt(salt, length));
}
buf = calloc(1, length);
if(read(fd, buf, length) != length)
if(read(fd, salt, (size_t)length) != length)
{
free(buf);
close(fd);
return (generate_poor_salt(salt, length));
}
for(i = 0; i < length; i++)
{
salt[i] = saltChars[abs(buf[i]) % 64];
}
free(buf);
salt[i] = saltChars[abs(salt[i]) % 64];
close(fd);
return (salt);
}

View file

@ -73,7 +73,10 @@ static const char *expand_xline(const char *mask)
while (*p != '\0')
{
if (*p == ' ')
*q++ = '\\', *q++ = 's';
{
*q++ = '\\';
*q++ = 's';
}
else
*q++ = *p;
p++;

View file

@ -79,14 +79,6 @@ mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char
const char *encr;
struct rb_sockaddr_storage addr;
if ((!strchr(parv[4], '.') && !strchr(parv[4], ':')) ||
strlen(parv[4]) + (*parv[4] == ':') >=
sizeof(source_p->sockhost))
{
sendto_one(source_p, "NOTICE * :Invalid IP");
return 0;
}
aconf = find_address_conf(client_p->host, client_p->sockhost,
IsGotId(client_p) ? client_p->username : "webirc",
IsGotId(client_p) ? client_p->username : "webirc",
@ -125,23 +117,15 @@ mr_webirc(struct Client *client_p, struct Client *source_p, int parc, const char
return 0;
}
if (*parv[4] == ':')
{
source_p->sockhost[0] = '0';
rb_strlcpy(source_p->sockhost + 1, parv[4],
sizeof(source_p->sockhost) - 1);
}
else
rb_strlcpy(source_p->sockhost, parv[4],
sizeof(source_p->sockhost));
source_p->localClient->ip = addr;
rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));
if(strlen(parv[3]) <= HOSTLEN)
rb_strlcpy(source_p->host, parv[3], sizeof(source_p->host));
else
rb_strlcpy(source_p->host, source_p->sockhost, sizeof(source_p->host));
source_p->localClient->ip = addr;
/* Check dlines now, klines will be checked on registration */
if((aconf = find_dline((struct sockaddr *)&source_p->localClient->ip,
source_p->localClient->ip.ss_family)))

View file

@ -18,11 +18,7 @@ Unless noted below, all types can be used with +b, +q, +e and +I.
$a - Matches all logged in users
$a:<mask> - Matches users logged in with a username matching the mask
(* and ? wildcards)
$c:<chan> - Matches users who are on the given channel; this is only
valid if the channel exists and is not +s or +p. (The ops
of the channel the ban is on cannot necessarily see whether
the user is in the target channel, so it should not
influence whether they can join either.)
$c:<chan> - Matches users who are on the given channel
$o - Matches opers (most useful with +I)
$r:<mask> - Matches users with a realname (gecos) matching the mask
(* and ? wildcards); this can only be used with +b and +q
@ -32,4 +28,5 @@ Unless noted below, all types can be used with +b, +q, +e and +I.
channel
$x:<mask> - Bans all users with matching nick!user@host#gecos
$z - Matches all SSL users
$z:<data> - Matches all SSL users with a fingerprint matching the data

View file

@ -11,6 +11,7 @@ ircd.conf file.
NICKDELAY - Clears delayed nicks
OMOTD - Re-reads Oper MOTD file
REJECTCACHE - Clears the reject cache
SSLD - Restarts the ssld processes
TDLINES - Clears temporary D Lines
THROTTLES - Clears throttled IP addresses
TKLINES - Clears temporary K Lines

View file

@ -32,6 +32,7 @@ X f - Shows File Descriptors
* q - Shows temporary and global resv'd nicks and channels
* Q - Shows resv'd nicks and channels
* r - Shows resource usage by ircd
X S - Shows ssld processes
* t - Shows generic server stats
* U - Shows shared blocks (Old U: lines)
u - Shows server uptime

View file

@ -302,6 +302,8 @@ struct PreClient
struct Blacklist *dnsbl_listed; /* first dnsbl where it's listed */
struct rb_sockaddr_storage lip; /* address of our side of the connection */
char id[IDLEN]; /* UID/SID, unique on the network (unverified) */
};
struct ListClient
@ -581,7 +583,6 @@ extern int is_remote_connect(struct Client *);
extern void init_client(void);
extern struct Client *make_client(struct Client *from);
extern void free_pre_client(struct Client *client);
extern void free_client(struct Client *client);
extern int exit_client(struct Client *, struct Client *, struct Client *, const char *);

View file

@ -25,6 +25,7 @@ extern int h_burst_finished;
extern int h_server_introduced;
extern int h_server_eob;
extern int h_client_exit;
extern int h_after_client_exit;
extern int h_umode_changed;
extern int h_new_local_user;
extern int h_new_remote_user;

View file

@ -102,10 +102,11 @@ extern int testing_conf;
extern struct ev_entry *check_splitmode_ev;
extern int ssl_ok;
extern int zlib_ok;
extern int ircd_ssl_ok;
extern int ircd_zlib_ok;
extern int maxconnections;
void ircd_shutdown(const char *reason);
extern void rehash_ulimit();
void ircd_shutdown(const char *reason) __attribute__((noreturn));
#endif

View file

@ -39,7 +39,6 @@ struct lgetopt
extern struct lgetopt myopts[];
void usage(char *);
void parseargs(int *, char ***, struct lgetopt *);
#endif /* __GETOPT_H_INCLUDED__ */

View file

@ -41,5 +41,6 @@ extern void mod_del_cmd(struct Message *msg);
extern void report_messages(struct Client *);
extern struct Dictionary *alias_dict;
extern struct Dictionary *fakechannel_dict;
#endif /* INCLUDED_parse_h_h */

View file

@ -27,7 +27,7 @@
#ifndef INCLUDED_restart_h
#define INCLUDED_restart_h
void restart(const char *);
void server_reboot(void);
void restart(const char *) __attribute__((noreturn));
void server_reboot(void) __attribute__((noreturn));
#endif

View file

@ -191,6 +191,7 @@ struct config_file_entry
int operspy_admin_only;
int pace_wait;
int pace_wait_simple;
int listfake_wait;
int short_motd;
int no_oper_flood;
int hide_server;
@ -309,6 +310,16 @@ struct alias_entry
int hits;
};
struct fakechannel_entry
{
char *name;
char *topic;
int users_min;
int users_max;
};
/* All variables are GLOBAL */
extern int specific_ipv4_vhost; /* used in s_bsd.c */
extern int specific_ipv6_vhost;

View file

@ -53,6 +53,7 @@ extern rb_dlink_list xline_conf_list;
extern rb_dlink_list resv_conf_list;
extern rb_dlink_list nd_list;
extern rb_dlink_list tgchange_list;
extern rb_dlink_list vhost_conf_list;
extern struct _rb_patricia_tree_t *tgchange_tree;
@ -245,5 +246,16 @@ extern void add_nd_entry(const char *name);
extern void free_nd_entry(struct nd_entry *);
extern unsigned long get_nd_count(void);
#endif
struct vhost_conf
{
char *hostname;
char *ssl_private_key;
char *ssl_cert;
char *ssl_dh_params;
char *ssl_cipher_list;
rb_dlink_node node;
};
extern struct vhost_conf *make_vhost_conf(void);
extern void free_vhost_conf(struct vhost_conf *);
#endif

View file

@ -28,6 +28,7 @@
#define INCLUDED_s_user_h
#include "config.h"
#include "ircd_defs.h"
struct Client;
struct User;
@ -47,7 +48,8 @@ extern int introduce_client(struct Client *client_p, struct Client *source_p,
struct User *user, const char *nick, int use_euid);
extern void change_nick_user_host(struct Client *target_p, const char *nick, const char *user,
const char *host, int newts, const char *format, ...);
const char *host, int newts, const char *format, ...)
AFP(6, 7);
extern int user_modes[256];
extern unsigned int find_umode_slot(void);

View file

@ -27,14 +27,22 @@
struct _ssl_ctl;
typedef struct _ssl_ctl ssl_ctl_t;
enum ssld_status {
SSLD_ACTIVE,
SSLD_SHUTDOWN,
SSLD_DEAD,
};
void init_ssld(void);
void restart_ssld(void);
int start_ssldaemon(int count, const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list);
ssl_ctl_t *start_ssld_accept(rb_fde_t *sslF, rb_fde_t *plainF, uint32_t id);
ssl_ctl_t *start_ssld_connect(rb_fde_t *sslF, rb_fde_t *plainF, uint32_t id);
void start_zlib_session(void *data);
void send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list);
void send_new_ssl_certs(const char *ssl_cert, const char *ssl_private_key, const char *ssl_dh_params, const char *ssl_cipher_list, const int method, const char *hostname);
void send_remove_ssl_vhost(const char *hostname);
void ssld_decrement_clicount(ssl_ctl_t *ctl);
int get_ssld_count(void);
void ssld_foreach_info(void (*func)(void *data, pid_t pid, int cli_count, enum ssld_status status), void *data);
#endif

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -189,8 +189,8 @@ CSCOPE = cscope
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/libratbox.pc.in \
$(top_srcdir)/include/libratbox_config.h.in COPYING ChangeLog \
INSTALL README TODO compile config.guess config.sub depcomp \
install-sh ltmain.sh missing
INSTALL README TODO compile config.guess config.sub install-sh \
ltmain.sh missing
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
distdir = $(PACKAGE)-$(VERSION)
top_distdir = $(distdir)
@ -360,6 +360,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
@ -627,7 +628,7 @@ distdir: $(DISTFILES)
! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
|| chmod -R a+r "$(distdir)"
dist-gzip: distdir
tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz
$(am__post_remove_distdir)
dist-bzip2: distdir
@ -653,7 +654,7 @@ dist-shar: distdir
@echo WARNING: "Support for shar distribution archives is" \
"deprecated." >&2
@echo WARNING: "It will be removed altogether in Automake 2.0" >&2
shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz
$(am__post_remove_distdir)
dist-zip: distdir
@ -671,7 +672,7 @@ dist dist-all:
distcheck: dist
case '$(DIST_ARCHIVES)' in \
*.tar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\
*.tar.bz2*) \
bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
*.tar.lz*) \
@ -681,7 +682,7 @@ distcheck: dist
*.tar.Z*) \
uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
*.shar.gz*) \
GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\
*.zip*) \
unzip $(distdir).zip ;;\
esac

80
libratbox/aclocal.m4 vendored
View file

@ -1,6 +1,6 @@
# generated automatically by aclocal 1.15 -*- Autoconf -*-
# generated automatically by aclocal 1.15.1 -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -744,7 +744,6 @@ _LT_CONFIG_SAVE_COMMANDS([
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
# Generated automatically by $as_me ($PACKAGE) $VERSION
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
# Provide generalized library-building support services.
@ -2901,6 +2900,18 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
dynamic_linker='GNU/Linux ld.so'
;;
netbsdelf*-gnu)
version_type=linux
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
dynamic_linker='NetBSD ld.elf_so'
;;
netbsd*)
version_type=sunos
need_lib_prefix=no
@ -3560,7 +3571,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
lt_cv_deplibs_check_method=pass_all
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
lt_cv_deplibs_check_method='match_pattern /lib[[^/]]+(\.so\.[[0-9]]+\.[[0-9]]+|_pic\.a)$'
else
@ -4438,7 +4449,7 @@ m4_if([$1], [CXX], [
;;
esac
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
;;
*qnx* | *nto*)
# QNX uses GNU C++, but need to define -shared option too, otherwise
@ -4950,6 +4961,9 @@ m4_if([$1], [CXX], [
;;
esac
;;
linux* | k*bsd*-gnu | gnu*)
_LT_TAGVAR(link_all_deplibs, $1)=no
;;
*)
_LT_TAGVAR(export_symbols_cmds, $1)='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
;;
@ -5012,6 +5026,9 @@ dnl Note also adjust exclude_expsyms for C++ above.
openbsd* | bitrig*)
with_gnu_ld=no
;;
linux* | k*bsd*-gnu | gnu*)
_LT_TAGVAR(link_all_deplibs, $1)=no
;;
esac
_LT_TAGVAR(ld_shlibs, $1)=yes
@ -5266,7 +5283,7 @@ _LT_EOF
fi
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
@ -5787,6 +5804,7 @@ _LT_EOF
if test yes = "$lt_cv_irix_exported_symbol"; then
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
_LT_TAGVAR(link_all_deplibs, $1)=no
else
_LT_TAGVAR(archive_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
_LT_TAGVAR(archive_expsym_cmds, $1)='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
@ -5808,7 +5826,7 @@ _LT_EOF
esac
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
_LT_TAGVAR(archive_cmds, $1)='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
else
@ -9050,7 +9068,7 @@ m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
dnl serial 11 (pkg-config-0.29)
dnl serial 11 (pkg-config-0.29.1)
dnl
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
@ -9092,7 +9110,7 @@ dnl
dnl See the "Since" comment for each macro you use to see what version
dnl of the macros you require.
m4_defun([PKG_PREREQ],
[m4_define([PKG_MACROS_VERSION], [0.29])
[m4_define([PKG_MACROS_VERSION], [0.29.1])
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
])dnl PKG_PREREQ
@ -9325,7 +9343,7 @@ AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR
# Copyright (C) 2002-2014 Free Software Foundation, Inc.
# Copyright (C) 2002-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9340,7 +9358,7 @@ AC_DEFUN([AM_AUTOMAKE_VERSION],
[am__api_version='1.15'
dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
dnl require some minimum version. Point them to the right macro.
m4_if([$1], [1.15], [],
m4_if([$1], [1.15.1], [],
[AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
])
@ -9356,14 +9374,14 @@ m4_define([_AM_AUTOCONF_VERSION], [])
# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
[AM_AUTOMAKE_VERSION([1.15])dnl
[AM_AUTOMAKE_VERSION([1.15.1])dnl
m4_ifndef([AC_AUTOCONF_VERSION],
[m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
# AM_AUX_DIR_EXPAND -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9415,7 +9433,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd`
# AM_CONDITIONAL -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9446,7 +9464,7 @@ AC_CONFIG_COMMANDS_PRE(
Usually this means the macro was only invoked conditionally.]])
fi])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9637,7 +9655,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl
# Generate code to set up dependency tracking. -*- Autoconf -*-
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9713,7 +9731,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
# Do all the work for Automake. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9910,7 +9928,7 @@ for _am_header in $config_headers :; do
done
echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9931,7 +9949,7 @@ if test x"${install_sh+set}" != xset; then
fi
AC_SUBST([install_sh])])
# Copyright (C) 2003-2014 Free Software Foundation, Inc.
# Copyright (C) 2003-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9953,7 +9971,7 @@ AC_SUBST([am__leading_dot])])
# Add --enable-maintainer-mode option to configure. -*- Autoconf -*-
# From Jim Meyering
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -9988,7 +10006,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles])
# Check to see how 'make' treats includes. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10038,7 +10056,7 @@ rm -f confinc confmf
# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*-
# Copyright (C) 1997-2014 Free Software Foundation, Inc.
# Copyright (C) 1997-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10079,7 +10097,7 @@ fi
# Obsolete and "removed" macros, that must however still report explicit
# error messages when used, to smooth transition.
#
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10106,7 +10124,7 @@ AU_DEFUN([fp_C_PROTOTYPES], [AM_C_PROTOTYPES])
# Helper functions for option handling. -*- Autoconf -*-
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10135,7 +10153,7 @@ AC_DEFUN([_AM_SET_OPTIONS],
AC_DEFUN([_AM_IF_OPTION],
[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10182,7 +10200,7 @@ AC_LANG_POP([C])])
# For backward compatibility.
AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10201,7 +10219,7 @@ AC_DEFUN([AM_RUN_LOG],
# Check to make sure that the build environment is sane. -*- Autoconf -*-
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Copyright (C) 1996-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10282,7 +10300,7 @@ AC_CONFIG_COMMANDS_PRE(
rm -f conftest.file
])
# Copyright (C) 2009-2014 Free Software Foundation, Inc.
# Copyright (C) 2009-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10342,7 +10360,7 @@ AC_SUBST([AM_BACKSLASH])dnl
_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl
])
# Copyright (C) 2001-2014 Free Software Foundation, Inc.
# Copyright (C) 2001-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10370,7 +10388,7 @@ fi
INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
AC_SUBST([INSTALL_STRIP_PROGRAM])])
# Copyright (C) 2006-2014 Free Software Foundation, Inc.
# Copyright (C) 2006-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -10389,7 +10407,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
# Check how to create a tarball. -*- Autoconf -*-
# Copyright (C) 2004-2014 Free Software Foundation, Inc.
# Copyright (C) 2004-2017 Free Software Foundation, Inc.
#
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,

673
libratbox/config.guess vendored

File diff suppressed because it is too large Load diff

294
libratbox/config.sub vendored
View file

@ -1,8 +1,8 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright 1992-2015 Free Software Foundation, Inc.
# Copyright 1992-2018 Free Software Foundation, Inc.
timestamp='2015-01-01'
timestamp='2018-02-22'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -15,7 +15,7 @@ timestamp='2015-01-01'
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see <http://www.gnu.org/licenses/>.
# along with this program; if not, see <https://www.gnu.org/licenses/>.
#
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -33,7 +33,7 @@ timestamp='2015-01-01'
# Otherwise, we print the canonical config type on stdout and succeed.
# You can get the latest version of this script from:
# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub
# This file is supposed to be the same for all GNU packages
# and recognize all the CPU types, system types and aliases
@ -53,12 +53,11 @@ timestamp='2015-01-01'
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION] CPU-MFR-OPSYS
$0 [OPTION] ALIAS
Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS
Canonicalize a configuration name.
Operation modes:
Options:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
@ -68,7 +67,7 @@ Report bugs and patches to <config-patches@gnu.org>."
version="\
GNU config.sub ($timestamp)
Copyright 1992-2015 Free Software Foundation, Inc.
Copyright 1992-2018 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
@ -95,7 +94,7 @@ while test $# -gt 0 ; do
*local*)
# First pass through any local machine types.
echo $1
echo "$1"
exit ;;
* )
@ -113,24 +112,24 @@ esac
# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
# Here we must recognize all the valid KERNEL-OS combinations.
maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \
linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | \
kopensolaris*-gnu* | \
knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \
kopensolaris*-gnu* | cloudabi*-eabi* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
;;
android-linux)
os=-linux-android
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown
;;
*)
basic_machine=`echo $1 | sed 's/-[^-]*$//'`
if [ $basic_machine != $1 ]
then os=`echo $1 | sed 's/.*-/-/'`
basic_machine=`echo "$1" | sed 's/-[^-]*$//'`
if [ "$basic_machine" != "$1" ]
then os=`echo "$1" | sed 's/.*-/-/'`
else os=; fi
;;
esac
@ -179,44 +178,44 @@ case $os in
;;
-sco6)
os=-sco5v6
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-sco5)
os=-sco3.2v5
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-sco4)
os=-sco3.2v4
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2.[4-9]*)
os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-sco3.2v[4-9]*)
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-sco5v6*)
# Don't forget version if it is 3.2v4 or newer.
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-sco*)
os=-sco3.2v2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-udk*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-isc)
os=-isc2.2
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-clix*)
basic_machine=clipper-intergraph
;;
-isc*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'`
;;
-lynx*178)
os=-lynxos178
@ -228,10 +227,7 @@ case $os in
os=-lynxos
;;
-ptx*)
basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
;;
-windowsnt*)
os=`echo $os | sed -e 's/windowsnt/winnt/'`
basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'`
;;
-psos*)
os=-psos
@ -255,15 +251,16 @@ case $basic_machine in
| arc | arceb \
| arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \
| avr | avr32 \
| ba \
| be32 | be64 \
| bfin \
| c4x | c8051 | clipper \
| d10v | d30v | dlx | dsp16xx \
| epiphany \
| e2k | epiphany \
| fido | fr30 | frv | ft32 \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| hexagon \
| i370 | i860 | i960 | ia64 \
| i370 | i860 | i960 | ia16 | ia64 \
| ip2k | iq2000 \
| k1om \
| le32 | le64 \
@ -299,13 +296,14 @@ case $basic_machine in
| nios | nios2 | nios2eb | nios2el \
| ns16k | ns32k \
| open8 | or1k | or1knd | or32 \
| pdp10 | pdp11 | pj | pjl \
| pdp10 | pj | pjl \
| powerpc | powerpc64 | powerpc64le | powerpcle \
| pru \
| pyramid \
| riscv32 | riscv64 \
| rl78 | rx \
| score \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@ -314,7 +312,7 @@ case $basic_machine in
| ubicom32 \
| v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \
| visium \
| we32k \
| wasm32 \
| x86 | xc16x | xstormy16 | xtensa \
| z8k | z80)
basic_machine=$basic_machine-unknown
@ -335,7 +333,7 @@ case $basic_machine in
basic_machine=$basic_machine-unknown
os=-none
;;
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65)
;;
ms1)
basic_machine=mt-unknown
@ -364,7 +362,7 @@ case $basic_machine in
;;
# Object if more than one company name word.
*-*-*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
exit 1
;;
# Recognize the basic CPU types with company name.
@ -376,17 +374,18 @@ case $basic_machine in
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* | avr32-* \
| ba-* \
| be32-* | be64-* \
| bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* \
| c8051-* | clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
| elxsi-* \
| e2k-* | elxsi-* \
| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
| h8300-* | h8500-* \
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| hexagon-* \
| i*86-* | i860-* | i960-* | ia64-* \
| i*86-* | i860-* | i960-* | ia16-* | ia64-* \
| ip2k-* | iq2000-* \
| k1om-* \
| le32-* | le64-* \
@ -427,13 +426,15 @@ case $basic_machine in
| orion-* \
| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \
| pru-* \
| pyramid-* \
| riscv32-* | riscv64-* \
| rl78-* | romp-* | rs6000-* | rx-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \
| tahoe-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
| tile*-* \
@ -442,6 +443,7 @@ case $basic_machine in
| v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \
| vax-* \
| visium-* \
| wasm32-* \
| we32k-* \
| x86-* | x86_64-* | xc16x-* | xps100-* \
| xstormy16-* | xtensa*-* \
@ -455,7 +457,7 @@ case $basic_machine in
# Recognize the various machine names and aliases which stand
# for a CPU type and a company and sometimes even an OS.
386bsd)
basic_machine=i386-unknown
basic_machine=i386-pc
os=-bsd
;;
3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
@ -489,7 +491,7 @@ case $basic_machine in
basic_machine=x86_64-pc
;;
amd64-*)
basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
amdahl)
basic_machine=580-amdahl
@ -518,6 +520,9 @@ case $basic_machine in
basic_machine=i386-pc
os=-aros
;;
asmjs)
basic_machine=asmjs-unknown
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -531,7 +536,7 @@ case $basic_machine in
os=-linux
;;
blackfin-*)
basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'`
os=-linux
;;
bluegene*)
@ -539,13 +544,13 @@ case $basic_machine in
os=-cnk
;;
c54x-*)
basic_machine=tic54x-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
c55x-*)
basic_machine=tic55x-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
c6x-*)
basic_machine=tic6x-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
c90)
basic_machine=c90-cray
@ -634,10 +639,18 @@ case $basic_machine in
basic_machine=rs6000-bull
os=-bosx
;;
dpx2* | dpx2*-bull)
dpx2*)
basic_machine=m68k-bull
os=-sysv3
;;
e500v[12])
basic_machine=powerpc-unknown
os=$os"spe"
;;
e500v[12]-*)
basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
os=$os"spe"
;;
ebmon29k)
basic_machine=a29k-amd
os=-ebmon
@ -727,9 +740,6 @@ case $basic_machine in
hp9k8[0-9][0-9] | hp8[0-9][0-9])
basic_machine=hppa1.0-hp
;;
hppa-next)
os=-nextstep3
;;
hppaosf)
basic_machine=hppa1.1-hp
os=-osf
@ -742,26 +752,26 @@ case $basic_machine in
basic_machine=i370-ibm
;;
i*86v32)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
os=-sysv32
;;
i*86v4*)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
os=-sysv4
;;
i*86v)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
os=-sysv
;;
i*86sol2)
basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'`
os=-solaris2
;;
i386mach)
basic_machine=i386-mach
os=-mach
;;
i386-vsta | vsta)
vsta)
basic_machine=i386-unknown
os=-vsta
;;
@ -780,19 +790,16 @@ case $basic_machine in
os=-sysv
;;
leon-*|leon[3-9]-*)
basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'`
basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'`
;;
m68knommu)
basic_machine=m68k-unknown
os=-linux
;;
m68knommu-*)
basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'`
os=-linux
;;
m88k-omron*)
basic_machine=m88k-omron
;;
magnum | m3230)
basic_machine=mips-mips
os=-sysv
@ -824,10 +831,10 @@ case $basic_machine in
os=-mint
;;
mips3*-*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`
;;
mips3*)
basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown
;;
monitor)
basic_machine=m68k-rom68k
@ -846,7 +853,7 @@ case $basic_machine in
os=-msdos
;;
ms1-*)
basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'`
;;
msys)
basic_machine=i686-pc
@ -933,6 +940,12 @@ case $basic_machine in
nsr-tandem)
basic_machine=nsr-tandem
;;
nsv-tandem)
basic_machine=nsv-tandem
;;
nsx-tandem)
basic_machine=nsx-tandem
;;
op50n-* | op60c-*)
basic_machine=hppa1.1-oki
os=-proelf
@ -965,7 +978,7 @@ case $basic_machine in
os=-linux
;;
parisc-*)
basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'`
os=-linux
;;
pbd)
@ -981,7 +994,7 @@ case $basic_machine in
basic_machine=i386-pc
;;
pc98-*)
basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
pentium | p5 | k5 | k6 | nexgen | viac3)
basic_machine=i586-pc
@ -996,16 +1009,16 @@ case $basic_machine in
basic_machine=i786-pc
;;
pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
pentiumpro-* | p6-* | 6x86-* | athlon-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
pentium4-*)
basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
pn)
basic_machine=pn-gould
@ -1015,23 +1028,23 @@ case $basic_machine in
ppc | ppcbe) basic_machine=powerpc-unknown
;;
ppc-* | ppcbe-*)
basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
ppcle | powerpclittle | ppc-le | powerpc-little)
ppcle | powerpclittle)
basic_machine=powerpcle-unknown
;;
ppcle-* | powerpclittle-*)
basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
ppc64) basic_machine=powerpc64-unknown
;;
ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
ppc64le | powerpc64little | ppc64-le | powerpc64-little)
ppc64le | powerpc64little)
basic_machine=powerpc64le-unknown
;;
ppc64le-* | powerpc64little-*)
basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
ps2)
basic_machine=i386-ibm
@ -1085,17 +1098,10 @@ case $basic_machine in
sequent)
basic_machine=i386-sequent
;;
sh)
basic_machine=sh-hitachi
os=-hms
;;
sh5el)
basic_machine=sh5le-unknown
;;
sh64)
basic_machine=sh64-unknown
;;
sparclite-wrs | simso-wrs)
simso-wrs)
basic_machine=sparclite-wrs
os=-vxworks
;;
@ -1114,7 +1120,7 @@ case $basic_machine in
os=-sysv4
;;
strongarm-* | thumb-*)
basic_machine=arm-`echo $basic_machine | sed 's/^[^-]*-//'`
basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'`
;;
sun2)
basic_machine=m68000-sun
@ -1236,6 +1242,9 @@ case $basic_machine in
basic_machine=hppa1.1-winbond
os=-proelf
;;
x64)
basic_machine=x86_64-pc
;;
xbox)
basic_machine=i686-pc
os=-mingw32
@ -1244,20 +1253,12 @@ case $basic_machine in
basic_machine=xps100-honeywell
;;
xscale-* | xscalee[bl]-*)
basic_machine=`echo $basic_machine | sed 's/^xscale/arm/'`
basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'`
;;
ymp)
basic_machine=ymp-cray
os=-unicos
;;
z8k-*-coff)
basic_machine=z8k-unknown
os=-sim
;;
z80-*-coff)
basic_machine=z80-unknown
os=-sim
;;
none)
basic_machine=none-none
os=-none
@ -1286,10 +1287,6 @@ case $basic_machine in
vax)
basic_machine=vax-dec
;;
pdp10)
# there are many clones, so DEC is not a safe bet
basic_machine=pdp10-unknown
;;
pdp11)
basic_machine=pdp11-dec
;;
@ -1299,9 +1296,6 @@ case $basic_machine in
sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
basic_machine=sparc-sun
;;
cydra)
basic_machine=cydra-cydrome
;;
@ -1321,7 +1315,7 @@ case $basic_machine in
# Make sure to match an already-canonicalized machine name.
;;
*)
echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2
exit 1
;;
esac
@ -1329,10 +1323,10 @@ esac
# Here we canonicalize certain aliases for manufacturers.
case $basic_machine in
*-digital*)
basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'`
;;
*-commodore*)
basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'`
;;
*)
;;
@ -1343,8 +1337,8 @@ esac
if [ x"$os" != x"" ]
then
case $os in
# First match some system type aliases
# that might get confused with valid system types.
# First match some system type aliases that might get confused
# with valid system types.
# -solaris* is a basic system type, with this one exception.
-auroraux)
os=-auroraux
@ -1355,45 +1349,48 @@ case $os in
-solaris)
os=-solaris2
;;
-svr4*)
os=-sysv4
;;
-unixware*)
os=-sysv4.2uw
;;
-gnu/linux*)
os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
;;
# First accept the basic system types.
# es1800 is here to avoid being matched by es* (a different OS)
-es1800*)
os=-ose
;;
# Now accept the basic system types.
# The portable systems comes first.
# Each alternative MUST END IN A *, to match a version number.
# Each alternative MUST end in a * to match a version number.
# -sysv* is not here because it comes later, after sysvr4.
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
| -sym* | -kopensolaris* | -plan9* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* | -aros* \
| -aos* | -aros* | -cloudabi* | -sortix* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
| -bitrig* | -openbsd* | -solidbsd* \
| -hiux* | -knetbsd* | -mirbsd* | -netbsd* \
| -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \
| -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
| -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
| -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
| -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
| -chorusos* | -chorusrdb* | -cegcc* \
| -chorusos* | -chorusrdb* | -cegcc* | -glidix* \
| -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
| -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \
| -linux-newlib* | -linux-musl* | -linux-uclibc* \
| -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
| -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \
| -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
| -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
| -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
| -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
| -morphos* | -superux* | -rtmk* | -windiss* \
| -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*)
| -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \
| -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \
| -midnightbsd*)
# Remember, each alternative MUST END IN *, to match a version number.
;;
-qnx*)
@ -1410,12 +1407,12 @@ case $os in
-nto*)
os=`echo $os | sed -e 's|nto|nto-qnx|'`
;;
-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
-sim | -xray | -os68k* | -v88r* \
| -windows* | -osx | -abug | -netware* | -os9* \
| -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
;;
-mac*)
os=`echo $os | sed -e 's|mac|macos|'`
os=`echo "$os" | sed -e 's|mac|macos|'`
;;
-linux-dietlibc)
os=-linux-dietlibc
@ -1424,10 +1421,10 @@ case $os in
os=`echo $os | sed -e 's|linux|linux-gnu|'`
;;
-sunos5*)
os=`echo $os | sed -e 's|sunos5|solaris2|'`
os=`echo "$os" | sed -e 's|sunos5|solaris2|'`
;;
-sunos6*)
os=`echo $os | sed -e 's|sunos6|solaris3|'`
os=`echo "$os" | sed -e 's|sunos6|solaris3|'`
;;
-opened*)
os=-openedition
@ -1438,12 +1435,6 @@ case $os in
-wince*)
os=-wince
;;
-osfrose*)
os=-osfrose
;;
-osf*)
os=-osf
;;
-utek*)
os=-bsd
;;
@ -1490,7 +1481,7 @@ case $os in
-oss*)
os=-sysv3
;;
-svr4)
-svr4*)
os=-sysv4
;;
-svr3)
@ -1505,32 +1496,38 @@ case $os in
-ose*)
os=-ose
;;
-es1800*)
os=-ose
;;
-xenix)
os=-xenix
;;
-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
os=-mint
;;
-aros*)
os=-aros
;;
-zvmoe)
os=-zvmoe
;;
-dicos*)
os=-dicos
;;
-pikeos*)
# Until real need of OS specific support for
# particular features comes up, bare metal
# configurations are quite functional.
case $basic_machine in
arm*)
os=-eabi
;;
*)
os=-elf
;;
esac
;;
-nacl*)
;;
-ios)
;;
-none)
;;
*)
# Get rid of the `-' at the beginning of $os.
os=`echo $os | sed 's/[^-]*-//'`
echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2
exit 1
;;
esac
@ -1620,12 +1617,12 @@ case $basic_machine in
sparc-* | *-sun)
os=-sunos4.1.1
;;
pru-*)
os=-elf
;;
*-be)
os=-beos
;;
*-haiku)
os=-haiku
;;
*-ibm)
os=-aix
;;
@ -1680,9 +1677,6 @@ case $basic_machine in
i370-*)
os=-mvs
;;
*-next)
os=-nextstep3
;;
*-gould)
os=-sysv
;;
@ -1792,15 +1786,15 @@ case $basic_machine in
vendor=stratus
;;
esac
basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"`
;;
esac
echo $basic_machine$os
echo "$basic_machine$os"
exit
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# eval: (add-hook 'write-file-functions 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"

43
libratbox/configure vendored
View file

@ -754,6 +754,7 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@ -849,6 +850,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@ -1101,6 +1103,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@ -1238,7 +1249,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@ -1391,6 +1402,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@ -6880,7 +6892,7 @@ linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*)
lt_cv_deplibs_check_method=pass_all
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
else
@ -10241,6 +10253,9 @@ $as_echo_n "checking whether the $compiler linker ($LD) supports shared librarie
openbsd* | bitrig*)
with_gnu_ld=no
;;
linux* | k*bsd*-gnu | gnu*)
link_all_deplibs=no
;;
esac
ld_shlibs=yes
@ -10495,7 +10510,7 @@ _LT_EOF
fi
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
wlarc=
@ -11165,6 +11180,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
if test yes = "$lt_cv_irix_exported_symbol"; then
archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib'
fi
link_all_deplibs=no
else
archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib'
archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib'
@ -11186,7 +11202,7 @@ $as_echo "$lt_cv_irix_exported_symbol" >&6; }
esac
;;
netbsd*)
netbsd* | netbsdelf*-gnu)
if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out
else
@ -12301,6 +12317,18 @@ fi
dynamic_linker='GNU/Linux ld.so'
;;
netbsdelf*-gnu)
version_type=linux
need_lib_prefix=no
need_version=no
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
soname_spec='${libname}${release}${shared_ext}$major'
shlibpath_var=LD_LIBRARY_PATH
shlibpath_overrides_runpath=no
hardcode_into_libs=yes
dynamic_linker='NetBSD ld.elf_so'
;;
netbsd*)
version_type=sunos
need_lib_prefix=no
@ -14734,6 +14762,8 @@ main ()
if (*(data + i) != *(data3 + i))
return 14;
close (fd);
free (data);
free (data3);
return 0;
}
_ACEOF
@ -14986,7 +15016,7 @@ if ${ac_cv_lib_mbedtls_mbedtls_ssl_init+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_check_lib_save_LIBS=$LIBS
LIBS="-lmbedtls -lmbedcrypto -lmbedx509 $LIBS"
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
@ -15018,7 +15048,7 @@ fi
$as_echo "$ac_cv_lib_mbedtls_mbedtls_ssl_init" >&6; }
if test "x$ac_cv_lib_mbedtls_mbedtls_ssl_init" = xyes; then :
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedcrypto -lmbedx509"
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedx509 -lmbedcrypto"
cf_enable_mbedtls=yes
else
@ -17196,7 +17226,6 @@ $as_echo X"$file" |
cat <<_LT_EOF >> "$cfgfile"
#! $SHELL
# Generated automatically by $as_me ($PACKAGE) $VERSION
# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
# NOTE: Changes made to this file will be lost: look at ltmain.sh.
# Provide generalized library-building support services.

View file

@ -351,9 +351,9 @@ if test "$cf_enable_mbedtls" != no; then
save_LIBS="$LIBS"
LIBS="$LIBS $MBEDTLS_LIBS"
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init, [
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedcrypto -lmbedx509"
MBEDTLS_LIBS="$MBEDTLS_LIBS -lmbedtls -lmbedx509 -lmbedcrypto"
cf_enable_mbedtls=yes
], [cf_enable_mbedtls=no], [-lmbedcrypto -lmbedx509])
], [cf_enable_mbedtls=no], [-lmbedx509 -lmbedcrypto])
fi
dnl GnuTLS support

View file

@ -1,9 +1,9 @@
#! /bin/sh
# depcomp - compile a program generating dependencies as side-effects
scriptversion=2004-04-25.13
scriptversion=2016-01-11.22; # UTC
# Copyright (C) 1999, 2000, 2003, 2004 Free Software Foundation, Inc.
# Copyright (C) 1999-2017 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -16,9 +16,7 @@ scriptversion=2004-04-25.13
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -29,7 +27,7 @@ scriptversion=2004-04-25.13
case $1 in
'')
echo "$0: No command. Try \`$0 --help' for more information." 1>&2
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
@ -41,42 +39,98 @@ as side-effects.
Environment variables:
depmode Dependency tracking mode.
source Source file read by `PROGRAMS ARGS'.
object Object file output by `PROGRAMS ARGS'.
source Source file read by 'PROGRAMS ARGS'.
object Object file output by 'PROGRAMS ARGS'.
DEPDIR directory where to store dependencies.
depfile Dependency file to output.
tmpdepfile Temporary file to use when outputing dependencies.
tmpdepfile Temporary file to use when outputting dependencies.
libtool Whether libtool is used (yes/no).
Report bugs to <bug-automake@gnu.org>.
EOF
exit 0
exit $?
;;
-v | --v*)
echo "depcomp $scriptversion"
exit 0
exit $?
;;
esac
# Get the directory component of the given path, and save it in the
# global variables '$dir'. Note that this directory component will
# be either empty or ending with a '/' character. This is deliberate.
set_dir_from ()
{
case $1 in
*/*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;;
*) dir=;;
esac
}
# Get the suffix-stripped basename of the given path, and save it the
# global variable '$base'.
set_base_from ()
{
base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'`
}
# If no dependency file was actually created by the compiler invocation,
# we still have to create a dummy depfile, to avoid errors with the
# Makefile "include basename.Plo" scheme.
make_dummy_depfile ()
{
echo "#dummy" > "$depfile"
}
# Factor out some common post-processing of the generated depfile.
# Requires the auxiliary global variable '$tmpdepfile' to be set.
aix_post_process_depfile ()
{
# If the compiler actually managed to produce a dependency file,
# post-process it.
if test -f "$tmpdepfile"; then
# Each line is of the form 'foo.o: dependency.h'.
# Do two passes, one to just change these to
# $object: dependency.h
# and one to simply output
# dependency.h:
# which is needed to avoid the deleted-header problem.
{ sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile"
sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile"
} > "$depfile"
rm -f "$tmpdepfile"
else
make_dummy_depfile
fi
}
# A tabulation character.
tab=' '
# A newline character.
nl='
'
# Character ranges might be problematic outside the C locale.
# These definitions help.
upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ
lower=abcdefghijklmnopqrstuvwxyz
digits=0123456789
alpha=${upper}${lower}
if test -z "$depmode" || test -z "$source" || test -z "$object"; then
echo "depcomp: Variables source, object and depmode must be set" 1>&2
exit 1
fi
# `libtool' can also be set to `yes' or `no'.
if test -z "$depfile"; then
base=`echo "$object" | sed -e 's,^.*/,,' -e 's,\.\([^.]*\)$,.P\1,'`
dir=`echo "$object" | sed 's,/.*$,/,'`
if test "$dir" = "$object"; then
dir=
fi
# FIXME: should be _deps on DOS.
depfile="$dir.deps/$base"
fi
# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
depfile=${depfile-`echo "$object" |
sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
rm -f "$tmpdepfile"
# Avoid interferences from the environment.
gccflag= dashmflag=
# Some modes work just like other modes, but use different flags. We
# parameterize here, but still list the modes in the big case below,
# to make depend.m4 easier to write. Note that we *cannot* use a case
@ -93,15 +147,50 @@ if test "$depmode" = dashXmstdout; then
depmode=dashmstdout
fi
cygpath_u="cygpath -u -f -"
if test "$depmode" = msvcmsys; then
# This is just like msvisualcpp but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvisualcpp
fi
if test "$depmode" = msvc7msys; then
# This is just like msvc7 but w/o cygpath translation.
# Just convert the backslash-escaped backslashes to single forward
# slashes to satisfy depend.m4
cygpath_u='sed s,\\\\,/,g'
depmode=msvc7
fi
if test "$depmode" = xlc; then
# IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information.
gccflag=-qmakedep=gcc,-MF
depmode=gcc
fi
case "$depmode" in
gcc3)
## gcc 3 implements dependency tracking that does exactly what
## we want. Yay! Note: for some reason libtool 1.4 doesn't like
## it if -MD -MP comes after the -MF stuff. Hmm.
"$@" -MT "$object" -MD -MP -MF "$tmpdepfile"
## Unfortunately, FreeBSD c89 acceptance of flags depends upon
## the command line argument order; so add the flags where they
## appear in depend2.am. Note that the slowdown incurred here
## affects only configure: in makefiles, %FASTDEP% shortcuts this.
for arg
do
case $arg in
-c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
*) set fnord "$@" "$arg" ;;
esac
shift # fnord
shift # $arg
done
"$@"
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
@ -109,13 +198,17 @@ gcc3)
;;
gcc)
## Note that this doesn't just cater to obsosete pre-3.x GCC compilers.
## but also to in-use compilers like IMB xlc/xlC and the HP C compiler.
## (see the conditional assignment to $gccflag above).
## There are various ways to get dependency output from gcc. Here's
## why we pick this rather obscure method:
## - Don't want to use -MD because we'd like the dependencies to end
## up in a subdir. Having to rename by hand is ugly.
## (We might end up doing this anyway to support other compilers.)
## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
## -MM, not -M (despite what the docs say).
## -MM, not -M (despite what the docs say). Also, it might not be
## supported by the other compilers which use the 'gcc' depmode.
## - Using -M directly means running the compiler twice (even worse
## than renaming).
if test -z "$gccflag"; then
@ -123,31 +216,31 @@ gcc)
fi
"$@" -Wp,"$gccflag$tmpdepfile"
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
## The second -e expression handles DOS-style file names with drive letters.
# The second -e expression handles DOS-style file names with drive
# letters.
sed -e 's/^[^:]*: / /' \
-e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
## This next piece of magic avoids the `deleted header file' problem.
## This next piece of magic avoids the "deleted header file" problem.
## The problem is that when a header file which appears in a .P file
## is deleted, the dependency causes make to die (because there is
## typically no way to rebuild the header). We avoid this by adding
## dummy dependencies for each header file. Too bad gcc doesn't do
## this for us directly.
tr ' ' '
' < "$tmpdepfile" |
## Some versions of gcc put a space before the `:'. On the theory
## Some versions of gcc put a space before the ':'. On the theory
## that the space means something, we add a space to the output as
## well.
## well. hp depmode also adds that space, but also prefixes the VPATH
## to the object. Take care to not repeat it in the output.
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@ -165,8 +258,7 @@ sgi)
"$@" -MDupdate "$tmpdepfile"
fi
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
@ -174,99 +266,156 @@ sgi)
if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files
echo "$object : \\" > "$depfile"
# Clip off the initial element (the dependent). Don't try to be
# clever and replace this with sed code, as IRIX sed won't handle
# lines with more than a fixed number of characters (4096 in
# IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines;
# the IRIX cc adds comments like `#:fec' to the end of the
# the IRIX cc adds comments like '#:fec' to the end of the
# dependency line.
tr ' ' '
' < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
tr '
' ' ' >> $depfile
echo >> $depfile
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \
| tr "$nl" ' ' >> "$depfile"
echo >> "$depfile"
# The second pass generates a dummy entry for each header file.
tr ' ' '
' < "$tmpdepfile" \
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
>> $depfile
>> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
# "include basename.Plo" scheme.
echo "#dummy" > "$depfile"
make_dummy_depfile
fi
rm -f "$tmpdepfile"
;;
xlc)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
aix)
# The C for AIX Compiler uses -M and outputs the dependencies
# in a .u file. In older versions, this file always lives in the
# current directory. Also, the AIX compiler puts `$object:' at the
# current directory. Also, the AIX compiler puts '$object:' at the
# start of each line; $object doesn't have directory information.
# Version 6 uses the directory in both cases.
stripped=`echo "$object" | sed 's/\(.*\)\..*$/\1/'`
tmpdepfile="$stripped.u"
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.u
tmpdepfile2=$base.u
tmpdepfile3=$dir.libs/$base.u
"$@" -Wc,-M
else
tmpdepfile1=$dir$base.u
tmpdepfile2=$dir$base.u
tmpdepfile3=$dir$base.u
"$@" -M
fi
stat=$?
if test -f "$tmpdepfile"; then :
else
stripped=`echo "$stripped" | sed 's,^.*/,,'`
tmpdepfile="$stripped.u"
fi
if test $stat -eq 0; then :
else
rm -f "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
if test -f "$tmpdepfile"; then
outname="$stripped.o"
# Each line is of the form `foo.o: dependent.h'.
# Do two passes, one to just change these to
# `$object: dependent.h' and one to simply `dependent.h:'.
sed -e "s,^$outname:,$object :," < "$tmpdepfile" > "$depfile"
sed -e "s,^$outname: \(.*\)$,\1:," < "$tmpdepfile" >> "$depfile"
else
# The sourcefile does not contain any dependencies, so just
# store a dummy comment line, to avoid errors with the Makefile
# "include basename.Plo" scheme.
echo "#dummy" > "$depfile"
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
aix_post_process_depfile
;;
tcc)
# tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26
# FIXME: That version still under development at the moment of writing.
# Make that this statement remains true also for stable, released
# versions.
# It will wrap lines (doesn't matter whether long or short) with a
# trailing '\', as in:
#
# foo.o : \
# foo.c \
# foo.h \
#
# It will put a trailing '\' even on the last line, and will use leading
# spaces rather than leading tabs (at least since its commit 0394caf7
# "Emit spaces for -MD").
"$@" -MD -MF "$tmpdepfile"
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
# Each non-empty line is of the form 'foo.o : \' or ' dep.h \'.
# We have to change lines of the first kind to '$object: \'.
sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile"
# And for each line of the second kind, we have to emit a 'dep.h:'
# dummy dependency, to avoid the deleted-header problem.
sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile"
rm -f "$tmpdepfile"
;;
icc)
# Intel's C compiler understands `-MD -MF file'. However on
# icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
# ICC 7.0 will fill foo.d with something like
# foo.o: sub/foo.c
# foo.o: sub/foo.h
# which is wrong. We want:
# sub/foo.o: sub/foo.c
# sub/foo.o: sub/foo.h
# sub/foo.c:
# sub/foo.h:
# ICC 7.1 will output
## The order of this option in the case statement is important, since the
## shell code in configure will try each of these formats in the order
## listed in this file. A plain '-MD' option would be understood by many
## compilers, so we must ensure this comes after the gcc and icc options.
pgcc)
# Portland's C compiler understands '-MD'.
# Will always output deps to 'file.d' where file is the root name of the
# source file under compilation, even if file resides in a subdirectory.
# The object file name does not affect the name of the '.d' file.
# pgcc 10.2 will output
# foo.o: sub/foo.c sub/foo.h
# and will wrap long lines using \ :
# and will wrap long lines using '\' :
# foo.o: sub/foo.c ... \
# sub/foo.h ... \
# ...
set_dir_from "$object"
# Use the source, not the object, to determine the base name, since
# that's sadly what pgcc will do too.
set_base_from "$source"
tmpdepfile=$base.d
"$@" -MD -MF "$tmpdepfile"
# For projects that build the same source file twice into different object
# files, the pgcc approach of using the *source* file root name can cause
# problems in parallel builds. Use a locking strategy to avoid stomping on
# the same $tmpdepfile.
lockdir=$base.d-lock
trap "
echo '$0: caught signal, cleaning up...' >&2
rmdir '$lockdir'
exit 1
" 1 2 13 15
numtries=100
i=$numtries
while test $i -gt 0; do
# mkdir is a portable test-and-set.
if mkdir "$lockdir" 2>/dev/null; then
# This process acquired the lock.
"$@" -MD
stat=$?
if test $stat -eq 0; then :
# Release the lock.
rmdir "$lockdir"
break
else
# If the lock is being held by a different process, wait
# until the winning process is done or we timeout.
while test -d "$lockdir" && test $i -gt 0; do
sleep 1
i=`expr $i - 1`
done
fi
i=`expr $i - 1`
done
trap - 1 2 13 15
if test $i -le 0; then
echo "$0: failed to acquire lock after $numtries attempts" >&2
echo "$0: check lockdir '$lockdir'" >&2
exit 1
fi
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
@ -278,57 +427,140 @@ icc)
sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process this invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
sed -e 's/$/ :/' >> "$depfile"
sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
hp2)
# The "hp" stanza above does not work with aCC (C++) and HP's ia64
# compilers, which have integrated preprocessors. The correct option
# to use with these is +Maked; it writes dependencies to a file named
# 'foo.d', which lands next to the object file, wherever that
# happens to be.
# Much of this is similar to the tru64 case; see comments there.
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir.libs/$base.d
"$@" -Wc,+Maked
else
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
"$@" +Maked
fi
stat=$?
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2"
exit $stat
fi
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
do
test -f "$tmpdepfile" && break
done
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile"
# Add 'dependent.h:' lines.
sed -ne '2,${
s/^ *//
s/ \\*$//
s/$/:/
p
}' "$tmpdepfile" >> "$depfile"
else
make_dummy_depfile
fi
rm -f "$tmpdepfile" "$tmpdepfile2"
;;
tru64)
# The Tru64 compiler uses -MD to generate dependencies as a side
# effect. `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
# effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'.
# At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
# dependencies in `foo.d' instead, so we check for that too.
# dependencies in 'foo.d' instead, so we check for that too.
# Subdirectories are respected.
dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
test "x$dir" = "x$object" && dir=
base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
set_dir_from "$object"
set_base_from "$object"
if test "$libtool" = yes; then
# Dependencies are output in .lo.d with libtool 1.4.
# They are output in .o.d with libtool 1.5.
tmpdepfile1="$dir.libs/$base.lo.d"
tmpdepfile2="$dir.libs/$base.o.d"
tmpdepfile3="$dir.libs/$base.d"
# Libtool generates 2 separate objects for the 2 libraries. These
# two compilations output dependencies in $dir.libs/$base.o.d and
# in $dir$base.o.d. We have to check for both files, because
# one of the two compilations can be disabled. We should prefer
# $dir$base.o.d over $dir.libs/$base.o.d because the latter is
# automatically cleaned when .libs/ is deleted, while ignoring
# the former would cause a distcleancheck panic.
tmpdepfile1=$dir$base.o.d # libtool 1.5
tmpdepfile2=$dir.libs/$base.o.d # Likewise.
tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504
"$@" -Wc,-MD
else
tmpdepfile1="$dir$base.o.d"
tmpdepfile2="$dir$base.d"
tmpdepfile3="$dir$base.d"
tmpdepfile1=$dir$base.d
tmpdepfile2=$dir$base.d
tmpdepfile3=$dir$base.d
"$@" -MD
fi
stat=$?
if test $stat -eq 0; then :
else
if test $stat -ne 0; then
rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
exit $stat
fi
if test -f "$tmpdepfile1"; then
tmpdepfile="$tmpdepfile1"
elif test -f "$tmpdepfile2"; then
tmpdepfile="$tmpdepfile2"
for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
do
test -f "$tmpdepfile" && break
done
# Same post-processing that is required for AIX mode.
aix_post_process_depfile
;;
msvc7)
if test "$libtool" = yes; then
showIncludes=-Wc,-showIncludes
else
tmpdepfile="$tmpdepfile3"
fi
if test -f "$tmpdepfile"; then
sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
# That's a tab and a space in the [].
sed -e 's,^.*\.[a-z]*:[ ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
else
echo "#dummy" > "$depfile"
showIncludes=-showIncludes
fi
"$@" $showIncludes > "$tmpdepfile"
stat=$?
grep -v '^Note: including file: ' "$tmpdepfile"
if test $stat -ne 0; then
rm -f "$tmpdepfile"
exit $stat
fi
rm -f "$depfile"
echo "$object : \\" > "$depfile"
# The first sed program below extracts the file names and escapes
# backslashes for cygpath. The second sed program outputs the file
# name when reading, but also accumulates all include files in the
# hold buffer in order to output them again at the end. This only
# works with sed implementations that can handle large buffers.
sed < "$tmpdepfile" -n '
/^Note: including file: *\(.*\)/ {
s//\1/
s/\\/\\\\/g
p
}' | $cygpath_u | sort -u | sed -n '
s/ /\\ /g
s/\(.*\)/'"$tab"'\1 \\/p
s/.\(.*\) \\/\1:/
H
$ {
s/.*/'"$tab"'/
G
p
}' >> "$depfile"
echo >> "$depfile" # make sure the fragment doesn't end with a backslash
rm -f "$tmpdepfile"
;;
msvc7msys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
#nosideeffect)
@ -342,13 +574,13 @@ dashmstdout)
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove `-o $object'.
# Remove '-o $object'.
IFS=" "
for arg
do
@ -368,18 +600,18 @@ dashmstdout)
done
test -z "$dashmflag" && dashmflag=-M
# Require at least two characters before searching for `:'
# Require at least two characters before searching for ':'
# in the target name. This is to cope with DOS-style filenames:
# a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
# a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise.
"$@" $dashmflag |
sed 's:^[ ]*[^: ][^:][^:]*\:[ ]*:'"$object"'\: :' > "$tmpdepfile"
sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
tr ' ' '
' < "$tmpdepfile" | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
# Some versions of the HPUX 10.20 sed can't process this sed invocation
# correctly. Breaking it into two sed invocations is a workaround.
tr ' ' "$nl" < "$tmpdepfile" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile"
;;
@ -393,41 +625,51 @@ makedepend)
"$@" || exit $?
# Remove any Libtool call
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# X makedepend
shift
cleared=no
for arg in "$@"; do
cleared=no eat=no
for arg
do
case $cleared in
no)
set ""; shift
cleared=yes ;;
esac
if test $eat = yes; then
eat=no
continue
fi
case "$arg" in
-D*|-I*)
set fnord "$@" "$arg"; shift ;;
# Strip any option that makedepend may not understand. Remove
# the object too, otherwise makedepend will parse it as a source file.
-arch)
eat=yes ;;
-*|$object)
;;
*)
set fnord "$@" "$arg"; shift ;;
esac
done
obj_suffix="`echo $object | sed 's/^.*\././'`"
obj_suffix=`echo "$object" | sed 's/^.*\././'`
touch "$tmpdepfile"
${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
rm -f "$depfile"
cat < "$tmpdepfile" > "$depfile"
sed '1,2d' "$tmpdepfile" | tr ' ' '
' | \
## Some versions of the HPUX 10.20 sed can't process this invocation
## correctly. Breaking it into two sed invocations is a workaround.
sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
# makedepend may prepend the VPATH from the source file name to the object.
# No need to regex-escape $object, excess matching of '.' is harmless.
sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile"
# Some versions of the HPUX 10.20 sed can't process the last invocation
# correctly. Breaking it into two sed invocations is a workaround.
sed '1,2d' "$tmpdepfile" \
| tr ' ' "$nl" \
| sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \
| sed -e 's/$/ :/' >> "$depfile"
rm -f "$tmpdepfile" "$tmpdepfile".bak
;;
@ -438,13 +680,13 @@ cpp)
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test $1 != '--mode=compile'; do
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
# Remove `-o $object'.
# Remove '-o $object'.
IFS=" "
for arg
do
@ -463,9 +705,10 @@ cpp)
esac
done
"$@" -E |
sed -n '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
sed '$ s: \\$::' > "$tmpdepfile"
"$@" -E \
| sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
-e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
| sed '$ s: \\$::' > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
cat < "$tmpdepfile" >> "$depfile"
@ -475,13 +718,27 @@ cpp)
msvisualcpp)
# Important note: in order to support this mode, a compiler *must*
# always write the preprocessed file to stdout, regardless of -o,
# because we must use -o when running libtool.
# always write the preprocessed file to stdout.
"$@" || exit $?
# Remove the call to Libtool.
if test "$libtool" = yes; then
while test "X$1" != 'X--mode=compile'; do
shift
done
shift
fi
IFS=" "
for arg
do
case "$arg" in
-o)
shift
;;
$object)
shift
;;
"-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
set fnord "$@"
shift
@ -494,16 +751,23 @@ msvisualcpp)
;;
esac
done
"$@" -E |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::echo "`cygpath -u \\"\1\\"`":p' | sort | uniq > "$tmpdepfile"
"$@" -E 2>/dev/null |
sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
rm -f "$depfile"
echo "$object : \\" > "$depfile"
. "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s:: \1 \\:p' >> "$depfile"
echo " " >> "$depfile"
. "$tmpdepfile" | sed 's% %\\ %g' | sed -n '/^\(.*\)$/ s::\1\::p' >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile"
echo "$tab" >> "$depfile"
sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
rm -f "$tmpdepfile"
;;
msvcmsys)
# This case exists only to let depend.m4 do its work. It works by
# looking at the text of this script. This case will never be run,
# since it is checked for above.
exit 1
;;
none)
exec "$@"
;;
@ -522,5 +786,6 @@ exit 0
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC"
# End:

View file

@ -25,7 +25,7 @@
#ifndef _COMMIO_SSL_H
#define _COMMIO_SSL_H
int rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list);
int rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list, const char *hostname);
int rb_init_ssl(void);
int rb_ssl_listen(rb_fde_t *F, int backlog, int defer_accept);

View file

@ -179,14 +179,14 @@ typedef void die_cb(const char *buffer);
char *rb_ctime(const time_t, char *, size_t);
char *rb_date(const time_t, char *, size_t);
void rb_lib_log(const char *, ...);
void rb_lib_restart(const char *, ...);
void rb_lib_restart(const char *, ...) __attribute__((noreturn));
void rb_lib_die(const char *, ...);
void rb_set_time(void);
const char *rb_lib_version(void);
void rb_lib_init(log_cb * xilog, restart_cb * irestart, die_cb * idie, int closeall, int maxfds,
size_t dh_size, size_t fd_heap_size);
void rb_lib_loop(long delay);
void rb_lib_loop(long delay) __attribute__((noreturn));
time_t rb_current_time(void);
const struct timeval *rb_current_time_tv(void);

View file

@ -103,9 +103,27 @@ void rb_note(rb_fde_t *, const char *);
#define RB_SSL_CERTFP_LEN 64
/* Methods for certfp */
#define RB_SSL_CERTFP_METH_SHA1 0
#define RB_SSL_CERTFP_METH_SHA256 1
#define RB_SSL_CERTFP_METH_SHA512 2
/* Digest of full X.509 certificate */
#define RB_SSL_CERTFP_METH_CERT_SHA1 0x0000
#define RB_SSL_CERTFP_METH_CERT_SHA256 0x0001
#define RB_SSL_CERTFP_METH_CERT_SHA512 0x0002
/* Digest of SubjectPublicKeyInfo (RFC 5280), used by DANE (RFC 6698) */
#define RB_SSL_CERTFP_METH_SPKI_SHA256 0x1001
#define RB_SSL_CERTFP_METH_SPKI_SHA512 0x1002
/* Names for certfp */
#define CERTFP_NAME_CERT_SHA1 "sha1"
#define CERTFP_PREFIX_CERT_SHA1 ""
#define CERTFP_NAME_CERT_SHA256 "sha256"
#define CERTFP_PREFIX_CERT_SHA256 ""
#define CERTFP_NAME_CERT_SHA512 "sha512"
#define CERTFP_PREFIX_CERT_SHA512 ""
/* These prefixes are copied from RFC 7218 */
#define CERTFP_NAME_SPKI_SHA256 "spki_sha256"
#define CERTFP_PREFIX_SPKI_SHA256 "SPKI:SHA2-256:"
#define CERTFP_NAME_SPKI_SHA512 "spki_sha512"
#define CERTFP_PREFIX_SPKI_SHA512 "SPKI:SHA2-512:"
#define RB_SSL_CERTFP_LEN_SHA1 20
#define RB_SSL_CERTFP_LEN_SHA256 32
@ -134,9 +152,10 @@ ssize_t rb_writev(rb_fde_t *, struct rb_iovec *vector, int count);
ssize_t rb_read(rb_fde_t *, void *buf, int count);
int rb_pipe(rb_fde_t **, rb_fde_t **, const char *desc);
int rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list);
int rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list, const char *hostname);
int rb_ssl_listen(rb_fde_t *, int backlog, int defer_accept);
int rb_listen(rb_fde_t *, int backlog, int defer_accept);
int rb_remove_ssl_vserver(const char *hostname);
const char *rb_inet_ntop(int af, const void *src, char *dst, unsigned int size);
int rb_inet_pton(int af, const char *src, void *dst);

View file

@ -59,5 +59,5 @@ void rb_helper_write_flush(rb_helper *helper);
void rb_helper_run(rb_helper *helper);
void rb_helper_close(rb_helper *helper);
int rb_helper_read(rb_helper *helper, void *buf, size_t bufsize);
void rb_helper_loop(rb_helper *helper, long delay);
void rb_helper_loop(rb_helper *helper, long delay) __attribute__((noreturn));
#endif

View file

@ -34,7 +34,7 @@
#include <stdlib.h>
void rb_outofmemory(void);
void rb_outofmemory(void) __attribute__((noreturn));
static inline void *
rb_malloc(size_t size)

View file

@ -1,7 +1,7 @@
#!/bin/sh
# install - install a program, script, or datafile
scriptversion=2013-12-25.23; # UTC
scriptversion=2014-09-12.12; # UTC
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
@ -324,34 +324,41 @@ do
# is incompatible with FreeBSD 'install' when (umask & 300) != 0.
;;
*)
# $RANDOM is not portable (e.g. dash); use it when possible to
# lower collision chance
tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0
# As "mkdir -p" follows symlinks and we work in /tmp possibly; so
# create the $tmpdir first (and fail if unsuccessful) to make sure
# that nobody tries to guess the $tmpdir name.
if (umask $mkdir_umask &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
$mkdirprog $mkdir_mode "$tmpdir" &&
exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1
then
if test -z "$dir_arg" || {
# Check for POSIX incompatibilities with -m.
# HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
# other-writable bit of parent directory when it shouldn't.
# FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
ls_ld_tmpdir=`ls -ld "$tmpdir"`
test_tmpdir="$tmpdir/a"
ls_ld_tmpdir=`ls -ld "$test_tmpdir"`
case $ls_ld_tmpdir in
d????-?r-*) different_mode=700;;
d????-?--*) different_mode=755;;
*) false;;
esac &&
$mkdirprog -m$different_mode -p -- "$tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
$mkdirprog -m$different_mode -p -- "$test_tmpdir" && {
ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"`
test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
}
}
then posix_mkdir=:
fi
rmdir "$tmpdir/d" "$tmpdir"
rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir"
else
# Remove any dirs left behind by ancient mkdir implementations.
rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null
fi
trap '' 0;;
esac;;

View file

@ -31,7 +31,7 @@
PROGRAM=libtool
PACKAGE=libtool
VERSION=2.4.6
VERSION="2.4.6 Debian-2.4.6-2"
package_revision=2.4.6
@ -2068,12 +2068,12 @@ include the following information:
compiler: $LTCC
compiler flags: $LTCFLAGS
linker: $LD (gnu? $with_gnu_ld)
version: $progname (GNU libtool) 2.4.6
version: $progname $scriptversion Debian-2.4.6-2
automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q`
autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
Report bugs to <bug-libtool@gnu.org>.
GNU libtool home page: <http://www.gnu.org/software/libtool/>.
GNU libtool home page: <http://www.gnu.org/s/libtool/>.
General help using GNU software: <http://www.gnu.org/gethelp/>."
exit 0
}
@ -7272,10 +7272,13 @@ func_mode_link ()
# -tp=* Portland pgcc target processor selection
# --sysroot=* for sysroot support
# -O*, -g*, -flto*, -fwhopr*, -fuse-linker-plugin GCC link-time optimization
# -specs=* GCC specs files
# -stdlib=* select c++ std lib with clang
# -fsanitize=* Clang/GCC memory and address sanitizer
-64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
-t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*|-tp=*|--sysroot=*| \
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*)
-O*|-g*|-flto*|-fwhopr*|-fuse-linker-plugin|-fstack-protector*|-stdlib=*| \
-specs=*|-fsanitize=*)
func_quote_for_eval "$arg"
arg=$func_quote_for_eval_result
func_append compile_command " $arg"
@ -7568,7 +7571,10 @@ func_mode_link ()
case $pass in
dlopen) libs=$dlfiles ;;
dlpreopen) libs=$dlprefiles ;;
link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
link)
libs="$deplibs %DEPLIBS%"
test "X$link_all_deplibs" != Xno && libs="$libs $dependency_libs"
;;
esac
fi
if test lib,dlpreopen = "$linkmode,$pass"; then
@ -7887,9 +7893,6 @@ func_mode_link ()
# It is a libtool convenience library, so add in its objects.
func_append convenience " $ladir/$objdir/$old_library"
func_append old_convenience " $ladir/$objdir/$old_library"
elif test prog != "$linkmode" && test lib != "$linkmode"; then
func_fatal_error "'$lib' is not a convenience library"
fi
tmp_libs=
for deplib in $dependency_libs; do
deplibs="$deplib $deplibs"
@ -7900,6 +7903,9 @@ func_mode_link ()
fi
func_append tmp_libs " $deplib"
done
elif test prog != "$linkmode" && test lib != "$linkmode"; then
func_fatal_error "'$lib' is not a convenience library"
fi
continue
fi # $pass = conv
@ -8823,6 +8829,9 @@ func_mode_link ()
revision=$number_minor
lt_irix_increment=no
;;
*)
func_fatal_configuration "$modename: unknown library version type '$version_type'"
;;
esac
;;
no)

View file

@ -1,11 +1,10 @@
#! /bin/sh
# Common stub for a few missing GNU programs while installing.
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2003-09-02.23
scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003
# Free Software Foundation, Inc.
# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@ -18,9 +17,7 @@ scriptversion=2003-09-02.23
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
# 02111-1307, USA.
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
@ -28,333 +25,191 @@ scriptversion=2003-09-02.23
# the same distribution terms that you use for the rest of that program.
if test $# -eq 0; then
echo 1>&2 "Try \`$0 --help' for more information"
echo 1>&2 "Try '$0 --help' for more information"
exit 1
fi
run=:
case $1 in
# In the cases where this matters, `missing' is being run in the
# srcdir already.
if test -f configure.ac; then
configure_ac=configure.ac
else
configure_ac=configure.in
fi
msg="missing on your system"
case "$1" in
--run)
# Try to run requested program, and just exit if it succeeds.
run=
shift
"$@" && exit 0
# Exit code 63 means version mismatch. This often happens
# when the user try to use an ancient version of a tool on
# a file that requires a minimum version. In this case we
# we should proceed has if the program had been absent, or
# if --run hadn't been passed.
if test $? = 63; then
run=:
msg="probably too old"
fi
--is-lightweight)
# Used by our autoconf macros to check whether the available missing
# script is modern enough.
exit 0
;;
esac
# If it does not exist, or fails to run (possibly an outdated version),
# try to emulate it.
case "$1" in
--run)
# Back-compat with the calling convention used by older automake.
shift
;;
-h|--h|--he|--hel|--help)
echo "\
$0 [OPTION]... PROGRAM [ARGUMENT]...
Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
error status if there is no known handling for PROGRAM.
Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due
to PROGRAM being missing or too old.
Options:
-h, --help display this help and exit
-v, --version output version information and exit
--run try to run the given command, and emulate it if it fails
Supported PROGRAM values:
aclocal touch file \`aclocal.m4'
autoconf touch file \`configure'
autoheader touch file \`config.h.in'
automake touch all \`Makefile.in' files
bison create \`y.tab.[ch]', if possible, from existing .[ch]
flex create \`lex.yy.c', if possible, from existing .c
help2man touch the output file
lex create \`lex.yy.c', if possible, from existing .c
makeinfo touch the output file
tar try tar, gnutar, gtar, then tar without non-portable flags
yacc create \`y.tab.[ch]', if possible, from existing .[ch]
aclocal autoconf autoheader autom4te automake makeinfo
bison yacc flex lex help2man
Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and
'g' are ignored when checking the name.
Send bug reports to <bug-automake@gnu.org>."
exit $?
;;
-v|--v|--ve|--ver|--vers|--versi|--versio|--version)
echo "missing $scriptversion (GNU Automake)"
exit $?
;;
-*)
echo 1>&2 "$0: Unknown \`$1' option"
echo 1>&2 "Try \`$0 --help' for more information"
echo 1>&2 "$0: unknown '$1' option"
echo 1>&2 "Try '$0 --help' for more information"
exit 1
;;
aclocal*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acinclude.m4' or \`${configure_ac}'. You might want
to install the \`Automake' and \`Perl' packages. Grab them from
any GNU archive site."
touch aclocal.m4
;;
autoconf)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`${configure_ac}'. You might want to install the
\`Autoconf' and \`GNU m4' packages. Grab them from any GNU
archive site."
touch configure
;;
autoheader)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`acconfig.h' or \`${configure_ac}'. You might want
to install the \`Autoconf' and \`GNU m4' packages. Grab them
from any GNU archive site."
files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
test -z "$files" && files="config.h"
touch_files=
for f in $files; do
case "$f" in
*:*) touch_files="$touch_files "`echo "$f" |
sed -e 's/^[^:]*://' -e 's/:.*//'`;;
*) touch_files="$touch_files $f.in";;
esac
done
touch $touch_files
;;
# Run the given program, remember its exit status.
"$@"; st=$?
# If it succeeded, we are done.
test $st -eq 0 && exit 0
# Also exit now if we it failed (or wasn't found), and '--version' was
# passed; such an option is passed most likely to detect whether the
# program is present and works.
case $2 in --version|--help) exit $st;; esac
# Exit code 63 means version mismatch. This often happens when the user
# tries to use an ancient version of a tool on a file that requires a
# minimum version.
if test $st -eq 63; then
msg="probably too old"
elif test $st -eq 127; then
# Program was missing.
msg="missing on your system"
else
# Program was found and executed, but failed. Give up.
exit $st
fi
perl_URL=http://www.perl.org/
flex_URL=http://flex.sourceforge.net/
gnu_software_URL=http://www.gnu.org/software
program_details ()
{
case $1 in
aclocal|automake)
echo "The '$1' program is part of the GNU Automake package:"
echo "<$gnu_software_URL/automake>"
echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/autoconf>"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
autoconf|autom4te|autoheader)
echo "The '$1' program is part of the GNU Autoconf package:"
echo "<$gnu_software_URL/autoconf/>"
echo "It also requires GNU m4 and Perl in order to run:"
echo "<$gnu_software_URL/m4/>"
echo "<$perl_URL>"
;;
esac
}
give_advice ()
{
# Normalize program name to check for.
normalized_program=`echo "$1" | sed '
s/^gnu-//; t
s/^gnu//; t
s/^g//; t'`
printf '%s\n' "'$1' is $msg."
configure_deps="'configure.ac' or m4 files included by 'configure.ac'"
case $normalized_program in
autoconf*)
echo "You should only need it if you modified 'configure.ac',"
echo "or m4 files included by it."
program_details 'autoconf'
;;
autoheader*)
echo "You should only need it if you modified 'acconfig.h' or"
echo "$configure_deps."
program_details 'autoheader'
;;
automake*)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
You might want to install the \`Automake' and \`Perl' packages.
Grab them from any GNU archive site."
find . -type f -name Makefile.am -print |
sed 's/\.am$/.in/' |
while read f; do touch "$f"; done
echo "You should only need it if you modified 'Makefile.am' or"
echo "$configure_deps."
program_details 'automake'
;;
autom4te)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is needed, but is $msg.
You might have modified some files without having the
proper tools for further handling them.
You can get \`$1' as part of \`Autoconf' from any GNU
archive site."
file=`echo "$*" | sed -n 's/.*--output[ =]*\([^ ]*\).*/\1/p'`
test -z "$file" && file=`echo "$*" | sed -n 's/.*-o[ ]*\([^ ]*\).*/\1/p'`
if test -f "$file"; then
touch $file
else
test -z "$file" || exec >$file
echo "#! /bin/sh"
echo "# Created by GNU Automake missing as a replacement of"
echo "# $ $@"
echo "exit 0"
chmod +x $file
exit 1
fi
aclocal*)
echo "You should only need it if you modified 'acinclude.m4' or"
echo "$configure_deps."
program_details 'aclocal'
;;
bison|yacc)
echo 1>&2 "\
WARNING: \`$1' $msg. You should only need it if
you modified a \`.y' file. You may need the \`Bison' package
in order for those modifications to take effect. You can get
\`Bison' from any GNU archive site."
rm -f y.tab.c y.tab.h
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.y)
SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.c
fi
SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" y.tab.h
fi
autom4te*)
echo "You might have modified some maintainer files that require"
echo "the 'autom4te' program to be rebuilt."
program_details 'autom4te'
;;
esac
fi
if [ ! -f y.tab.h ]; then
echo >y.tab.h
fi
if [ ! -f y.tab.c ]; then
echo 'main() { return 0; }' >y.tab.c
fi
bison*|yacc*)
echo "You should only need it if you modified a '.y' file."
echo "You may want to install the GNU Bison package:"
echo "<$gnu_software_URL/bison/>"
;;
lex|flex)
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.l' file. You may need the \`Flex' package
in order for those modifications to take effect. You can get
\`Flex' from any GNU archive site."
rm -f lex.yy.c
if [ $# -ne 1 ]; then
eval LASTARG="\${$#}"
case "$LASTARG" in
*.l)
SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
if [ -f "$SRCFILE" ]; then
cp "$SRCFILE" lex.yy.c
fi
lex*|flex*)
echo "You should only need it if you modified a '.l' file."
echo "You may want to install the Fast Lexical Analyzer package:"
echo "<$flex_URL>"
;;
esac
fi
if [ ! -f lex.yy.c ]; then
echo 'main() { return 0; }' >lex.yy.c
fi
help2man*)
echo "You should only need it if you modified a dependency" \
"of a man page."
echo "You may want to install the GNU Help2man package:"
echo "<$gnu_software_URL/help2man/>"
;;
help2man)
if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
# We have it, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a dependency of a manual page. You may need the
\`Help2man' package in order for those modifications to take
effect. You can get \`Help2man' from any GNU archive site."
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
file=`echo "$*" | sed -n 's/.*--output=\([^ ]*\).*/\1/p'`
fi
if [ -f "$file" ]; then
touch $file
else
test -z "$file" || exec >$file
echo ".ab help2man is required to generate this page"
exit 1
fi
makeinfo*)
echo "You should only need it if you modified a '.texi' file, or"
echo "any other file indirectly affecting the aspect of the manual."
echo "You might want to install the Texinfo package:"
echo "<$gnu_software_URL/texinfo/>"
echo "The spurious makeinfo call might also be the consequence of"
echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might"
echo "want to install GNU make:"
echo "<$gnu_software_URL/make/>"
;;
makeinfo)
if test -z "$run" && (makeinfo --version) > /dev/null 2>&1; then
# We have makeinfo, but it failed.
exit 1
fi
echo 1>&2 "\
WARNING: \`$1' is $msg. You should only need it if
you modified a \`.texi' or \`.texinfo' file, or any other file
indirectly affecting the aspect of the manual. The spurious
call might also be the consequence of using a buggy \`make' (AIX,
DU, IRIX). You might want to install the \`Texinfo' package or
the \`GNU make' package. Grab either from any GNU archive site."
file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'`
if test -z "$file"; then
file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file`
fi
touch $file
;;
tar)
shift
if test -n "$run"; then
echo 1>&2 "ERROR: \`tar' requires --run"
exit 1
fi
# We have already tried tar in the generic part.
# Look for gnutar/gtar before invocation to avoid ugly error
# messages.
if (gnutar --version > /dev/null 2>&1); then
gnutar "$@" && exit 0
fi
if (gtar --version > /dev/null 2>&1); then
gtar "$@" && exit 0
fi
firstarg="$1"
if shift; then
case "$firstarg" in
*o*)
firstarg=`echo "$firstarg" | sed s/o//`
tar "$firstarg" "$@" && exit 0
;;
esac
case "$firstarg" in
*h*)
firstarg=`echo "$firstarg" | sed s/h//`
tar "$firstarg" "$@" && exit 0
;;
esac
fi
echo 1>&2 "\
WARNING: I can't seem to be able to run \`tar' with the given arguments.
You may want to install GNU tar or Free paxutils, or check the
command line arguments."
exit 1
;;
*)
echo 1>&2 "\
WARNING: \`$1' is needed, and is $msg.
You might have modified some files without having the
proper tools for further handling them. Check the \`README' file,
it often tells you about the needed prerequisites for installing
this package. You may also peek at any GNU archive site, in case
some other package would contain this missing \`$1' program."
exit 1
echo "You might have modified some files without having the proper"
echo "tools for further handling them. Check the 'README' file, it"
echo "often tells you about the needed prerequisites for installing"
echo "this package. You may also peek at any GNU archive site, in"
echo "case some other package contains this missing '$1' program."
;;
esac
}
exit 0
give_advice "$1" | sed -e '1s/^/WARNING: /' \
-e '2,$s/^/ /' >&2
# Propagate the correct exit status (expected to be 127 for a program
# not found, 63 for a program that failed due to version mismatch).
exit $st
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-end: "$"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

View file

@ -1,7 +1,7 @@
# Makefile.in generated by automake 1.15 from Makefile.am.
# Makefile.in generated by automake 1.15.1 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# Copyright (C) 1994-2017 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
@ -334,6 +334,7 @@ pdfdir = @pdfdir@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@

View file

@ -106,7 +106,7 @@ static HANDLE block_heap;
#define rb_bh_fail(x) _rb_bh_fail(x, __FILE__, __LINE__)
static void
static void __attribute__((noreturn))
_rb_bh_fail(const char *reason, const char *file, int line)
{
rb_lib_log("rb_heap_blockheap failure: %s (%s:%d)", reason, file, line);

View file

@ -336,11 +336,14 @@ rb_accept_tryaccept(rb_fde_t *F, void *data)
{
struct rb_sockaddr_storage st;
rb_fde_t *new_F;
rb_socklen_t addrlen = sizeof(st);
rb_socklen_t addrlen;
int new_fd;
while(1)
{
(void) memset(&st, 0x00, sizeof st);
addrlen = (rb_socklen_t) sizeof st;
new_fd = accept(F->fd, (struct sockaddr *)&st, &addrlen);
rb_get_errno();
if(new_fd < 0)
@ -742,9 +745,6 @@ mangle_mapped_sockaddr(struct sockaddr *in)
{
struct sockaddr_in6 *in6 = (struct sockaddr_in6 *)in;
if(in->sa_family == AF_INET)
return;
if(in->sa_family == AF_INET6 && IN6_IS_ADDR_V4MAPPED(&in6->sin6_addr))
{
struct sockaddr_in in4;
@ -754,7 +754,6 @@ mangle_mapped_sockaddr(struct sockaddr *in)
in4.sin_addr.s_addr = ((uint32_t *)&in6->sin6_addr)[3];
memcpy(in, &in4, sizeof(struct sockaddr_in));
}
return;
}
#endif
@ -1266,7 +1265,10 @@ inet_ntop6(const unsigned char *src, char *dst, unsigned int size)
if(words[i] == 0)
{
if(cur.base == -1)
cur.base = i, cur.len = 1;
{
cur.base = i;
cur.len = 1;
}
else
cur.len++;
}
@ -1365,17 +1367,14 @@ rb_inet_ntop_sock(struct sockaddr *src, char *dst, unsigned int size)
{
case AF_INET:
return (rb_inet_ntop(AF_INET, &((struct sockaddr_in *)src)->sin_addr, dst, size));
break;
#ifdef RB_IPV6
case AF_INET6:
return (rb_inet_ntop
(AF_INET6, &((struct sockaddr_in6 *)src)->sin6_addr, dst, size));
break;
#endif
default:
return NULL;
break;
}
return NULL;
}
/* char *
@ -2242,7 +2241,7 @@ rb_send_fd_buf(rb_fde_t *xF, rb_fde_t **F, int count, void *data, size_t datasiz
if(count > 0)
{
int len = CMSG_SPACE(sizeof(int) * count);
char buf[len];
char *buf = alloca(len);
msg.msg_control = buf;
msg.msg_controllen = len;
@ -2251,13 +2250,14 @@ rb_send_fd_buf(rb_fde_t *xF, rb_fde_t **F, int count, void *data, size_t datasiz
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int) * count);
for(unsigned int i = 0; i < count; i++)
for(int i = 0; i < count; i++)
{
((int *)CMSG_DATA(cmsg))[i] = rb_get_fd(F[i]);
}
msg.msg_controllen = cmsg->cmsg_len;
return sendmsg(rb_get_fd(xF), &msg, MSG_NOSIGNAL);
}
return sendmsg(rb_get_fd(xF), &msg, MSG_NOSIGNAL);
}
#else

View file

@ -46,16 +46,12 @@ rb_crypt(const char *key, const char *salt)
{
case '1':
return rb_md5_crypt(key, salt);
break;
case '5':
return rb_sha256_crypt(key, salt);
break;
case '6':
return rb_sha512_crypt(key, salt);
break;
default:
return NULL;
break;
};
}
else
@ -536,7 +532,7 @@ rb_do_des(uint32_t l_in, uint32_t r_in, uint32_t *l_out, uint32_t *r_out, int co
* l_in, r_in, l_out, and r_out are in pseudo-"big-endian" format.
*/
uint32_t l, r, *kl, *kr, *kl1, *kr1;
uint32_t f, r48l, r48r;
uint32_t f = 0, r48l, r48r;
int round;
if(count == 0)
@ -1951,6 +1947,9 @@ static void *rb_sha512_finish_ctx(struct sha512_ctx *ctx, void *resbuf)
return resbuf;
}
#ifndef _STRING_ARCH_unaligned
#define _STRING_ARCH_unaligned 0
#endif
static void rb_sha512_process_bytes(const void *buffer, size_t len, struct sha512_ctx *ctx)
{
@ -1980,7 +1979,7 @@ static void rb_sha512_process_bytes(const void *buffer, size_t len, struct sha51
/* Process available complete blocks. */
if (len >= 128)
{
#if !_STRING_ARCH_unaligned
#if (!_STRING_ARCH_unaligned)
/* To check alignment gcc has an appropriate operator. Other
compilers don't. */
# if __GNUC__ >= 2

View file

@ -48,6 +48,8 @@ rb_setselect
rb_settimeout
rb_setup_fd
rb_setup_ssl_server
rb_setup_ssl_server_hostname
rb_remove_ssl_vserver
rb_socket
rb_socketpair
rb_ssl_listen

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,37 @@
/*
* libratbox: a library used by ircd-ratbox and other things
* gnutls_ratbox.h: embedded data for GNUTLS backend
*
* Copyright (C) 2007-2008 ircd-ratbox development team
* Copyright (C) 2007-2008 Aaron Sethman <androsyn@ratbox.org>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
*/
static const char rb_gnutls_default_priority_str[] = ""
"+SECURE256:"
"+SECURE128:"
"!RSA:"
"+NORMAL:"
"!ARCFOUR-128:"
"!3DES-CBC:"
"!MD5:"
"+VERS-TLS1.2:"
"+VERS-TLS1.1:"
"!VERS-TLS1.0:"
"!VERS-SSL3.0:"
"%SAFE_RENEGOTIATION";

View file

@ -301,7 +301,6 @@ rb_linebuf_copy_raw(buf_head_t * bufhead, buf_line_t * bufline, char *data, int
clen = BUF_DATA_SIZE - bufline->len - 1;
memcpy(bufch, ch, clen);
bufline->buf[BUF_DATA_SIZE - 1] = '\0';
bufch = bufline->buf + BUF_DATA_SIZE - 2;
bufline->terminated = 1;
bufline->len = BUF_DATA_SIZE - 1;
bufhead->len += BUF_DATA_SIZE - 1;

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,237 @@
/*
* libratbox: a library used by ircd-ratbox and other things
* mbedtls_ratbox.h: embedded data for ARM MbedTLS backend
*
* Copyright (C) 2016 Aaron Jones <aaronmdjones@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
* $Id$
*/
#ifndef RB_MBEDTLS_EMBEDDED_DATA_H
#define RB_MBEDTLS_EMBEDDED_DATA_H
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/ssl.h"
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/error.h"
#include "mbedtls/debug.h"
#include "mbedtls/dhm.h"
#include "mbedtls/version.h"
/*
* Personalization string for CTR-DRBG initialization
*/
static const char rb_mbedtls_personal_str[] = "charybdis/librb personalization string";
/*
* Default list of supported ciphersuites
* The user can override this with the ssl_cipher_list option in ircd.conf
*
* The format for this option is the same as the macro names below, but
* with underscores replaced with hyphens, and without the initial MBEDTLS_
*
* For example;
* ssl_cipher_list = "TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384"
*
* Multiple ciphersuites can be separated by colons (:)
*
* ************************************************************************
*
* The ordering of the following list should be intuitive. Within the list;
*
* * All AEAD forward-secret ciphersuites are located first [1]
* * All SHA2 forward-secret ciphersuites are located second
* * All remaining forward-secret ciphersuites are located third
* * All non-forward-secret ciphersuites are located last, in the same order
*
* [1] Because in practice, they are the only secure ciphersuites available;
* the ETM extension for CBC ciphersuites has not seen wide adoption.
*
* In practice, all clients SHOULD support an AEAD forward-secret cipher,
* which the server will then negotiate as they are preferred.
*
* This choice can be revisited in future; please consult me first. -- amdj
*/
static const int rb_mbedtls_ciphersuites[] = {
// AEAD forward-secret ciphersuites
#ifdef MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
#endif
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM,
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM,
// SHA2 forward-secret ciphersuites
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384,
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
// Remaining forward-secret ciphersuites
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
// Non-forward-secret ciphersuites
MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384,
MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384,
MBEDTLS_TLS_RSA_WITH_AES_256_CCM,
MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256,
MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256,
MBEDTLS_TLS_RSA_WITH_AES_128_CCM,
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA,
MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA,
MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
// The end of list sentinel
0
};
/*
* YES, this is a hardcoded CA certificate.
*
* BEFORE YOU THROW YOUR ARMS UP IN A PANIC ABOUT A BACKDOOR, READ THIS TEXT!
*
* ARM mbedTLS required a CA certificate to be set in its configuration before it will
* process a client certificate from peers. Since we want to do that, and not all
* installations will have a CA certificate to hand, we have this.
*
* Its key was securely destroyed after being generated, but even if it wasn't, that
* doesn't matter; the IRCd will accept ALL certificates, whether signed by this CA
* certificate or not!
*
* After all, it only cares about certificates in as far as to generate a fingerprint
* for them.
*
* Yes, this is a massive hack, but there is no alternative for older versions.
*
* This issue was fixed in commit 39ae8cd2077d on the MbedTLS 2.5 development branch,
* released in version 2.5.1 on 19 June 2017. This certificate will not be used if
* that version (or greater) is installed.
*/
#if (MBEDTLS_VERSION_NUMBER < 0x02050100)
static const unsigned char rb_mbedtls_dummy_ca_certificate[825] = {
0x30, 0x82, 0x03, 0x35, 0x30, 0x82, 0x02, 0x1D, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
0x86, 0xC5, 0x1F, 0x62, 0xBE, 0xFC, 0x0B, 0xA8, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86,
0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x30, 0x31, 0x31, 0x2F, 0x30, 0x2D, 0x06, 0x03, 0x55,
0x04, 0x03, 0x0C, 0x26, 0x43, 0x68, 0x61, 0x72, 0x79, 0x62, 0x64, 0x69, 0x73, 0x20, 0x6D, 0x62,
0x65, 0x64, 0x54, 0x4C, 0x53, 0x20, 0x44, 0x75, 0x6D, 0x6D, 0x79, 0x20, 0x43, 0x41, 0x20, 0x43,
0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x36,
0x30, 0x35, 0x30, 0x34, 0x30, 0x38, 0x35, 0x32, 0x35, 0x33, 0x5A, 0x17, 0x0D, 0x34, 0x33, 0x30,
0x39, 0x32, 0x30, 0x30, 0x38, 0x35, 0x32, 0x35, 0x33, 0x5A, 0x30, 0x31, 0x31, 0x2F, 0x30, 0x2D,
0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x26, 0x43, 0x68, 0x61, 0x72, 0x79, 0x62, 0x64, 0x69, 0x73,
0x20, 0x6D, 0x62, 0x65, 0x64, 0x54, 0x4C, 0x53, 0x20, 0x44, 0x75, 0x6D, 0x6D, 0x79, 0x20, 0x43,
0x41, 0x20, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x30, 0x82, 0x01,
0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00,
0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xCA, 0x4B,
0xA6, 0xA1, 0x82, 0x5B, 0x06, 0xC6, 0x82, 0x76, 0x8E, 0xB2, 0x22, 0x37, 0x83, 0x91, 0x4B, 0xD0,
0xAE, 0x2F, 0xEE, 0x8E, 0x60, 0x04, 0xBA, 0x77, 0x8C, 0xD0, 0xCF, 0x5E, 0xA4, 0xFD, 0x80, 0xA1,
0x2E, 0xDC, 0x1F, 0xD9, 0x72, 0x2C, 0x28, 0x03, 0x27, 0x48, 0x23, 0x6E, 0x41, 0x49, 0x62, 0x09,
0x2D, 0xCF, 0x87, 0xA1, 0x45, 0x9D, 0x2B, 0x43, 0x6F, 0xBB, 0xDB, 0x23, 0xD8, 0xD9, 0x6D, 0x36,
0x4E, 0xA3, 0x85, 0x40, 0x4D, 0x72, 0xEC, 0x7B, 0xEF, 0x2B, 0x13, 0xE4, 0x6F, 0xDA, 0x23, 0x4F,
0x1C, 0xE7, 0xEA, 0xD9, 0x17, 0x2B, 0xD6, 0x67, 0x79, 0x42, 0xC3, 0x81, 0x9A, 0x77, 0x64, 0xC7,
0xC5, 0x44, 0xE1, 0xA4, 0xA3, 0x50, 0x8C, 0x1F, 0xCA, 0xD3, 0x6F, 0xC7, 0xFF, 0x2C, 0xBA, 0x7B,
0x21, 0x0C, 0xF3, 0xA9, 0x6A, 0x89, 0x74, 0x33, 0x60, 0xA1, 0xF8, 0x9F, 0xAA, 0x39, 0xA9, 0x45,
0x7E, 0x3D, 0x41, 0x67, 0x04, 0xF5, 0x9F, 0x47, 0x62, 0xAC, 0x65, 0xE0, 0x8D, 0x46, 0x9E, 0xD9,
0xE5, 0x77, 0xD5, 0x8C, 0x47, 0xA2, 0xFB, 0x7D, 0x94, 0x27, 0xC9, 0xB9, 0x3F, 0x4D, 0xF4, 0xFD,
0x19, 0x3C, 0xF6, 0x24, 0xAE, 0x70, 0xD7, 0x23, 0xE4, 0x64, 0x0A, 0xFC, 0x63, 0x89, 0x8A, 0xFE,
0xD0, 0x8E, 0x48, 0x1A, 0xD8, 0xC3, 0xA9, 0xEC, 0x9D, 0x0F, 0xC7, 0xC5, 0x22, 0xBC, 0x45, 0x4A,
0x2F, 0x4D, 0xF5, 0x0E, 0x4F, 0xFF, 0xAC, 0xE0, 0x55, 0xF4, 0x86, 0x04, 0x1B, 0x60, 0xDF, 0x4C,
0x25, 0xB9, 0xEC, 0x10, 0x0C, 0x54, 0x16, 0xDF, 0x42, 0xF0, 0x07, 0x00, 0x28, 0x81, 0x7C, 0x95,
0xAA, 0xC1, 0x01, 0xA3, 0xB8, 0xDF, 0x68, 0xCB, 0x55, 0xA7, 0x80, 0xCC, 0xE5, 0x3D, 0xE1, 0x68,
0x10, 0x27, 0x56, 0x94, 0x67, 0xEC, 0x82, 0x66, 0x3D, 0x96, 0x76, 0xC3, 0xEE, 0x23, 0x02, 0x03,
0x01, 0x00, 0x01, 0xA3, 0x50, 0x30, 0x4E, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16,
0x04, 0x14, 0xFF, 0xC8, 0xBA, 0x56, 0x74, 0xB1, 0x03, 0xA9, 0x79, 0x55, 0xFA, 0x58, 0x86, 0x13,
0xDE, 0xC0, 0xFA, 0xF2, 0x94, 0x62, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, 0x18, 0x30,
0x16, 0x80, 0x14, 0xFF, 0xC8, 0xBA, 0x56, 0x74, 0xB1, 0x03, 0xA9, 0x79, 0x55, 0xFA, 0x58, 0x86,
0x13, 0xDE, 0xC0, 0xFA, 0xF2, 0x94, 0x62, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05,
0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01,
0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x3D, 0x35, 0x69, 0x87, 0xEB, 0x41, 0xA9,
0x2A, 0x51, 0xF3, 0x28, 0x71, 0xB4, 0x06, 0x7F, 0x15, 0x5A, 0x6D, 0x88, 0x5B, 0xC8, 0x4C, 0xE1,
0x6C, 0xC7, 0xCB, 0x93, 0x63, 0x69, 0xFB, 0xA6, 0x6D, 0xC7, 0x44, 0x6B, 0xD6, 0x39, 0x46, 0x34,
0xFC, 0x45, 0x23, 0xD2, 0x29, 0x1B, 0xCC, 0x1C, 0x13, 0xD7, 0x63, 0x10, 0x81, 0xF5, 0x82, 0x45,
0xEC, 0xDC, 0x20, 0x5F, 0xBB, 0xC3, 0xE6, 0x4A, 0x07, 0xA7, 0xBD, 0x9E, 0xFC, 0x5D, 0xFE, 0xC5,
0x43, 0x3A, 0xC6, 0xA4, 0x6C, 0x5B, 0xF9, 0x63, 0x8F, 0xF9, 0xEB, 0xC2, 0xF4, 0xA7, 0xE4, 0x1B,
0x23, 0xFA, 0xE1, 0x5A, 0x79, 0xC5, 0x1D, 0x1D, 0xFC, 0xAA, 0x81, 0xF7, 0x21, 0x52, 0xC9, 0x46,
0x17, 0x1B, 0x24, 0x4B, 0x14, 0x5C, 0xF9, 0xB5, 0x86, 0x04, 0x80, 0x51, 0x95, 0xCF, 0x4E, 0x47,
0x32, 0x8A, 0x1E, 0x52, 0x2E, 0xBF, 0x08, 0x8E, 0x9E, 0xE3, 0x88, 0x45, 0xC3, 0x75, 0xD7, 0xAE,
0xC3, 0x7E, 0x7E, 0xE9, 0xC9, 0x5B, 0xD8, 0x58, 0x3B, 0x25, 0x53, 0x0C, 0x00, 0x21, 0x1A, 0x71,
0x12, 0x23, 0xA0, 0x35, 0x6E, 0xC9, 0x7D, 0x83, 0x5C, 0x19, 0xE4, 0x05, 0x84, 0x46, 0x4E, 0x50,
0xE2, 0x9E, 0x70, 0x2E, 0x74, 0x05, 0xEA, 0x31, 0x04, 0x55, 0xA7, 0xF4, 0x67, 0x95, 0xDC, 0x86,
0x1F, 0x9D, 0xA0, 0x5D, 0x7F, 0x29, 0x48, 0x84, 0xEF, 0x13, 0xB8, 0xB3, 0xBF, 0x65, 0xD4, 0x52,
0x98, 0x06, 0xE6, 0x8A, 0xB1, 0x36, 0xEA, 0x39, 0xB3, 0x04, 0x2B, 0x6E, 0x64, 0x6E, 0xF3, 0x20,
0x74, 0xB6, 0x6E, 0x21, 0x3B, 0x99, 0xFE, 0x6E, 0x70, 0x48, 0x78, 0xEA, 0x31, 0x95, 0xB3, 0xB0,
0x0E, 0x48, 0x83, 0x35, 0xA9, 0x74, 0xBF, 0x45, 0x07, 0xC8, 0x5A, 0x12, 0xA2, 0x4D, 0x16, 0xDB,
0xB3, 0x1F, 0x72, 0xDE, 0x2A, 0x28, 0xFE, 0x7C, 0x2D
};
#endif /* MBEDTLS_VERSION_NUMBER */
#endif /* RB_MBEDTLS_EMBEDDED_DATA_H */

View file

@ -34,7 +34,7 @@
#include <commio-ssl.h>
int
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list)
rb_setup_ssl_server(const char *cert, const char *keyfile, const char *dhfile, const char *cipher_list, const char *hostname)
{
errno = ENOSYS;
return 0;

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,141 @@
/*
* libratbox: a library used by ircd-ratbox and other things
* openssl_ratbox.h: OpenSSL backend data
*
* Copyright (C) 2015-2016 Aaron Jones <aaronmdjones@gmail.com>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
* USA
*
*/
#ifndef LRB_OPENSSL_H_INC
#define LRB_OPENSSL_H_INC 1
#include <openssl/dh.h>
#include <openssl/ec.h>
#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>
#include <openssl/opensslv.h>
/*
* A long time ago, in a world far away, OpenSSL had a well-established mechanism for ensuring compatibility with
* regards to added, changed, and removed functions, by having an SSLEAY_VERSION_NUMBER macro. This was then
* renamed to OPENSSL_VERSION_NUMBER, but the old macro was kept around for compatibility until OpenSSL version
* 1.1.0.
*
* Then the OpenBSD developers decided that having OpenSSL in their codebase was a bad idea. They forked it to
* create LibreSSL, gutted all of the functionality they didn't want or need, and generally improved the library
* a lot. Then, as the OpenBSD developers are want to do, they packaged up LibreSSL for release to other
* operating systems, as LibreSSL Portable. Think along the lines of OpenSSH where they have also done this.
*
* The fun part of this story ends there. LibreSSL has an OPENSSL_VERSION_NUMBER macro, but they have set it to a
* stupidly high value, version 2.0. OpenSSL version 2.0 does not exist, and LibreSSL 2.2 does not implement
* everything OpenSSL 1.0.2 or 1.1.0 do. This completely breaks the entire purpose of the macro.
*
* The ifdef soup below is for LibreSSL compatibility. Please find whoever thought setting OPENSSL_VERSION_NUMBER
* to a version that does not exist was a good idea. Encourage them to realise that it is not. -- amdj
*/
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
# define LRB_SSL_NO_EXPLICIT_INIT 1
#endif
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10002000L)
# define LRB_HAVE_TLS_SET_CURVES 1
# if (OPENSSL_VERSION_NUMBER < 0x10100000L)
# define LRB_HAVE_TLS_ECDH_AUTO 1
# endif
#endif
#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20020002L)
# define LRB_HAVE_TLS_METHOD_API 1
#else
# if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
# define LRB_HAVE_TLS_METHOD_API 1
# endif
#endif
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L)
# define LRB_SSL_VTEXT_COMPILETIME OPENSSL_VERSION_TEXT
# define LRB_SSL_VTEXT_RUNTIME OpenSSL_version(OPENSSL_VERSION)
# define LRB_SSL_VNUM_COMPILETIME OPENSSL_VERSION_NUMBER
# define LRB_SSL_VNUM_RUNTIME OpenSSL_version_num()
# define LRB_SSL_FULL_VERSION_INFO 1
#else
# if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20200000L)
# define LRB_SSL_VTEXT_RUNTIME SSLeay_version(SSLEAY_VERSION)
# define LRB_SSL_VNUM_COMPILETIME LIBRESSL_VERSION_NUMBER
# else
# define LRB_SSL_VTEXT_RUNTIME SSLeay_version(SSLEAY_VERSION)
# define LRB_SSL_VNUM_COMPILETIME SSLEAY_VERSION_NUMBER
# endif
#endif
#if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER > 0x10101000L)
# define LRB_HAVE_TLS_ECDH_X25519 1
#else
# if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER > 0x2050100fL)
# define LRB_HAVE_TLS_ECDH_X25519 1
# endif
#endif
/*
* Default supported ciphersuites (if the user does not provide any) and
* curves (OpenSSL 1.0.2+). Hardcoded secp384r1 (NIST P-384) is used on
* OpenSSL 1.0.0 and 1.0.1 (if available).
*
* We prefer AEAD ciphersuites first in order of strength, then SHA2
* ciphersuites, then remaining suites.
*/
static const char rb_default_ciphers[] = ""
"aECDSA+kEECDH+CHACHA20:"
"aRSA+kEECDH+CHACHA20:"
"aRSA+kEDH+CHACHA20:"
"aECDSA+kEECDH+AESGCM:"
"aRSA+kEECDH+AESGCM:"
"aRSA+kEDH+AESGCM:"
"aECDSA+kEECDH+AESCCM:"
"aRSA+kEECDH+AESCCM:"
"aRSA+kEDH+AESCCM:"
"@STRENGTH:"
"aECDSA+kEECDH+HIGH+SHA384:"
"aRSA+kEECDH+HIGH+SHA384:"
"aRSA+kEDH+HIGH+SHA384:"
"aECDSA+kEECDH+HIGH+SHA256:"
"aRSA+kEECDH+HIGH+SHA256:"
"aRSA+kEDH+HIGH+SHA256:"
"aECDSA+kEECDH+HIGH:"
"aRSA+kEECDH+HIGH:"
"aRSA+kEDH+HIGH:"
"HIGH:"
"!3DES:"
"!aNULL";
#ifdef LRB_HAVE_TLS_SET_CURVES
# ifdef LRB_HAVE_TLS_ECDH_X25519
static char rb_default_curves[] = "X25519:P-521:P-384:P-256";
# else
static char rb_default_curves[] = "P-521:P-384:P-256";
# endif
#endif
#endif /* LRB_OPENSSL_H_INC */

View file

@ -223,8 +223,6 @@ rb_lib_loop(long delay)
if(rb_io_supports_event())
{
if(delay == 0)
delay = -1;
while(1)
rb_select(-1);
}

View file

@ -72,6 +72,5 @@ mo_die(struct Client *client_p __unused, struct Client *source_p, int parc, cons
}
ircd_shutdown(get_client_name(source_p, HIDE_IP));
return 0;
/* UNREACHABLE */
}

View file

@ -75,18 +75,12 @@ static void do_join_0(struct Client *client_p, struct Client *source_p);
static int check_channel_name_loc(struct Client *source_p, const char *name);
static void send_join_error(struct Client *source_p, int numeric, const char *name);
static void set_final_mode(struct Mode *mode, struct Mode *oldmode);
static char *set_final_mode(char *mbuf, char *parabuf, struct Mode *mode, struct Mode *oldmode);
static void remove_our_modes(struct Channel *chptr, struct Client *source_p);
static void remove_ban_list(struct Channel *chptr, struct Client *source_p,
rb_dlink_list * list, char c, int mems);
static char modebuf[MODEBUFLEN];
static char parabuf[MODEBUFLEN];
static const char *para[MAXMODEPARAMS];
static char *mbuf;
static int pargs;
/* Check what we will forward to, without sending any notices to the user
* -- jilles
*/
@ -394,6 +388,8 @@ m_join(struct Client *client_p, struct Client *source_p, int parc, const char *p
static int
ms_join(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
static char modebuf[MODEBUFLEN];
static char parabuf[MODEBUFLEN];
struct Channel *chptr;
static struct Mode mode;
time_t oldts;
@ -419,7 +415,7 @@ ms_join(struct Client *client_p, struct Client *source_p, int parc, const char *
if(parv[2][0] == '&')
return 0;
mbuf = modebuf;
char *mbuf = modebuf;
mode.key[0] = mode.forward[0] = '\0';
mode.mode = mode.limit = mode.join_num = mode.join_time = 0;
@ -465,7 +461,7 @@ ms_join(struct Client *client_p, struct Client *source_p, int parc, const char *
/* Lost the TS, other side wins, so remove modes on this side */
if(!keep_our_modes)
{
set_final_mode(&mode, &chptr->mode);
mbuf = set_final_mode(mbuf, parabuf, &mode, &chptr->mode);
chptr->mode = mode;
remove_our_modes(chptr, source_p);
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, chptr->invites.head)
@ -514,6 +510,8 @@ ms_join(struct Client *client_p, struct Client *source_p, int parc, const char *
static int
ms_sjoin(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
static char modebuf[MODEBUFLEN];
static char parabuf[MODEBUFLEN];
static char buf_uid[BUFSIZE];
static const char empty_modes[] = "0";
struct Channel *chptr;
@ -537,6 +535,7 @@ ms_sjoin(struct Client *client_p, struct Client *source_p, int parc, const char
int i, joinc = 0, timeslice = 0;
static char empty[] = "";
rb_dlink_node *ptr, *next_ptr;
const char *para[MAXMODEPARAMS];
if(parc < 5)
return 0;
@ -549,7 +548,7 @@ ms_sjoin(struct Client *client_p, struct Client *source_p, int parc, const char
return 0;
modebuf[0] = parabuf[0] = mode.key[0] = mode.forward[0] = '\0';
pargs = mode.mode = mode.limit = mode.join_num = mode.join_time = 0;
mode.mode = mode.limit = mode.join_num = mode.join_time = 0;
/* Hide connecting server on netburst -- jilles */
if (ConfigServerHide.flatten_links && !HasSentEob(source_p))
@ -557,7 +556,7 @@ ms_sjoin(struct Client *client_p, struct Client *source_p, int parc, const char
else
fakesource_p = source_p;
mbuf = modebuf;
char *mbuf = modebuf;
newts = atol(parv[1]);
s = parv[3];
@ -721,7 +720,7 @@ ms_sjoin(struct Client *client_p, struct Client *source_p, int parc, const char
chptr->join_count = chptr->join_delta = 0;
}
set_final_mode(&mode, oldmode);
mbuf = set_final_mode(mbuf, parabuf, &mode, oldmode);
chptr->mode = mode;
/* Lost the TS, other side wins, so remove modes on this side */
@ -775,9 +774,10 @@ ms_sjoin(struct Client *client_p, struct Client *source_p, int parc, const char
mbuf = modebuf;
para[0] = para[1] = para[2] = para[3] = empty;
pargs = 0;
len_uid = 0;
int pargs = 0;
/* if theres a space, theres going to be more than one nick, change the
* first space to \0, so s is just the first nick, and point p to the
* second nick
@ -1056,8 +1056,8 @@ send_join_error(struct Client *source_p, int numeric, const char *name)
}
}
static void
set_final_mode(struct Mode *mode, struct Mode *oldmode)
static char *
set_final_mode(char *mbuf, char *parabuf, struct Mode *mode, struct Mode *oldmode)
{
int dir = MODE_QUERY;
char *pbuf = parabuf;
@ -1175,7 +1175,9 @@ set_final_mode(struct Mode *mode, struct Mode *oldmode)
len = rb_sprintf(pbuf, "%s ", mode->forward);
pbuf += len;
}
*mbuf = '\0';
return mbuf;
}
/*
@ -1195,7 +1197,7 @@ remove_our_modes(struct Channel *chptr, struct Client *source_p)
int count = 0;
int i;
mbuf = lmodebuf;
char *mbuf = lmodebuf;
*mbuf++ = '-';
for(i = 0; i < MAXMODEPARAMS; i++)
@ -1298,7 +1300,7 @@ remove_ban_list(struct Channel *chptr, struct Client *source_p,
pbuf = lparabuf;
cur_len = mlen = rb_sprintf(lmodebuf, ":%s MODE %s -", source_p->name, chptr->chname);
mbuf = lmodebuf + mlen;
char *mbuf = lmodebuf + mlen;
RB_DLINK_FOREACH_SAFE(ptr, next_ptr, list->head)
{

View file

@ -375,7 +375,10 @@ ms_bmask(struct Client *client_p, struct Client *source_p, int parc, const char
{
*forward++ = '\0';
if(*forward == '\0')
tlen--, forward = NULL;
{
tlen--;
forward = NULL;
}
else
possibly_remove_lower_forward(fakesource_p,
mems, chptr, banlist,

View file

@ -116,7 +116,7 @@ mr_nick(struct Client *client_p, struct Client *source_p, int parc, const char *
struct Client *target_p;
char nick[NICKLEN];
if (strlen(client_p->id) == 3)
if (strlen(client_p->id) == 3 || (source_p->preClient && !EmptyString(source_p->preClient->id)))
{
exit_client(client_p, client_p, client_p, "Mixing client and server protocol");
return 0;

View file

@ -77,6 +77,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
int hop;
unsigned int required_mask;
const char *missing;
int ret;
name = parv[1];
hop = atoi(parv[2]);
@ -112,8 +113,12 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
/* Now we just have to call check_server and everything should be
* check for us... -A1kmm. */
switch (check_server(name, client_p))
ret = check_server(name, client_p);
switch (ret)
{
case 0:
/* success */
break;
case -1:
if(ConfigFileEntry.warn_no_nline)
{
@ -129,8 +134,6 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
exit_client(client_p, client_p, client_p, "Invalid servername.");
return 0;
/* NOT REACHED */
break;
case -2:
sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
@ -144,8 +147,6 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
exit_client(client_p, client_p, client_p, "Invalid credentials.");
return 0;
/* NOT REACHED */
break;
case -3:
sendto_realops_snomask(SNO_GENERAL, L_ALL,
@ -159,8 +160,6 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
exit_client(client_p, client_p, client_p, "Invalid host.");
return 0;
/* NOT REACHED */
break;
/* servername is > HOSTLEN */
case -4:
@ -172,8 +171,7 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
exit_client(client_p, client_p, client_p, "Invalid servername.");
return 0;
/* NOT REACHED */
break;
case -5:
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s requires SSL/TLS but is plaintext",
@ -183,6 +181,39 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
exit_client(client_p, client_p, client_p, "Access denied, requires SSL/TLS but is plaintext");
return 0;
case -6:
if (client_p->certfp)
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s has invalid certificate fingerprint %s",
name, client_p->certfp);
ilog(L_SERVER, "Access denied, invalid certificate fingerprint %s from %s",
client_p->certfp, log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid fingerprint.");
}
else
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s failed certificate validation",
name);
ilog(L_SERVER, "Access denied; certificate validation failed for certificate from %s",
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Invalid certificate.");
}
return 0;
default:
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Connection from servername %s rejected, unknown error %d",
name, ret);
ilog(L_SERVER, "Access denied, unknown error %d for server %s%s", ret,
EmptyString(client_p->name) ? name : "",
log_client_name(client_p, SHOW_IP));
exit_client(client_p, client_p, client_p, "Unknown error.");
return 0;
}
/* require TS6 for direct links */
@ -251,15 +282,15 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
return 0;
}
if(has_id(client_p) && (target_p = find_id(client_p->id)) != NULL)
{
if (client_p->preClient && !EmptyString(client_p->preClient->id)) {
if ((target_p = find_id(client_p->preClient->id)) != NULL) {
sendto_realops_snomask(SNO_GENERAL, is_remote_connect(client_p) ? L_NETWIDE : L_ALL,
"Attempt to re-introduce SID %s from %s%s (already in use by %s)",
client_p->id,
client_p->preClient->id,
EmptyString(client_p->name) ? name : "",
client_p->name, target_p->name);
ilog(L_SERVER, "Attempt to re-introduce SID %s from %s%s (already in use by %s)",
client_p->id,
client_p->preClient->id,
EmptyString(client_p->name) ? name : "",
log_client_name(client_p, SHOW_IP),
target_p->name);
@ -267,6 +298,9 @@ mr_server(struct Client *client_p, struct Client *source_p, int parc, const char
sendto_one(client_p, "ERROR :SID already exists.");
exit_client(client_p, client_p, client_p, "SID Exists");
return 0;
} else {
rb_strlcpy(client_p->id, client_p->preClient->id, sizeof(client_p->id));
}
}
/*

View file

@ -180,8 +180,8 @@ clicap_find(const char *data, int *negate, int *finished)
static void
clicap_generate(struct Client *source_p, const char *subcmd, int flags, int clear)
{
char buf[BUFSIZE];
char capbuf[BUFSIZE];
char buf[BUFSIZE] = { 0 };
char capbuf[BUFSIZE] = { 0 };
char *p;
int buflen = 0;
int curlen, mlen;
@ -237,8 +237,10 @@ clicap_generate(struct Client *source_p, const char *subcmd, int flags, int clea
*p = '\0';
sendto_one(source_p, "%s * :%s", buf, capbuf);
p = capbuf;
buflen = mlen;
memset(capbuf, 0, sizeof(capbuf));
}
if(clear)

View file

@ -97,7 +97,7 @@ mo_connect(struct Client *client_p, struct Client *source_p, int parc, const cha
return 0;
}
if(ServerConfSSL(server_p) && (!ssl_ok || !get_ssld_count()))
if(ServerConfSSL(server_p) && (!ircd_ssl_ok || !get_ssld_count()))
{
sendto_one_notice(source_p,
":Connect: Server %s is set to use SSL/TLS but SSL/TLS is not configured.",
@ -192,7 +192,7 @@ ms_connect(struct Client *client_p, struct Client *source_p, int parc, const cha
return 0;
}
if(ServerConfSSL(server_p) && (!ssl_ok || !get_ssld_count()))
if(ServerConfSSL(server_p) && (!ircd_ssl_ok || !get_ssld_count()))
{
sendto_one_notice(source_p,
":Connect: Server %s is set to use SSL/TLS but SSL/TLS is not configured.",

View file

@ -398,6 +398,12 @@ static struct InfoStruct info_table[] = {
&ConfigFileEntry.pace_wait_simple,
"Minimum delay between less intensive commands"
},
{
"listfake_wait",
OUTPUT_DECIMAL,
&ConfigFileEntry.listfake_wait,
"Time until real list command can be used"
},
{
"ping_cookie",
OUTPUT_BOOLEAN,

View file

@ -153,6 +153,32 @@ static int m_list(struct Client *client_p, struct Client *source_p, int parc, co
last_used = rb_current_time();
}
/* Disable LIST for a configured timespan after connect and send configured fake
* channels instead.
* Exempts: Opers, identifed users and users with spambot_exempt flag
*/
if (((source_p->localClient->firsttime + ConfigFileEntry.listfake_wait) > rb_current_time())
&& !IsOper(source_p) && !IsExemptSpambot(source_p) &&
!(source_p->user != NULL && !EmptyString(source_p->user->suser)))
{
struct fakechannel_entry *fakechannel;
struct DictionaryIter iter;
sendto_one(source_p, form_str(RPL_LISTSTART), me.name, source_p->name);
DICTIONARY_FOREACH(fakechannel, &iter, fakechannel_dict)
{
sendto_one(source_p, form_str(RPL_LIST), me.name, source_p->name,
"",
fakechannel->name,
(rand() % fakechannel->users_max + fakechannel->users_min),
fakechannel->topic);
}
sendto_one(source_p, form_str(RPL_LISTEND), me.name, source_p->name);
return 0;
}
return mo_list(client_p, source_p, parc, parv);
}

View file

@ -82,7 +82,7 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char *
client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
/* These are for servers only */
if(parc > 2 && client_p->user == NULL)
if(parc > 2 && client_p->user == NULL && client_p->preClient != NULL)
{
/*
* It looks to me as if orabidoo wanted to have more
@ -100,10 +100,10 @@ mr_pass(struct Client *client_p, struct Client *source_p, int parc, const char *
/* only mark as TS6 if the SID is valid.. */
if(IsDigit(parv[4][0]) && IsIdChar(parv[4][1]) &&
IsIdChar(parv[4][2]) && parv[4][3] == '\0' &&
EmptyString(client_p->id))
EmptyString(client_p->preClient->id))
{
client_p->localClient->caps |= CAP_TS6;
strcpy(client_p->id, parv[4]);
rb_strlcpy(client_p->preClient->id, parv[4], sizeof(client_p->preClient->id));
}
}
}

View file

@ -44,6 +44,7 @@
#include "reject.h"
#include "hash.h"
#include "cache.h"
#include "sslproc.h"
static int mo_rehash(struct Client *, struct Client *, int, const char **);
static int me_rehash(struct Client *, struct Client *, int, const char **);
@ -85,6 +86,22 @@ rehash_dns(struct Client *source_p)
restart_resolver();
}
static void
rehash_ssld(struct Client *source_p)
{
if (!IsOperAdmin(source_p))
{
sendto_one(source_p, form_str(ERR_NOPRIVS),
me.name, source_p->name, "admin");
return;
}
sendto_realops_snomask(SNO_GENERAL, L_ALL, "%s is restarting ssld",
get_oper_name(source_p));
restart_ssld();
}
static void
rehash_motd(struct Client *source_p)
{
@ -278,6 +295,7 @@ static struct hash_commands rehash_commands[] =
{
{"BANS", rehash_bans_loc },
{"DNS", rehash_dns },
{"SSLD", rehash_ssld },
{"MOTD", rehash_motd },
{"OMOTD", rehash_omotd },
{"TKLINES", rehash_tklines },
@ -336,6 +354,7 @@ do_rehash(struct Client *source_p, const char *type)
ilog(L_MAIN, "REHASH From %s[%s]", get_oper_name(source_p),
source_p->sockhost);
rehash(0);
rehash_ulimit();
remote_rehash_oper_p = NULL;
}
}
@ -359,13 +378,25 @@ mo_rehash(struct Client *client_p, struct Client *source_p, int parc, const char
}
if (parc > 2)
type = parv[1], target_server = parv[2];
{
type = parv[1];
target_server = parv[2];
}
else if (parc > 1 && (strchr(parv[1], '.') || strchr(parv[1], '?') || strchr(parv[1], '*')))
type = NULL, target_server = parv[1];
{
type = NULL;
target_server = parv[1];
}
else if (parc > 1)
type = parv[1], target_server = NULL;
{
type = parv[1];
target_server = NULL;
}
else
type = NULL, target_server = NULL;
{
type = NULL;
target_server = NULL;
}
if (target_server != NULL)
{

View file

@ -95,6 +95,5 @@ mo_restart(struct Client *client_p, struct Client *source_p, int parc, const cha
rb_sprintf(buf, "Server RESTART by %s", get_client_name(source_p, HIDE_IP));
restart(buf);
return 0;
/* UNREACHABLE */
}

View file

@ -1,6 +1,7 @@
/* modules/m_sasl.c
* Copyright (C) 2006 Michael Tharp <gxti@partiallystapled.com>
* Copyright (C) 2006 charybdis development team
* Copyright (C) 2016 ChatLounge IRC Network Development Team
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions are
@ -49,8 +50,12 @@ static int me_sasl(struct Client *, struct Client *, int, const char **);
static void abort_sasl(struct Client *);
static void abort_sasl_exit(hook_data_client_exit *);
static void advertise_sasl(struct Client *);
static void advertise_sasl_exit(hook_data_client_exit *);
static void advertise_sasl_cap(int);
static void advertise_sasl_new(struct Client *);
static void advertise_sasl_exit(void *);
static void advertise_sasl_config(void *);
static int sasl_agent_present = 0;
struct Message authenticate_msgtab = {
"AUTHENTICATE", 0, 0, 0, MFLG_SLOW,
@ -67,12 +72,38 @@ mapi_clist_av1 sasl_clist[] = {
mapi_hfn_list_av1 sasl_hfnlist[] = {
{ "new_local_user", (hookfn) abort_sasl },
{ "client_exit", (hookfn) abort_sasl_exit },
{ "new_remote_user", (hookfn) advertise_sasl },
{ "client_exit", (hookfn) advertise_sasl_exit },
{ "new_remote_user", (hookfn) advertise_sasl_new },
{ "after_client_exit", (hookfn) advertise_sasl_exit },
{ "conf_read_end", (hookfn) advertise_sasl_config },
{ NULL, NULL }
};
DECLARE_MODULE_AV1(sasl, NULL, NULL, sasl_clist, NULL, sasl_hfnlist, "$Revision: 1409 $");
static int
sasl_visible(void)
{
struct Client *agent_p = NULL;
if (ConfigFileEntry.sasl_service)
agent_p = find_named_client(ConfigFileEntry.sasl_service);
return agent_p != NULL && IsService(agent_p);
}
static int
_modinit(void)
{
sasl_agent_present = 0;
advertise_sasl_config(NULL);
return 0;
}
static void
_moddeinit(void)
{
advertise_sasl_cap(0);
}
DECLARE_MODULE_AV1(sasl, _modinit, _moddeinit, sasl_clist, NULL, sasl_hfnlist, "$Revision: 1409 $");
static int
m_authenticate(struct Client *client_p, struct Client *source_p,
@ -85,12 +116,18 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
if(!IsCapable(source_p, CLICAP_SASL))
return 0;
if (strlen(client_p->id) == 3)
if (strlen(client_p->id) == 3 || (source_p->preClient && !EmptyString(source_p->preClient->id)))
{
exit_client(client_p, client_p, client_p, "Mixing client and server protocol");
return 0;
}
if (*parv[1] == ':' || strchr(parv[1], ' '))
{
exit_client(client_p, client_p, client_p, "Malformed AUTHENTICATE");
return 0;
}
saslserv_p = find_named_client(ConfigFileEntry.sasl_service);
if (saslserv_p == NULL || !IsService(saslserv_p))
{
@ -122,9 +159,17 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
if(agent_p == NULL)
{
sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s",
if (!strcmp(parv[1], "*"))
{
sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
source_p->localClient->sasl_out = 0;
return 0;
}
sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s %c",
me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
source_p->host, source_p->sockhost);
source_p->host, source_p->sockhost,
IsSSL(source_p) ? 'S' : 'P');
if (!strcmp(parv[1], "EXTERNAL") && source_p->certfp != NULL)
sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s %s",
@ -138,9 +183,20 @@ m_authenticate(struct Client *client_p, struct Client *source_p,
rb_strlcpy(source_p->localClient->sasl_agent, saslserv_p->id, IDLEN);
}
else
{
if (!strcmp(parv[1], "*"))
{
sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
sendto_one(agent_p, ":%s ENCAP %s SASL %s %s D A", me.id, agent_p->servptr->name, source_p->id, agent_p->id);
source_p->localClient->sasl_out = 0;
return 0;
}
sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s",
me.id, agent_p->servptr->name, source_p->id, agent_p->id,
parv[1]);
}
source_p->localClient->sasl_out++;
return 0;
@ -173,6 +229,10 @@ me_sasl(struct Client *client_p, struct Client *source_p,
if(!IsService(agent_p))
return 0;
/* If SASL has been aborted, do nothing. */
if (target_p->localClient->sasl_out == 0)
return 0;
/* Reject if someone has already answered. */
if(*target_p->localClient->sasl_agent && strncmp(parv[1], target_p->localClient->sasl_agent, IDLEN))
return 0;
@ -236,7 +296,20 @@ abort_sasl_exit(hook_data_client_exit *data)
}
static void
advertise_sasl(struct Client *client_p)
advertise_sasl_cap(int available)
{
if (sasl_agent_present != available) {
if (available) {
sendto_local_clients_with_capability(CLICAP_CAP_NOTIFY, ":%s CAP * NEW :sasl", me.name);
} else {
sendto_local_clients_with_capability(CLICAP_CAP_NOTIFY, ":%s CAP * DEL :sasl", me.name);
}
sasl_agent_present = available;
}
}
static void
advertise_sasl_new(struct Client *client_p)
{
if (!ConfigFileEntry.sasl_service)
return;
@ -244,17 +317,22 @@ advertise_sasl(struct Client *client_p)
if (irccmp(client_p->name, ConfigFileEntry.sasl_service))
return;
sendto_local_clients_with_capability(CLICAP_CAP_NOTIFY, ":%s CAP * NEW :sasl", me.name);
advertise_sasl_cap(IsService(client_p));
}
static void
advertise_sasl_exit(hook_data_client_exit *data)
advertise_sasl_exit(void *ignored)
{
if (!ConfigFileEntry.sasl_service)
return;
if (irccmp(data->target->name, ConfigFileEntry.sasl_service))
return;
sendto_local_clients_with_capability(CLICAP_CAP_NOTIFY, ":%s CAP * DEL :sasl", me.name);
if (sasl_agent_present) {
advertise_sasl_cap(sasl_visible());
}
}
static void
advertise_sasl_config(void *ignored)
{
advertise_sasl_cap(sasl_visible());
}

View file

@ -46,7 +46,6 @@ DECLARE_MODULE_AV1(starttls, NULL, NULL, starttls_clist, NULL, NULL, "$Revision$
static int
mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
#ifdef HAVE_LIBCRYPTO
ssl_ctl_t *ctl;
rb_fde_t *F[2];
@ -59,7 +58,7 @@ mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const ch
return 1;
}
if (!ssl_ok || !get_ssld_count())
if (!ircd_ssl_ok || !get_ssld_count())
{
sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
return 1;
@ -80,7 +79,7 @@ mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const ch
sendto_one_numeric(client_p, RPL_STARTTLS, form_str(RPL_STARTTLS));
send_queued(client_p);
ctl = start_ssld_accept(client_p->localClient->F, F[1], rb_get_fd(F[0]));
ctl = start_ssld_accept(client_p->localClient->F, F[1], client_p->localClient->connid);
if (ctl != NULL)
{
client_p->localClient->F = F[0];
@ -90,8 +89,5 @@ mr_starttls(struct Client *client_p, struct Client *source_p, int parc, const ch
else
return 1;
#else
sendto_one_numeric(client_p, ERR_STARTTLS, form_str(ERR_STARTTLS), "TLS is not configured");
#endif
return 0;
}

View file

@ -48,6 +48,10 @@
#include "hash.h"
#include "reject.h"
#include "whowas.h"
#include "sslproc.h"
#define Lformat "%s %u %u %u %u %u :%ld %ld %s"
#define Sformat ":%s %d %s %s %u %u %u %u %u :%ld %ld %s"
static int m_stats (struct Client *, struct Client *, int, const char **);
@ -68,8 +72,6 @@ mapi_hlist_av1 stats_hlist[] = {
DECLARE_MODULE_AV1(stats, NULL, NULL, stats_clist, stats_hlist, NULL, "$Revision: 1608 $");
const char *Lformat = "%s %u %u %u %u %u :%u %u %s";
static void stats_l_list(struct Client *s, const char *, int, int, rb_dlink_list *, char,
int (*check_fn)(struct Client *target_p));
static void stats_l_client(struct Client *source_p, struct Client *target_p,
@ -108,6 +110,7 @@ static void stats_operedup(struct Client *);
static void stats_ports(struct Client *);
static void stats_tresv(struct Client *);
static void stats_resv(struct Client *);
static void stats_ssld(struct Client *);
static void stats_usage(struct Client *);
static void stats_tstats(struct Client *);
static void stats_uptime(struct Client *);
@ -161,6 +164,8 @@ static struct StatsStruct stats_cmd_table[] = {
{'Q', stats_resv, 1, 0, },
{'r', stats_usage, 1, 0, },
{'R', stats_usage, 1, 0, },
{'s', stats_ssld, 1, 1, },
{'S', stats_ssld, 1, 1, },
{'t', stats_tstats, 1, 0, },
{'T', stats_tstats, 1, 0, },
{'u', stats_uptime, 0, 0, },
@ -174,7 +179,7 @@ static struct StatsStruct stats_cmd_table[] = {
{'z', stats_memory, 1, 0, },
{'Z', stats_ziplinks, 1, 0, },
{'?', stats_servlinks, 0, 0, },
{(char) 0, (void (*)()) 0, 0, 0, }
{(char) 0, (void (*)(struct Client *)) 0, 0, 0, }
};
/*
@ -869,6 +874,24 @@ stats_resv(struct Client *source_p)
HASH_WALK_END
}
static void
stats_ssld_foreach(void *data, pid_t pid, int cli_count, enum ssld_status status)
{
struct Client *source_p = data;
sendto_one_numeric(source_p, RPL_STATSDEBUG,
"S :%u %c %u",
pid,
status == SSLD_DEAD ? 'D' : (status == SSLD_SHUTDOWN ? 'S' : 'A'),
cli_count);
}
static void
stats_ssld(struct Client *source_p)
{
ssld_foreach_info(stats_ssld_foreach, source_p);
}
static void
stats_usage (struct Client *source_p)
{
@ -1452,7 +1475,6 @@ stats_ziplinks (struct Client *source_p)
static void
stats_servlinks (struct Client *source_p)
{
static char Sformat[] = ":%s %d %s %s %u %u %u %u %u :%u %u %s";
long uptime, sendK, receiveK;
struct Client *target_p;
rb_dlink_node *ptr;
@ -1487,7 +1509,7 @@ stats_servlinks (struct Client *source_p)
(int) target_p->localClient->receiveK,
rb_current_time() - target_p->localClient->firsttime,
(rb_current_time() > target_p->localClient->lasttime) ?
(rb_current_time() - target_p->localClient->lasttime) : 0,
(rb_current_time() - target_p->localClient->lasttime) : (long) 0,
IsOper (source_p) ? show_capabilities (target_p) : "TS");
}
@ -1650,7 +1672,7 @@ stats_l_client(struct Client *source_p, struct Client *target_p,
(int) target_p->localClient->receiveK,
rb_current_time() - target_p->localClient->firsttime,
(rb_current_time() > target_p->localClient->lasttime) ?
(rb_current_time() - target_p->localClient->lasttime) : 0,
(rb_current_time() - target_p->localClient->lasttime) : (long) 0,
IsOper(source_p) ? show_capabilities(target_p) : "-");
}
@ -1669,7 +1691,7 @@ stats_l_client(struct Client *source_p, struct Client *target_p,
(int) target_p->localClient->receiveK,
rb_current_time() - target_p->localClient->firsttime,
(rb_current_time() > target_p->localClient->lasttime) ?
(rb_current_time() - target_p->localClient->lasttime) : 0,
(rb_current_time() - target_p->localClient->lasttime) : (long) 0,
"-");
}
}

View file

@ -63,7 +63,7 @@ mr_user(struct Client *client_p, struct Client *source_p, int parc, const char *
static char buf[BUFSIZE];
char *p;
if (strlen(client_p->id) == 3)
if (strlen(client_p->id) == 3 || (source_p->preClient && !EmptyString(source_p->preClient->id)))
{
exit_client(client_p, client_p, client_p, "Mixing client and server protocol");
return 0;

Some files were not shown because too many files have changed in this diff Show more