default.nix: drop rb_setenv for BANDB_PATH

Fixes: "bandb - bandb failure: Unable to open sqlite database: unable to open database file"
default.nix: enable ziplinks
2021-06-01 20:12:30 +02:00 · 2021-06-01 20:12:24 +02:00 · 2020-07-28 23:13:35 +02:00 · 2020-03-01 18:15:35 +01:00 · 2020-01-28 20:47:04 +00:00 · 2020-01-28 20:35:42 +00:00
561 changed files with 197034 additions and 52231 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,82 +0,0 @@
 name: CI
 on:
  push:
    branches: 
      - main
    paths-ignore:
      - 'doc/oper-guide/**'
      - 'CREDITS'
      - 'LICENSE'
      - 'NEWS.md'
      - 'README.md'
  pull_request:
    branches:
      - main
    paths-ignore:
      - 'doc/oper-guide/**'
      - 'CREDITS'
      - 'LICENSE'
      - 'NEWS.md'
      - 'README.md'
 jobs:
  linux:
    name: Linux
    runs-on: ${{ matrix.os }}
    strategy:
      fail-fast: false
      matrix:
        include:
          # Debian 10 Buster
          - os: ubuntu-20.04
            compiler: gcc-8
          - os: ubuntu-20.04
            compiler: clang-7
          # Ubuntu 20.04 Focal
          - os: ubuntu-20.04
            compiler: gcc-9
          - os: ubuntu-20.04
            compiler: clang-10
          # Debian 11 Bullseye
          - os: ubuntu-22.04
            compiler: gcc-10
          - os: ubuntu-22.04
            compiler: clang-11
          # Ubuntu 22.04 Jammy
          - os: ubuntu-22.04
            compiler: gcc-11
          - os: ubuntu-22.04
            compiler: clang-14
          # next
          - os: ubuntu-22.04
            compiler: gcc-12
    env:
      CC: ${{ matrix.compiler }}
    steps:
    - name: Install dependencies
      run: |
        sudo apt-get update
        sudo apt-get install -y --no-install-recommends \
          ${CC} \
          automake \
          autoconf \
          libtool \
          libsqlite3-dev \
          libhyperscan-dev \
          # EOF
    - uses: actions/checkout@v2
    - name: autogen.sh
      run: bash autogen.sh
    - name: configure
      run: CFLAGS="-Werror -Wno-unused-value -Wno-unused-parameter" ./configure --enable-assert=hard --enable-warnings
    - name: make
      run: make -j2
    - name: make check
      run: make check
    - name: make install
      run: make install
--- a/.github/workflows/docs.yaml
+++ b/.github/workflows/docs.yaml
@ -1,29 +0,0 @@
 name: Oper Guide
 on:
  push:
    branches:
      - main
    paths:
      - 'doc/oper-guide/**'
  pull_request:
    branches:
      - main
    paths:
      - 'doc/oper-guide/**'
 jobs:
  build:
    runs-on: ubuntu-18.04
    steps:
      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y --no-install-recommends \
            python-sphinx \
            texinfo \
            # EOF
      - uses: actions/checkout@v2
      - name: Build
        run: make -C doc/oper-guide html man info
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,6 @@
 tags
 Makefile
 *~
 *.a
 *.o
 *.so
 *.lo
@ -10,71 +9,31 @@ Makefile
 *.log
 *.sw?
 .deps
 .dirstamp
 .libs
 authd/authd
 bandb/bandb
 bandb/solanum-bantool
 autom4te.cache
-aclocal.m4
+bandb/bandb
-compile
+bandb/bantool
 confdefs.h
 config.guess
 config.sub
 depcomp
 ltmain.sh
 missing
 config.log
 config.status
 configure
 stamp-h1
 libltdl/
 librb/configure
 librb/compile
 librb/depcomp
 librb/aclocal.m4
 librb/include/librb_config.h
 librb/include/librb_config.h.in
 librb/include/librb-config.h
 librb/include/serno.h
 librb/librb.pc
 librb/ltmain.sh
 librb/missing
 librb/libratbox.pc
 librb/libtool
 librb/src/version.c
 librb/src/version.c.last
 scripts/*.tar.bz2
 scripts/*.tar.gz
 include/setup.h
-include/setup.h.in
+libratbox/include/libratbox_config.h
-ircd/solanum
+libratbox/include/librb-config.h
-ircd/ircd_parser.c
+libratbox/include/stamp-h1
-ircd/ircd_parser.h
+libratbox/libratbox.pc
-ircd/ircd_lexer.c
+libratbox/libtool
-ircd/version.c
+libratbox/src/version.c
-ircd/version.c.last
+libratbox/src/version.c.last
 scripts/*.tbz2
 scripts/*.tgz
 servlink/servlink
 src/ircd
 src/lex.yy.c
 src/version.c
 src/version.c.last
 src/y.tab.h
 src/y.tab.c
 ssld/ssld
 wsockd/wsockd
 testsuite/ircd.pid.*
 tools/solanum-mkpasswd
 tools/solanum-mkfingerprint
 tools/genssl
 tools/mkpasswd
 tools/viconf
 include/serno.h
 ircd/solanum
 ircd/version.c
 ircd/version.c.last
 /libtool
 Makefile.in
 m4/argz.m4
 m4/libtool.m4
 m4/ltargz.m4
 m4/ltdl.m4
 m4/ltoptions.m4
 m4/ltsugar.m4
 m4/ltversion.m4
 m4/lt~obsolete.m4
 *.dSYM/
 *.exe
--- a/.indent.pro
+++ b/.indent.pro
@ -0,0 +1,49 @@
 /* $Id: .indent.pro 238 2005-09-21 05:26:03Z nenolod $ */
 /* copy this file to the source dir then run indent file.c */
 --gnu-style
 /* This is the indent before the brace not inside the block. */
 --brace-indent0
 /* Indent case: by 2 and braces inside case by 0(then by 0)... */
 --case-brace-indentation0
 --case-indentation2
 --indent-level8
 /* Put while() on the brace from do... */
 --cuddle-do-while
 /* Disable an annoying format... */
 --no-space-after-function-call-names
 /* Disable an annoying format... */
 --dont-break-procedure-type
 /* Disable an annoying format... */
 --no-space-after-casts
 --line-length200
 /* typedefs */
 -T boolean_t
 -T node_t
 -T list_t
 -T tld_t
 -T kline_t
 -T EVH
 -T sra_t
 -T server_t
 -T user_t
 -T channel_t
 -T chanuser_t
 -T myuser_t
 -T mychan_t
 -T chanacs_t
 -T CONFIGENTRY
 -T CONFIGFILE
 -T Block
 -T MemBlock
 -T BlockHeap
--- a/.mailmap
+++ b/.mailmap
@ -1,14 +1,9 @@
 Aaron Sethman <androsyn@ratbox.org> androsyn <devnull@localhost>
 Alexander Færøy <ahf@0x90.dk> Alexander F?r?y <ahf@0x90.dk>
 Ariadne Conill <ariadne@dereferenced.org> <nenolod@atheme.org>
 Ariadne Conill <ariadne@dereferenced.org> <nenolod@dereferenced.org>
 Ariadne Conill <ariadne@dereferenced.org> nenolod <devnull@localhost>
 Brett Greenham <taros@shadowircd.net> B.Greenham <taros@shadowircd.net>
 Chris Mills <chris@chrisam.net> TheChrisAM <chris@chrisam.net>
 Chris Mills <chris@chrisam.net> freenode!ChrisAM <chris@chrisam.net>
-Elizabeth Myers <elizabeth@interlinked.me> <elizabeth@sporksirc.net>
+Elizabeth Jennifer Myers <elizabeth@sporksmoo.net> <elizabeth@sporksirc.net>
 Elizabeth Myers <elizabeth@interlinked.me> <elizabeth@sporksmoo.net>
 Elizabeth Myers <elizabeth@interlinked.me> <spaz@whotookspaz.org>
 Elly Fong-Jones <elly@leptoquark.net> Elly <elly@leptoquark.net>
 Jilles Tjoelker <jilles@stack.nl> jilles <devnull@localhost>
 Nathan Phillip Brink <binki@gentoo.org> <ohnobinki@ohnopublishing.net>
@ -18,5 +13,5 @@ Valeriy Yatsko <dwr@shadowircd.net> <darkwire@darkwire.ru>
 Valeriy Yatsko <dwr@shadowircd.net> <darkwire@ircd-charybdis.ru>
 Valeriy Yatsko <dwr@shadowircd.net> <darkwire@sellcenter.ru>
 Valeriy Yatsko <dwr@shadowircd.net> <dwr@it-penza.org>
-Christine Dodrill <shadow.h511@gmail.com> <quora@lavabit.com>
+William Pitcock <nenolod@dereferenced.org> <nenolod@atheme.org>
-Christine Dodrill <shadow.h511@gmail.com> <quorawings@gmail.com>
+William Pitcock <nenolod@dereferenced.org> nenolod <devnull@localhost>
--- a/.travis.yml
+++ b/.travis.yml
@ -0,0 +1,58 @@
 # Travis-CI Build for charybdis-3.5
 # see travis-ci.org for details
 language: c
 # Use the faster container-based infrastructure.
 sudo: false
 matrix:
  include:
    - os: linux
      compiler: gcc
      addons:
        apt:
          sources: ['ubuntu-toolchain-r-test']
          packages: ['gcc-4.8', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
      env: COMPILER=gcc-4.8
    - os: linux
      compiler: gcc
      addons:
        apt:
          sources: ['ubuntu-toolchain-r-test']
          packages: ['gcc-4.9', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
      env: COMPILER=gcc-4.9
    - os: linux
      compiler: gcc
      addons:
        apt:
          sources: ['ubuntu-toolchain-r-test']
          packages: ['gcc-5', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
      env: COMPILER=gcc-5
    - os: linux
      compiler: clang
      addons:
        apt:
          sources: ['ubuntu-toolchain-r-test', 'llvm-toolchain-precise-3.7']
          packages: ['clang-3.7', 'automake', 'autoconf', 'libtool', 'shtool', 'libsqlite3-dev', 'python-sphinx', 'texinfo']
      env: COMPILER=clang-3.7
    - os: osx
      compiler: clang
      env: COMPILER=clang LIBTOOLIZE=glibtoolize
 osx_image: xcode7.3
 cache:
  apt:
  ccache:
 script:
  - CC=$COMPILER ./configure --with-shared-sqlite
  - make -j4
  - make install
  - "if [ ${TRAVIS_OS_NAME} != 'osx' ]; then make -C doc/oper-guide html man info; fi"
--- a/50
+++ b/50
@ -1,28 +1,40 @@
-Solanum is based on Charybdis, which was based on ircd-ratbox.
+Charybdis started as an evolution from ircd-ratbox. Its development
 is led by a team of dedicated developers who have put a lot of time
 into the project, and it has seen use on a variety of different
 network configurations.
-Development is led by a group of representatives from Libera Chat
+The Charybdis core team, listed in nick-alphabetical order:
 and OFTC:
 amdj, Aaron Jones <amdj@libera.chat>
 dwfreed, Doug Freed <dwfreed@mtu.edu>
 ilbelkyr, Nicole Kleinhoff <ilbelkyr@libera.chat>
 mcintosh, Richie McIntosh <richiemcintosh@gmail.com>
 Myon, Christoph Berg <myon@oftc.net>
 spb, Stephen Bennet <spb@libera.chat>
 tomaw, Tom Wesley <tom@tomaw.net>
 The Charybdis team was:
 amdj, Aaron Jones <aaronmdjones -at- gmail.com>
 Ariadne, Ariadne Conill <ariadne -at- dereferenced.org>
 Elizafox, Elizabeth Myers <elizabeth -at- interlinked.me>
 jdhore, JD Horelick <jdhore1 -at- gmail.com>
 jilles, Jilles Tjoelker <jilles -at- stack.nl>
 kaniini, William Pitcock <nenolod -at- dereferenced.org>
 mr_flea, Keith Buck <mr_flea -at- esper.net>
 Simon, Simon Arlott <charybdis -at- uuid.uk>
 The following people are also project members, listed in nick-alphabetical
 order:
 grawity, Mantas Mikulėnas <grawity -at- gmail.com>
 jdhore, JD Horelick <jdhore1 -at- gmail.com>
 viatsko, Valerii Iatsko <dwr -at- codingbox.io>
-A full list of contributors to Charybdis and its predecessors
+The following people have made contributions to the Charybdis releases,
-is in doc/credits-past.txt.
+in nick-alphabetical order:
-Visit the Solanum website at: https://solanum.chat/
+AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
-Visit us on IRC at: irc.libera.chat #solanum
+anfl, Lee Hardy <lee -at- leeh.co.uk>
 beu, Elfyn McBratney <elfyn.mcbratney -at- gmail.com>
 dwr, Valery Yatsko <dwr -at- shadowircd.net> 
 Elizacat, Elizabeth Myers <elizabeth -at- interlinked.me>
 Entrope, Michael Poole <mdpoole -at- trolius.org> 
 gxti, Michael Tharp <gxti -at- partiallystapled.com>
 mniip <mniip -at- mniip.com>
 spb, Stephen Bennett <spb -at- attenuate.org>
 Taros, Brett Greenham <taros -at- shadowircd.net>
 ThaPrince, Jon Christopherson <jon -at- vile.com>
 twincest, River Tarnell <river -at- attenuate.org>
 w00t, Robin Burchell <surreal.w00t -at- gmail.com>
 Visit the Charybdis website at: http://www.charybdis.io/
 Visit us on IRC at: irc.charybdis.io #charybdis
--- a/6
+++ b/6
@ -0,0 +1,6 @@
 The Charybdis GIT repository can be checked out using the following command:
 	git clone git://github.com/charybdis-ircd/charybdis.git charybdis-devel
 Charybdis's GIT repository depot can be browsed over the internet at 
 the following address:
 	http://github.com/charybdis-ircd/charybdis
--- a/186
+++ b/186
@ -0,0 +1,186 @@
                           Charybdis INSTALL Document
   $Id: INSTALL 3384 2007-04-03 22:45:04Z jilles $
   Copyright (c) 2001 by ircd-hybrid team
   Copyright (c) 2002-2004 ircd-ratbox development team
   Copyright (c) 2005-2008 charybdis development team
     ----------------------------------------------------------------------
                                  HOW TO BUILD
   As of hybrid-4, the distribution uses GNU autoconf instead of the old
   Config script. The Makefile has also been updated to include CFLAGS
   defines for popular modern OSes.
   1. 
       Read the NEWS file to find out about the exciting new features in
       this version. Other good reads are BUGS, doc/ircd.conf.example, and
       README.FIRST.
   2. 
       Run the configure script. It will create include/setup.h and the
       Makefiles to match your system. In ircd-ratbox, the paths are now handled
       with the --prefix option to configure, not in config.h.
       /usr/local/ircd is the default if no prefix is specified.
       ./configure --prefix="/usr/local/ircd"
         Note: There are some special optional parameters to the configure
         script that some admins may wish to use.
          * 
            --enable-kqueue - Use the superior kqueue(2) system call as
            opposed to the default poll(2). This is currently only available
            on FreeBSD 4.1 or higher.
          * 
            --enable-devpoll - Enable the superior /dev/poll support on
            Solaris. Linux /dev/poll is broken and will not work with this
            option.
          * 
            --enable-epoll - Enable the superior Linux Edge-Triggered Polling
            system. This is currently only available on 2.5 Linux kernel
            versions or later.
          * 
            --enable-openssl - Enable the openssl dependent crypto functions.
            This will allow CHALLENGE to work and encrypted links. On systems
            where the configure script can automatically detect OpenSSL, this
            option is not necessary. If configure cannot find OpenSSL, you
            must specify a path with this option
            (--enable-openssl=/path/to/openssl)
          * 
            --enable-ipv6 - Enable IPv6 support.
          * 
            --enable-assert[=OPTION] - Enable some debugging code. OPTION is
            either 'soft' or 'hard' (default: hard). 'hard' should never be
            used on production servers as it may generate unnecessary cores.
            'soft' prevents cores from being generated but still imposes some
            additional load.
          * 
            --enable-small-net - Tunes the server for smaller networks by
            reducing the startup memory footprint. This should really only be
            used for *small* networks, as this tends to be a performance hit
            on larger networks.
          * 
            --with-nicklen=LENGTH - Sets the maximum NICK length. Note that
            this must be consistent across your entire network.
   3. 
       make should build ircd.
   4. 
       make install will install the server, modules, and tools in the
       the prefix specified when configure was run.
   5. 
       If you wish to enable the user log, oper log, and failed oper log,
       issue these commands at the shell prompt (in the prefix directory)
 $ touch logs/userlog
 $ touch logs/operlog
 $ touch logs/foperlog
         Note: If you use different names in ircd.conf, you must 'touch' the
         specific names.
     ----------------------------------------------------------------------
                                HOW TO GET HELP
   Send Check or Money Order to... just kidding! You're on your own for
   support. Try asking other ircd-ratbox admins on EFnet if you can't fix it
   yourself. If you do fix anything, however, please send context or unified
   diffs to ircd-ratbox@lists.ratbox.org so the fixes can be incorporated into
   the next release of ircd-hybrid. If ratbox crashes on you, PLEASE contact
   ircd-ratbox@lists.ratbox.org ASAP with a backtrace of the core.
   DISCUSSION: There is a mailing list for discussion of ratbox issues,
    To subscribe, visit:
       http://lists.ratbox.org/cgi-bin/mailman/listinfo/ircd-ratbox
     ----------------------------------------------------------------------
                                     NOTES
   The best way to get a backtrace of the core is to follow this sequence of
   instructions:
   1. 
       Change to the directory containing the core file
   2. 
       Run gdb on the binary and the core file. With an unmodified ircd-ratbox
       installation, an example command line is below (in the /usr/local/ircd
       directory)
 $ gdb bin/ircd ircd.core
   3. 
       At the "(gdb)" prompt, enter the command "bt"
   4. 
       Save the output of the backtrace command and send it to
       ircd-ratbox@lists.ratbox.org
   5. 
       Be sure to save the ircd binary, the modules, and the core file in a
       safe place in case the developers need to look deeper than a backtrace
       provides.
     ----------------------------------------------------------------------
                                 OPENSSL NOTES
   Older FreeBSD machines sometimes have the obsolete ports version of
   OpenSSL libcrypto in /usr/local/lib. When configure is used with
   --enable-openssl, and libintl is detected in /usr/local/lib, the
   /usr/local/lib directory will be searched BEFORE the system /usr/lib for
   libraries by the linker. The linker may try to link to the old
   /usr/local/lib libcrypto instead of the system /usr/lib libcrypto. Some
   older versions may cause error messages similar to the following:
 gcc -g -O2 -DIRCD_PREFIX=\"/home/wcampbel/ircd\" -Wl,-export-dynamic
 -L/usr/local/lib -o ircd blalloc.o channel.o vchannel.o class.o client.o
 dline_conf.o event.o fdlist.o fileio.o hash.o irc_string.o ircd.o ircdauth.o
 ircd_signal.o linebuf.o list.o listener.o m_error.o match.o memdebug.o
 modules.o motd.o mtrie_conf.o oldparse.o numeric.o packet.o parse.o res.o rsa.o
 restart.o s_auth.o s_bsd.o s_bsd_kqueue.o s_conf.o s_debug.o s_gline.o s_log.o
 s_misc.o s_serv.o s_stats.o s_user.o scache.o send.o sprintf_irc.o tools.o
 whowas.o lex.yy.o y.tab.o version.o -lintl -ldescrypt  -lcrypto -lfl
 rsa.o: In function `get_randomness':
 /home/wcampbel/dev/ircd-ratbox/src/rsa.c(.text+0x60): undefined reference to
 `RAND_pseudo_bytes'
 /usr/local/lib/libcrypto.so: undefined reference to `ERR_load_RSAREF_strings'
 /usr/local/lib/libcrypto.so: undefined reference to `RSA_PKCS1_RSAref'
 *** Error code 1
   If this is the case, you may need to rerun configure without the
   --enable-openssl option, manually edit src/Makefile and modules/Makefile
   to put -L/usr/lib before the -L/usr/local/lib in LDFLAGS, or remove the
   old OpenSSL from /usr/local, and recompile all applications that use
   libcrypto to use the system one.
--- a/1
+++ b/1
@ -1,3 +1,4 @@
 # $Id: LICENSE 6 2005-09-10 01:02:21Z nenolod $
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
--- a/Makefile.am
+++ b/Makefile.am
@ -1,60 +0,0 @@
 AUTOMAKE_OPTIONS = foreign
 ACLOCAL_AMFLAGS = -I m4
 SUBDIRS = librb
 if BUILD_LTDL
 SUBDIRS += libltdl
 endif
 SUBDIRS += ircd \
           ssld \
           wsockd \
           authd \
           bandb \
           tests \
           tools \
           modules \
           extensions \
           help \
           doc
 BUILT_SOURCES = include/serno.h
 include/serno.h:
 	@if [ -d .git ]; then \
 		revh=`git log -1 --date=format:%Y%m%d --pretty=format:%cd-%h`; \
 		datecode=`git log -1 --pretty=format:%ct`; \
 		if [ -n "$$revh" ]; then \
 			echo '#define SERNO "'$$revh'"' >include/serno.h ; \
 			echo "#define DATECODE $${datecode}UL" >>include/serno.h; \
 		fi \
 	fi
 	@if [ ! -f include/serno.h ]; then \
 		echo '#define SERNO "unknown"' >include/serno.h; \
 		echo '#define DATECODE 0UL' >>include/serno.h; \
 	fi
 install-data-hook:
 	test -d ${DESTDIR}${logdir} || mkdir -p ${DESTDIR}${logdir}
 install-exec-hook:
 	rm -f ${DESTDIR}${libdir}/*.la
 	rm -f ${DESTDIR}${moduledir}/*.la
 	rm -f ${DESTDIR}${moduledir}/autoload/*.la
 	rm -f ${DESTDIR}${moduledir}/extensions/*.la
 	rm -f ${DESTDIR}${libdir}/*.dll.a
 	rm -f ${DESTDIR}${moduledir}/*.dll.a
 	rm -f ${DESTDIR}${moduledir}/autoload/*.dll.a
 	rm -f ${DESTDIR}${moduledir}/extensions/*.dll.a
 distclean-local:
 	rm -f librb/include/librb-config.h
 clean-local:
 	rm -f include/serno.h
 	rm -f ircd/ircd_lexer.c
 	rm -f ircd/ircd_parser.c
 	rm -f ircd/ircd_parser.h
 	rm -f ircd/version.c
 	rm -f ircd/version.c.last
--- a/Makefile.in
+++ b/Makefile.in
@ -0,0 +1,162 @@
 #************************************************************************
 #*   IRC - Internet Relay Chat, Makefile
 #*   Copyright (C) 1990, Jarkko Oikarinen
 #*
 #*   This program is free software; you can redistribute it and/or modify
 #*   it under the terms of the GNU General Public License as published by
 #*   the Free Software Foundation; either version 1, or (at your option)
 #*   any later version.
 #*
 #*   This program is distributed in the hope that it will be useful,
 #*   but WITHOUT ANY WARRANTY; without even the implied warranty of
 #*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #*   GNU General Public License for more details.
 #*
 #*   You should have received a copy of the GNU General Public License
 #*   along with this program; if not, write to the Free Software
 #*   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 #*
 #*   $Id: Makefile.in 1347 2006-05-17 14:49:13Z nenolod $
 #*/
 RM=@RM@
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
 bindir		= @bindir@
 mandir		= @mandir@
 libdir          = @libdir@
 pkglibdir       = @pkglibdir@
 moduledir	= @moduledir@
 helpdir		= @helpdir@
 sysconfdir	= @sysconfdir@
 logdir		= @logdir@
 rundir		= @rundir@
 pkgrundir	= @pkgrundir@
 localstatedir	= @localstatedir@
 pkglocalstatedir= @pkglocalstatedir@
 PACKAGE_TARNAME	= @PACKAGE_TARNAME@
 # Default CFLAGS
 # CFLAGS = -g -O2 -DNDEBUG
 CFLAGS		= @CFLAGS@
 # Developers CFLAGS
 #CFLAGS= -g -O2 -Wunused -Wall -ggdb -pedantic -Wshadow -Wmissing-declarations
 # Default make flags - you may want to uncomment this on a multicpu machine
 #MFLAGS = -j 4
 #
 # For developers
 #CFLAGS= -g -O2 -Wall
 # You may need to define the FD_SETSIZE in order to overrule
 # the system one.
 #CFLAGS= -DNDEBUG -g -O2 -D"FD_SETSIZE=1024"
 SHELL=/bin/sh
 # `extensions' must be after `modules' for proper creation of $(moduledir).
 SUBDIRS=libratbox modules extensions src tools ssld bandb doc help
 CLEANDIRS = ${SUBDIRS}
 RSA_FILES=rsa_respond/README rsa_respond/respond.c rsa_respond/Makefile
 all:	build
 autoconf: configure.ac
 	autoconf
 	autoheader
 	${RM} -f config.cache
 build:
 	-@if [ ! -f include/setup.h ] ; then \
 		echo "Hmm...doesn't look like you've run configure..."; \
 		echo "Doing so now."; \
 		sh configure; \
 	fi
 	@if [ -d .git ] ; then \
 		revh=`git log -1 --date=short --pretty=format:%cd_%h 2>/dev/null | sed -e s/-//g -e s/_/-/`;\
 		[ -z "$$revh" ] || echo '#define SERNO "'$$revh'"' >include/serno.h ; \
 	elif [ -d .hg ] ; then \
 		revh=`hg parents --template '{date|shortdate}_{node|short}' 2>/dev/null | sed -e s/-//g -e s/_/-/`;\
 		[ -z "$$revh" ] || echo '#define SERNO "'$$revh'"' >include/serno.h ; \
 	fi
 	@[ -f include/serno.h ] || echo '#define SERNO "unknown"' >include/serno.h
 	@for i in $(SUBDIRS); do \
 		echo "build ==> $$i";\
 		cd $$i;\
 		${MAKE} || exit; cd ..;\
 	done
 clean:
 	${RM} -f *~ core rsa_respond.tar rsa_respond.tar.gz
 	@for i in $(CLEANDIRS); do \
 		echo "clean ==> $$i";\
 		cd $$i;\
 		${MAKE} clean; cd ..;\
 	done
 	-@if [ -f include/setup.h ] ; then \
 	echo "To really restart installation, make distclean" ; \
 	fi
 distclean:
 	${RM} -f Makefile *~ *.rej *.orig core ircd.core
 	${RM} -f config.status config.cache config.log
 	cd include; ${RM} -f setup.h *~ *.rej *.orig ; cd ..
 	@for i in $(CLEANDIRS); do \
 		echo "distclean ==> $$i";\
 		cd $$i;\
 		${MAKE} distclean; cd ..;\
 	done
 depend:
 	@[ -f include/serno.h ] || echo '#define SERNO "unknown"' >include/serno.h
 	@for i in $(SUBDIRS); do \
 		echo "depend ==> $$i";\
 		cd $$i;\
 		${MAKE} depend; cd ..;\
 	done
 lint:
 	@for i in $(SUBDIRS); do \
 		echo "lint ==> $$i";\
 		cd $$i;\
 		${MAKE} lint; cd ..;\
 	done
 install-mkdirs:
 	@echo "ircd: setting up ircd directory structure"
 	-@if test ! -d $(DESTDIR)$(prefix); then \
 		mkdir -p -m 755 $(DESTDIR)$(prefix); \
 	fi
 	-@if test ! -d $(DESTDIR)$(bindir); then \
 		mkdir -p -m 755 $(DESTDIR)$(bindir); \
 	fi
 	-@if test ! -d $(DESTDIR)$(sysconfdir); then \
 		mkdir -p -m 755 $(DESTDIR)$(sysconfdir); \
 	fi
 	-@if test ! -d $(DESTDIR)$(mandir); then \
 		mkdir -p -m 755 $(DESTDIR)$(mandir); \
 	fi
 	-@if test ! -d $(DESTDIR)$(logdir); then \
 		mkdir -p -m 755 $(DESTDIR)$(logdir); \
 	fi
 	-@if test ! -d '$(DESTDIR)$(pkgrundir)'; then \
 		mkdir -p -m 755 '$(DESTDIR)$(pkgrundir)'; \
 	fi
 	-@if test ! -d '$(DESTDIR)$(pkglocalstatedir)'; then \
 		mkdir -p -m 755 '$(DESTDIR)$(pkglocalstatedir)'; \
 	fi
 install: install-mkdirs all
 	@for i in $(SUBDIRS); do \
 		echo "install ==> $$i";\
 		cd $$i;\
 		${MAKE} install; \
 		cd ..; \
 	done
 rsa_respond:
 	@cd tools;\
 	echo "Creating rsa_respond.tar.gz";\
 	tar cf ../rsa_respond.tar $(RSA_FILES);\
 	cd ..;\
 	gzip rsa_respond.tar
--- a/NEWS.md
+++ b/NEWS.md
@ -1,202 +1,112 @@
 # News
-This is solanum 1.0-dev.
+This is charybdis 3.5.7, Copyright (c) 2005-2019 Charybdis team.
 See LICENSE for licensing details (GPL v2).
-## solanum-1.0
+## charybdis-3.5.7
-Includes changes from charybdis-4.1.3-dev.
+This is primarily a bugfix release.
 **This release includes breaking changes from charybdis 4.x.** Please pay close attention to
 bolded warnings in the full release notes below.
 ### build
 - Add `--with-asan` to configure to produce an ASan instrumented build
 ### server protocol
 - **Breaking:** Don't implicitly abort SASL when connection registration handshake completes;
  requires updating atheme to include https://github.com/atheme/atheme/pull/833.
 - OPER is now propagated globally, as :operator OPER opername privset
 ### user
- **Breaking:** invite-notify is now enabled by loading the invite-notify extension
+- modules/m_sasl.c: don't process messages if SASL has been aborted
- Prioritise older, more important client capabilities for clients that can only accept
+- src/s_user.c: don't corrupt usermodes on module unload/reload
  one line of CAP LS
 - Add the solanum.chat/realhost vendor capability (provided by extensions/cap\_realhost)
 - Add the solanum.chat/identify-msg vendor capability (provided by extensions/identify\_msg)
 - Server-side aliases preserve protocol framing characters
 - Add the +G user mode for soft callerid (implicitly allow users with a common channel)
 - /invite no longer punches through callerid
 - invite-notify now works
 - Rejectcached users are now sent the reason of the ban that caused their reject in most cases
 - Rejectcache entries expire when their corresponding K-lines do
 - One-argument /stats and zero-argument /motd are no longer ratelimited
 - Channel bans don't see through IP spoofs
 - Global /names now respects userhost-in-names
 - The `$j` extban is no longer usable inside ban exceptions
 - TLSv1 connections are accepted. They can still be disabled using OpenSSL config if you don't
  want them. TLSv1 existing is not thought to be a threat to up-to-date clients.
 ### oper
 - **Breaking:** Kick immunity for override is now its own extension, override\_kick\_immunity
 - **Breaking:** /stats A output now follows the same format as other stats letters
 - **Breaking:** helpops now uses +h instead of +H
 - **Breaking:** sno\_whois and the spy\_ extensions have been removed
 - **Breaking:** Using /wallops now requires the oper:wallops privilege instead of oper:massnotice
 - Opers now have their privset (identified by name) on remote servers
 - Oper-only umodes are refreshed after rehash and /grant
 - Extension modules can be reloaded
 - Override no longer spams about being enabled/disabled. It continues to spam on each use.
 - Add /testkline, which has the same syntax as /testline but doesn't check if the mask is ilined
 - /privs is now remote-capable and can respond with more than one line
 - Most commands now respect oper hiding
 - Massnotice (notice/privmsg to $$.../$#...) now alerts opers
 - Massnotice no longer imposes any restrictions on the target mask
 - /kline and /dline are hardened to invalid inputs
 - K/D-lines are more consistent about checking for encoded ipv4-in-ipv6 addresses
 - Add extensions/drain to reject new connections
 - Add extensions/filter to filter messages, parts and quits with a Hyperscan database
 - Add extensions/sasl\_usercloak to interpolate SASL account names into I-line spoofs
 ### conf
 - **Breaking:** Completely overhaul oper privs. All privset configs will need to be rewritten.
  See reference.conf for details.
 - Add the `kline_spoof_ip` I-line flag to make any spoof opaque to K-line matching
 - Add general::hide\_tkline\_duration to remove durations from user-visible ban reasons
 - Add general::hide\_opers, which behaves as if all opers have oper:hidden
 - Add general::post\_registration\_delay
 - Add general::tls\_ciphers\_oper\_only to hide TLS cipher details in /whois
 - Add channel::opmod\_send\_statusmsg to send messages allowed by +z to @#channel
 - Add class::max\_autoconn, with the behaviour of class::max\_number for servers prior to
  charybdis 4
 - Add `secure {}` blocks. Networks listed in a secure block gain +Z and can match `need_ssl` I-
  and O-lines.
 - Remove general::kline\_delay
 - If m\_webirc is loaded, connections that try to use a webirc auth block as their I-line will
  be disconnected on registration
 ### misc
- **Breaking:** WEBIRC now processes the "secure" option as specified by IRCv3. Web gateways that
+- modules/m_list.c: add fake /LIST reply output to help fight spambots
  do not set this option will need to be updated or their connections will show as insecure.
 - Successfully changing IP with WEBIRC now drops an identd username
-### code
+## charybdis-3.5.6
 - Channel lists are now kept sorted. A for-loop macro, `ITER_COMM_CHANNELS`, is introduced to
  efficiently compare two such lists.
-
+This is primarily a bugfix release.
 ## charybdis-4.1.2
 ### user
 - src/s\_user.c: don't corrupt usermodes on module unload/reload
 ## charybdis-4.1.1
 ### security
- Fix an issue with the PASS command and duplicate server instances.
+- doc/reference.conf: clarify: TLS server fingerprints are not optional
-
+- extensions/extb_ssl.c: add support for matching fingerprints
-### misc
+- libratbox/src/mbedtls.c: check public/private keys match
- Fix connection hang with blacklist/opm when ident is disabled.
+- libratbox/src/mbedtls.c: support ChaCha20-Poly1305 by default
 - Improve SASL CAP notification when the services server disconnects.
 - MbedTLS: Support ChaCha20-Poly1305 in default cipher suites.
 ## charybdis-4.1
 ### misc
 - SCTP is now supported for server connections (and optionally, user connections)
 ## charybdis-4.0.1
 ### server protocol
 - SJOIN messages were being constructed in a 1024 byte buffer and truncated to 512 bytes
  when sending. This caused channels with more than 50 users to fail to propagate all of
  them during a net join.
 ## charybdis-4.0
 ### build
 - Build system has been converted to libtool + automake for sanity reasons.
 - The compile date is now set at configure time rather than build time, allowing for
  reproducible builds. (#148, #149)
 - Support for GNUTLS 3.4 has been added.
 ### user
- Import the ability to exceed MAXCHANNELS from ircd-seven.
+- libratbox/src/commio.c: fix accept() for IPv6 after dropping IPv4
- Implement IRCv3.2 enhanced capability negotiation (`CAP LS 302`).
+- src/client.c: don't delete servers from the client hash table
- Implement support for receiving and sending IRCv3 message tags.
+- src/s_user.c: don't send fake MODE for clients with CHGHOST support
- Implement IRCv3.2 capabilities: (#141)
+- modules/m_sasl.c: abort session if we receive '*' as data
-  - account-tag
+- modules/m_sasl.c: check agent is present after every client exit
  - echo-message
  - invite-notify
  - sasl
  - server-time
 - SASL: certificate fingerprints are now always sent to the SASL agent, allowing for
  the certificate to be used as a second authentication factor.
 ### oper
 - Merge several features from ircd-seven:
  - Implement support for remote DIE/RESTART.
  - Implement support for remote MODLOAD et al commands.
  - Add the GRANT command which allows for temporarily opering a client.
  - Implement the hidden oper-only channel modes framework.
  - Implement a channel mode that disallows kicking IRC operators (+M).
 - Enhance the oper override system, allowing more flexibility and detail
  in network-wide notices.
 - DNS, ident, and blacklist lookups have been moved to a dedicated daemon known
  as authd. Some cosmetic changes to blacklist statistics and rejection notices
  have resulted.
 - An experimental OPM scanner has been added to authd. Plaintext SOCKS4,
  SOCKS5, and HTTP CONNECT proxies can be checked for.
 - The LOCOPS command has been moved from core to an extension.
 - All core modules in charybdis have descriptions, which are shown in MODLIST.
 - Suffixes should not be used when doing /MODLOAD, /MODUNLOAD, /MODRELOAD, etc.
 ### misc
- Support for WebSocket has been added, use the listen::wsock option to switch
+- configure: adjust dlopen/dlsym checks to work under libasan
-  a listener into websocket mode.
+- configure: allow exact PID file prefix to be specified
 - doc/: convert SGML oper guide to RST
 - doc/: point users to HELP EXTBAN for inline help
 - extensions/m_webirc.c: set sockhost before using it to set host
-### conf
+## charybdis-3.5.5
 - Add the ability to strip color codes from topics unconditionally.
 - The obsolete hub option from server info has been removed.
-### docs
+This is a minor bugfix release only
 - The documentation has been cleaned up; obsolete files have been purged, and
  files have been renamed and shuffled around to be more consistent.
-### code
+### misc
- `common.h` is gone. Everything useful in it was moved to `ircd_defs.h`.
+- GNUTLS: Initialise a variable before trying to load server certificates
- `config.h` is gone; the few remaining knobs in it were not for configuration
+- GNUTLS: Log why certificate fingerprint generation fails
-  by mere mortals, and mostly existed as a 2.8 relic. Most of the knobs live in
+- GNUTLS: Avoid using new tokens in the default priority string
-  `defaults.h`, but one is well-advised to stay away unless they know exactly
+
-  what they are doing.
+## charybdis-3.5.4
- A new module API has been introduced, known as AV2. It includes things such as
+
-  module datecodes (to ensure modules don't fall out of sync with the code),
+### security
-  module descriptions, and other fun things.
+- Disable TLSv1.0 in all backends
- Alias and module commands are now in m_alias and m_modules, respectively, and
+- Fix possible NULL dereference in mkpasswd
-  can be reloaded if need be. For sanity reasons, m_modules is a core module,
+- Backport SubjectPublicKeyInfo certificate digest methods from version 4
-  and cannot be unloaded.
+- Backport REHASH SSLD functionality from version 4
- irc_dictionary and irc_radixtree related functions are now in librb, and
+  - This allows new ssld processes to be started (to inherit a new or upgraded TLS backend
-  prefixed accordingly. Typedefs have been added for consistency with existing
+    library) without dropping any existing clients or active server links
-  data structures. For example, now you would write `rb_dictionary *foo` and
+
-  `RB_DICTIONARY_FOREACH`.
+### misc
- C99 bools are now included and used in the code. Don't use ints as simple true
+- Various memory leak fixes in newconf, sslproc, zlib
-  or false flags anymore. In accordance with this change, the `YES`/`NO` and
+- Fix crash bug when performing /whois on someone half-way through a CHALLENGE
-  `TRUE`/`FALSE` macros have been removed.
+- Fix crash bug when performing remote MODRESTART command
- Return types from command handlers have been axed, as they have been useless
+- Allow extban matching presence in secret (+s) channels
-  for years.
+
- libratbox has been renamed to librb, as we have diverged from upstream long
+## charybdis-3.5.3
-  ago.
+
- Almost all 2.8-style hashtable structures have been moved to dictionaries or
+### security
-  radix trees, resulting in significant memory savings.
+- incorporate all relevant security patches for charybdis through 6th September 2016:
- The block allocator has been disabled and is no longer used.
+  - fix issue allowing EXTERNAL authentications to be spoofed using a certificate not actually
- The ratbox client capabilities have been ported to use the ircd capabilities
+    held by the authenticating user
-  framework, allowing for modules to provide capabilities.
+
- Support for restarting ssld has been added.  ssld processes which are still
+### misc
-  servicing clients will remain in use, but not service new connections, and
+- mbedtls TLS backend improvements from charybdis 4 and 5:
-  are garbage collected when they are no longer servicing connections.
+  - add support for configurable ciphersuites
- Support for ratbox-style 'iodebug' hooks has been removed.
+  - disable legacy (SSLv2) renegotiation support if possible
- New channel types may be added by modules, see `extensions/chantype_dummy.c`
+  - disable session tickets if possible
-  for a very simple example.
+  - general robustness improvements
 - gnutls TLS backend improvements from charybdis 4:
  - make certfp support more reliable on newer gnutls versions
  - avoid possible null dereference when constructing ciphersuites
 - openssl TLS backend improvements from charybdis 4:
  - avoid a possible use-after-free issue when newer openssl versions cannot load keypairs in a rehash
  - improve compatibility with libressl
  - more robustly load DH parameters files
 - daemonization improvements from charybdis 4
 ## charybdis-3.5.2
 ### user
 - Allow IRCv3.1 STARTTLS to work with other SSL backends besides OpenSSL.
 - Fix an edge case regression involving channel ban cache that was introduced in 3.5.0.
 ### misc
 - Ensure ssld does not crash when DH parameters are not provided.
 - mbedtls TLS backend improvements from charybdis 4:
  - add support for CertFP
  - provide personalization data for the PRNG
  - fix library linking order
 - openssl TLS backend improvements from charybdis 4:
  - do not manually initialise openssl when running with OpenSSL 1.1.0 or later
  - support ECDHE on more than one curve on OpenSSL 1.0.2 and above
  - fix DH parameters memory leak
  - free the old TLS context before constructing a new one (#186)
 ## charybdis-3.5.1
 ### misc
 - Backport various ssld IPC improvements from master.
 ## charybdis-3.5.0
--- a/README.md
+++ b/README.md
@ -1,94 +1,66 @@
-# solanum ![Build Status](https://github.com/solanum-ircd/solanum/workflows/CI/badge.svg)
+# charybdis
-Solanum is an IRCv3 server designed to be highly scalable.  It implements IRCv3.1 and some parts of IRCv3.2.
+Charybdis is a reference implementation of the IRCv3.1 server component.  It is meant to be
 used with an IRCv3-capable services implementation such as [Atheme][atheme] or [Anope][anope].
-It is meant to be used with an IRCv3-capable services implementation such as [Atheme][atheme] or [Anope][anope].
+   [atheme]: http://www.atheme.net/
   [atheme]: https://atheme.github.io/
   [anope]: http://www.anope.org/
 # necessary requirements
 * A supported platform
- * A working dynamic library system
+ * A working dynamic load library.
- * A working lex and yacc - flex and bison should work
+ * A working lex.  Solaris /usr/ccs/bin/lex appears to be broken, on this system flex should be used.
 # platforms
 Solanum is developed on Linux with glibc, but is currently portable to most POSIX-compatible operating systems.
 However, this portability is likely to be removed unless someone is willing to maintain it.  If you'd like to be that
 person, please let us know on IRC.
 # platform specific errata
 These are known issues and workarounds for various platforms.
 * **macOS**: you must set the `LIBTOOLIZE` environment variable to point to glibtoolize before running autogen.sh:
   ```bash
   brew install libtool
   export LIBTOOLIZE="/usr/local/bin/glibtoolize"
   ./autogen.sh
   ```
 * **FreeBSD**: if you are compiling with ipv6 you may experience
   problems with ipv4 due to the way the socket code is written.  To
   fix this you must: `sysctl net.inet6.ip6.v6only=0`
 * **Solaris**: you may have to set your `PATH` to include `/usr/gnu/bin` and `/usr/gnu/sbin` before `/usr/bin`
   and `/usr/sbin`. Solaris's default tools don't seem to play nicely with the configure script. When running
   as a 32-bit binary, it should be started as:
   ```bash
   ulimit -n 4095 ; LD_PRELOAD_32=/usr/lib/extendedFILE.so.1 ./solanum
   ```
 # building
 ```bash
 sudo apt install build-essential pkg-config automake libtool libsqlite3-dev # or equivalent for your distribution
 ./autogen.sh
 ./configure --prefix=/path/to/installation
 make
 make check # run tests
 make install
 ```
 See `./configure --help` for build options.
 # feature specific requirements
 * For SSL/TLS client and server connections, one of:
-   * OpenSSL 1.0.0 or newer (`--enable-openssl`)
+   * OpenSSL 1.0.0 or newer (--enable-openssl)
-   * LibreSSL (`--enable-openssl`)
+   * LibreSSL (--enable-openssl)
-   * mbedTLS (`--enable-mbedtls`)
+   * MbedTLS (--enable-mbedtls)
-   * GnuTLS (`--enable-gnutls`)
+   * GnuTLS (--enable-gnutls)
 * For certificate-based oper CHALLENGE, OpenSSL 1.0.0 or newer.
   (Using CHALLENGE is not recommended for new deployments, so if you want to use a different TLS library,
    feel free.)
- * For ECDHE under OpenSSL, on Solaris you will need to compile your own OpenSSL on these systems, as they
+ * For ECDHE under OpenSSL, on Solaris and RHEL/Fedora (and its derivatives such as CentOS) you will
-   have removed support for ECC/ECDHE.  Alternatively, consider using another library (see above).
+   need to compile your own OpenSSL on these systems, as they have removed support for ECC/ECDHE.
   Alternatively, consider using another library (see above).
 # tips
- * To report bugs in Solanum, visit us at `#solanum` on [Libera Chat](https://libera.chat)
+ * To report bugs in charybdis, visit us on IRC at chat.freenode.net #charybdis
- * Please read [doc/readme.txt](doc/readme.txt) to get an overview of the current documentation.
+ * Please read doc/index.txt to get an overview of the current documentation.
- * Read the [NEWS.md](NEWS.md) file for what's new in this release.
+ * The files, /etc/services, /etc/protocols, and /etc/resolv.conf, SHOULD be
 * The files, `/etc/services`, `/etc/protocols`, and `/etc/resolv.conf`, SHOULD be
   readable by the user running the server in order for ircd to start with
-   the correct settings.  If these files are wrong, Solanum will try to use
+   the correct settings.  If these files are wrong, charybdis will try to use
-   `127.0.0.1` for a resolver as a last-ditch effort.
+   127.0.0.1 for a resolver as a last-ditch effort.
-# git access
+ * FREEBSD USERS: if you are compiling with ipv6 you may experience
   problems with ipv4 due to the way the socket code is written.  To
   fix this you must: "sysctl net.inet6.ip6.v6only=0"
- * The Solanum git repository can be checked out using the following command:
+ * SOLARIS USERS: this code appears to tickle a bug in older gcc and 
-	`git clone https://github.com/solanum-ircd/solanum`
+   egcs ONLY on 64-bit Solaris7.  gcc-2.95 and SunPro C on 64bit should
   work fine, and any gcc or SunPro compiled on 32bit.
- * Solanum's git repository can be browsed over the Internet at the following address:
+ * SUPPORTED PLATFORMS: this code should compile without any warnings on:
-	https://github.com/solanum-ircd/solanum
+
   * FreeBSD 10
   * Gentoo & Gentoo Hardened ~x86/~amd64/~fbsd
   * RHEL 6 / 7
   * Debian Jessie
   * OpenSuSE 11/12
   * OpenSolaris 2008.x?
   * Solaris 10 sparc.
  Please let us know if you find otherwise.  
  It probably does not compile on AIX, IRIX or libc5 Linux.
 * Please read NEWS for information about what is in this release.
 * Other files recommended for reading: BUGS, INSTALL
--- a/61
+++ b/61
@ -0,0 +1,61 @@
 / = in progress, x = done, ? = to be discussed, F = charybdis3.1 or next releases
 [/] finish legacy code removal
  [x] remove 2.8 report_error() in ratbox imported stuff
  [F] client.c, channel.c is very 2.8 style still. it'd be nice to pack them into their own 
      namespace and such. moreover, the other 2.8 code needs similar rewriting/reworking too...
  [x] merge m_join.c and m_sjoin.c in one module (same functions, done in ratbox3)
  [ ] rewrite s_auth.c
    [ ] authentication state/lock manager
    [ ] move resolver/auth checker code into separated modules 
 [x] port to libratbox
  [x] get it running
  [x] clean up maxconnections kludges &c
  [x] in-process SSL
  [x] port and use ratbox ssld for server links
  [x] merge with libratbox SVN
 [x] ssl stuff
  [x] client-to-client ssl
  [x] server-to-server ssl
  [x] ssl usermode (+Z)
  [x] ssl channelmode (done by extban and chm_compat)
  [x] tool for generating ssl certificates and other stuff
  [x] gnutls backend for at least SSL connections (replacing libcrypto use in m_challenge would be nice too)
 [x] merge some stuff from ircd-seven directly (to be determined what)
  [x] remote d:lines support
  [x] PASS selector:password for auth{} (useful for dynamic IPs)
 [ ] kline/xline/resv sync (what about spb's extension?)
 [x] drop non-TS6 (legacy protocol) support
 [?] Patch or core-feature - libguess on-fly any-charset-to-utf8 translation
 [x] module engine rework
  [?] MODULE_DEPEND and MODULE_CONFLICT for building extension dependencies (backport from shadowircd)
  [x] more beautiful way of adding new channel modes by module
    [x] basic functionality
    [x] some example modules
    [x] another idea is too make that work with privilege groups, like "serveradmins" or "ircops"
  [ ] make nick/user/host validation functions/match tables able to work in separated modules,
      this will help us making support for native characters sets/slashes in host etc
  [ ] auth checker module
  [ ] resolver module
  [x] privilege system for privilege groups, something like
     in .conf: helper { kill_global, rehash, kline_local }
     in modules: privilege_add("kill_global"), has_privilege(source_p, "kill_global") etc, should work the way dynamic cflags/umodes done
     -- this is done kinda like this, but not really. See HasPrivilege() calls. privilege_add() was not needed ~nenolod
 [x] Remove glines entirely
 [/] test suite as in ircu
 [?] win32
 [?] mingw support
 [R] win32 native support - VS doesn't follow C99, this will require us switching back to C89 with libratbox and (future) core
 [x] Bug fixes
  [x] Compilation without zlib headers fails - fixed
  [x] Compilation date and time in server welcome message is in OS locale - looks ugly 'cause often it's not match user's codepage
 [ ] Improvments
  [ ] ircd shouldn't need bison/byacc/yacc or flex for compilation
 --- other stuff
  [?] internally split out +o/+v "ranks" into a series of permissions. this could allow for configure-defined 
      special access levels, halfops, etc. (would need to match globally, somehow. extra SVINFO param?)
      might be backported from shadowircd in future (chanroles planned)
  [?] somehow hide channel operators like ircnet can do?
      couldn't be done via extension currently - compilation-time option acceptable?
  [x] create chmode.h and put there all declarations of chm_* - this will make some modules clean
  [?] Move oper override server WALLOPS to global server notices?
--- a/aclocal.m4
+++ b/aclocal.m4
@ -0,0 +1,16 @@
 # generated automatically by aclocal 1.15.1 -*- Autoconf -*-
 # Copyright (C) 1996-2017 Free Software Foundation, Inc.
 # This file is free software; the Free Software Foundation
 # gives unlimited permission to copy and/or distribute it,
 # with or without modifications, as long as this notice is preserved.
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY, to the extent permitted by law; without
 # even the implied warranty of MERCHANTABILITY or FITNESS FOR A
 # PARTICULAR PURPOSE.
 m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
 m4_include([m4/charybdis.m4])
 m4_include([m4/pkg.m4])
--- a/appveyor.yml
+++ b/appveyor.yml
@ -0,0 +1,2 @@
 except:
  - release/3.5
--- a/authd/Makefile.am
+++ b/authd/Makefile.am
@ -1,17 +0,0 @@
 pkglibexec_PROGRAMS = authd
 AM_CFLAGS=$(WARNFLAGS)
 AM_CPPFLAGS = -I../include -I../librb/include 
 authd_SOURCES =	\
 	authd.c	\
 	dns.c \
 	notice.c \
 	provider.c \
 	res.c \
 	reslib.c \
 	providers/dnsbl.c \
 	providers/ident.c \
 	providers/rdns.c \
 	providers/opm.c
 authd_LDADD = ../librb/src/librb.la
--- a/authd/authd.c
+++ b/authd/authd.c
@ -1,216 +0,0 @@
 /* authd/authd.c - main code for authd
 * Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #include "authd.h"
 #include "dns.h"
 #include "provider.h"
 #include "notice.h"
 #define MAXPARA 10
 static void error_cb(rb_helper *helper) __attribute__((noreturn));
 static void handle_reload(int parc, char *parv[]);
 static void handle_stat(int parc, char *parv[]);
 static void handle_options(int parc, char *parv[]);
 rb_helper *authd_helper = NULL;
 authd_cmd_handler authd_cmd_handlers[256] = {
 	['C'] = handle_new_connection,
 	['D'] = handle_resolve_dns,
 	['E'] = handle_cancel_connection,
 	['O'] = handle_options,
 	['R'] = handle_reload,
 	['S'] = handle_stat,
 };
 authd_stat_handler authd_stat_handlers[256] = {
 	['D'] = enumerate_nameservers,
 };
 authd_reload_handler authd_reload_handlers[256] = {
 	['D'] = reload_nameservers,
 };
 rb_dictionary *authd_option_handlers;
 static void
 handle_stat(int parc, char *parv[])
 {
 	authd_stat_handler handler;
 	unsigned long long rid;
 	if(parc < 3)
 	{
 		warn_opers(L_CRIT, "BUG: handle_stat received too few parameters (at least 3 expected, got %d)", parc);
 		return;
 	}
 	if((rid = strtoull(parv[1], NULL, 16)) > UINT32_MAX)
 	{
 		warn_opers(L_CRIT, "BUG: handle_stat got a rid that was too large: %s", parv[1]);
 		return;
 	}
 	if (!(handler = authd_stat_handlers[(unsigned char)parv[2][0]]))
 		return;
 	handler((uint32_t)rid, parv[2][0]);
 }
 static void
 handle_options(int parc, char *parv[])
 {
 	struct auth_opts_handler *handler;
 	if(parc < 2)
 	{
 		warn_opers(L_CRIT, "BUG: handle_options received too few parameters (at least 2 expected, got %d)", parc);
 		return;
 	}
 	if((handler = rb_dictionary_retrieve(authd_option_handlers, parv[1])) == NULL)
 	{
 		warn_opers(L_CRIT, "BUG: handle_options got a bad option type %s", parv[1]);
 		return;
 	}
 	if((parc - 2) < handler->min_parc)
 	{
 		warn_opers(L_CRIT, "BUG: handle_options received too few parameters (at least %d expected, got %d)", handler->min_parc, parc);
 		return;
 	}
 	handler->handler(parv[1], parc - 2, (const char **)&parv[2]);
 }
 static void
 handle_reload(int parc, char *parv[])
 {
 	authd_reload_handler handler;
 	if(parc <= 2)
 	{
 		/* Reload all handlers */
 		for(size_t i = 0; i < 256; i++)
 		{
 			if ((handler = authd_reload_handlers[(unsigned char) i]) != NULL)
 				handler('\0');
 		}
 		return;
 	}
 	if (!(handler = authd_reload_handlers[(unsigned char)parv[1][0]]))
 		return;
 	handler(parv[1][0]);
 }
 static void
 parse_request(rb_helper *helper)
 {
 	static char *parv[MAXPARA + 1];
 	static char readbuf[READBUF_SIZE];
 	int parc;
 	int len;
 	authd_cmd_handler handler;
 	while((len = rb_helper_read(helper, readbuf, sizeof(readbuf))) > 0)
 	{
 		parc = rb_string_to_array(readbuf, parv, MAXPARA);
 		if(parc < 1)
 			continue;
 		handler = authd_cmd_handlers[(unsigned char)parv[0][0]];
 		if (handler != NULL)
 			handler(parc, parv);
 	}
 }
 static void
 error_cb(rb_helper *helper)
 {
 	exit(EX_ERROR);
 }
 static void
 dummy_handler(int sig)
 {
 	return;
 }
 static void
 setup_signals(void)
 {
 	struct sigaction act;
 	act.sa_flags = 0;
 	act.sa_handler = SIG_IGN;
 	sigemptyset(&act.sa_mask);
 	sigaddset(&act.sa_mask, SIGPIPE);
 	sigaddset(&act.sa_mask, SIGALRM);
 #ifdef SIGTRAP
 	sigaddset(&act.sa_mask, SIGTRAP);
 #endif
 #ifdef SIGWINCH
 	sigaddset(&act.sa_mask, SIGWINCH);
 	sigaction(SIGWINCH, &act, 0);
 #endif
 	sigaction(SIGPIPE, &act, 0);
 #ifdef SIGTRAP
 	sigaction(SIGTRAP, &act, 0);
 #endif
 	act.sa_handler = dummy_handler;
 	sigaction(SIGALRM, &act, 0);
 }
 int
 main(int argc, char *argv[])
 {
 	setup_signals();
 	authd_helper = rb_helper_child(parse_request, error_cb, NULL, NULL, NULL, 256, 256, 256);	/* XXX fix me */
 	if(authd_helper == NULL)
 	{
 		fprintf(stderr, "authd is not meant to be invoked by end users\n");
 		exit(EX_ERROR);
 	}
 	rb_set_time();
 	setup_signals();
 	authd_option_handlers = rb_dictionary_create("authd options handlers", rb_strcasecmp);
 	init_resolver();
 	init_providers();
 	rb_init_prng(NULL, RB_PRNG_DEFAULT);
 	rb_helper_loop(authd_helper, 0);
 	/*
 	 * XXX this function will never be called from here -- is it necessary?
 	 */
 	destroy_providers();
 	return 0;
 }
--- a/authd/authd.h
+++ b/authd/authd.h
@ -1,59 +0,0 @@
 /* authd/dns.h - header for authd DNS functions
 * Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef _AUTHD_H
 #define _AUTHD_H
 #include "stdinc.h"
 #include "rb_lib.h"
 #include "rb_dictionary.h"
 #include "setup.h"
 #include "ircd_defs.h"
 typedef enum exit_reasons
 {
 	EX_ERROR = 1,
 	EX_DNS_ERROR = 2,
 	EX_PROVIDER_ERROR = 3,
 } exit_reasons;
 typedef void (*provider_opts_handler_t)(const char *, int, const char **);
 struct auth_opts_handler
 {
 	const char *option;
 	int min_parc;
 	provider_opts_handler_t handler;
 };
 extern rb_helper *authd_helper;
 typedef void (*authd_cmd_handler)(int parc, char *parv[]);
 typedef void (*authd_stat_handler)(uint32_t rid, const char letter);
 typedef void (*authd_reload_handler)(const char letter);
 extern authd_cmd_handler authd_cmd_handlers[256];
 extern authd_stat_handler authd_stat_handlers[256];
 extern authd_reload_handler authd_reload_handlers[256];
 extern rb_dictionary *authd_option_handlers;
 #endif
--- a/authd/dns.c
+++ b/authd/dns.c
@ -1,303 +0,0 @@
 /* authd/dns.c - authd DNS functions
 * Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #include "authd.h"
 #include "dns.h"
 #include "notice.h"
 #include "res.h"
 static void handle_lookup_ip_reply(void *data, struct DNSReply *reply);
 static void handle_lookup_hostname_reply(void *data, struct DNSReply *reply);
 uint64_t query_count = 0;
 /* A bit different from ircd... you just get a dns_query object.
 *
 * It gets freed whenever the res code gets back to us.
 */
 struct dns_query *
 lookup_ip(const char *host, int aftype, DNSCB callback, void *data)
 {
 	struct dns_query *query = rb_malloc(sizeof(struct dns_query));
 	int g_type;
 	if(aftype == AF_INET)
 	{
 		query->type = QUERY_A;
 		g_type = T_A;
 	}
 	else if(aftype == AF_INET6)
 	{
 		query->type = QUERY_AAAA;
 		g_type = T_AAAA;
 	}
 	else
 	{
 		rb_free(query);
 		return NULL;
 	}
 	query->id = query_count++;
 	query->callback = callback;
 	query->data = data;
 	query->query.ptr = query;
 	query->query.callback = handle_lookup_ip_reply;
 	gethost_byname_type(host, &query->query, g_type);
 	return query;
 }
 /* See lookup_ip's comment */
 struct dns_query *
 lookup_hostname(const char *ip, DNSCB callback, void *data)
 {
 	struct dns_query *query = rb_malloc(sizeof(struct dns_query));
 	int aftype;
 	if(!rb_inet_pton_sock(ip, &query->addr))
 	{
 		rb_free(query);
 		return NULL;
 	}
 	aftype = GET_SS_FAMILY(&query->addr);
 	if(aftype == AF_INET)
 		query->type = QUERY_PTR_A;
 	else if(aftype == AF_INET6)
 		query->type = QUERY_PTR_AAAA;
 	else
 	{
 		rb_free(query);
 		return NULL;
 	}
 	query->id = query_count++;
 	query->callback = callback;
 	query->data = data;
 	query->query.ptr = query;
 	query->query.callback = handle_lookup_hostname_reply;
 	gethost_byaddr(&query->addr, &query->query);
 	return query;
 }
 /* Cancel a pending query */
 void
 cancel_query(struct dns_query *query)
 {
 	query->callback = query->data = NULL;
 }
 /* Callback from gethost_byname_type */
 static void
 handle_lookup_ip_reply(void *data, struct DNSReply *reply)
 {
 	struct dns_query *query = data;
 	char ip[HOSTIPLEN] = "*";
 	if(query == NULL)
 	{
 		/* Shouldn't happen */
 		warn_opers(L_CRIT, "DNS: handle_lookup_ip_reply: query == NULL!");
 		exit(EX_DNS_ERROR);
 	}
 	if(reply == NULL)
 		goto end;
 	switch(query->type)
 	{
 	case QUERY_A:
 		if(GET_SS_FAMILY(&reply->addr) == AF_INET)
 			rb_inet_ntop_sock((struct sockaddr *)&reply->addr, ip, sizeof(ip));
 		break;
 	case QUERY_AAAA:
 		if(GET_SS_FAMILY(&reply->addr) == AF_INET6)
 		{
 			rb_inet_ntop_sock((struct sockaddr *)&reply->addr, ip, sizeof(ip));
 			if(ip[0] == ':')
 			{
 				memmove(&ip[1], ip, strlen(ip));
 				ip[0] = '0';
 			}
 		}
 		break;
 	default:
 		warn_opers(L_CRIT, "DNS: handle_lookup_ip_reply: unknown query type %d",
 				query->type);
 		exit(EX_DNS_ERROR);
 	}
 end:
 	if(query->callback)
 		query->callback(ip, ip[0] != '*', query->type, query->data);
 	rb_free(query);
 }
 /* Callback from gethost_byaddr */
 static void
 handle_lookup_hostname_reply(void *data, struct DNSReply *reply)
 {
 	struct dns_query *query = data;
 	char *hostname = NULL;
 	if(query == NULL)
 	{
 		/* Shouldn't happen */
 		warn_opers(L_CRIT, "DNS: handle_lookup_hostname_reply: query == NULL!");
 		exit(EX_DNS_ERROR);
 	}
 	if(reply == NULL)
 		goto end;
 	if(query->type == QUERY_PTR_A)
 	{
 		struct sockaddr_in *ip, *ip_fwd;
 		ip = (struct sockaddr_in *) &query->addr;
 		ip_fwd = (struct sockaddr_in *) &reply->addr;
 		if(ip->sin_addr.s_addr == ip_fwd->sin_addr.s_addr)
 			hostname = reply->h_name;
 	}
 	else if(query->type == QUERY_PTR_AAAA)
 	{
 		struct sockaddr_in6 *ip, *ip_fwd;
 		ip = (struct sockaddr_in6 *) &query->addr;
 		ip_fwd = (struct sockaddr_in6 *) &reply->addr;
 		if(memcmp(&ip->sin6_addr, &ip_fwd->sin6_addr, sizeof(struct in6_addr)) == 0)
 			hostname = reply->h_name;
 	}
 	else
 	{
 		/* Shouldn't happen */
 		warn_opers(L_CRIT, "DNS: handle_lookup_hostname_reply: unknown query type %d",
 				query->type);
 		exit(EX_DNS_ERROR);
 	}
 end:
 	if(query->callback)
 		query->callback(hostname, hostname != NULL, query->type, query->data);
 	rb_free(query);
 }
 static void
 submit_dns_answer(const char *reply, bool status, query_type type, void *data)
 {
 	char *id = data;
 	if(!id || type == QUERY_INVALID)
 	{
 		warn_opers(L_CRIT, "DNS: submit_dns_answer gave us a bad query");
 		exit(EX_DNS_ERROR);
 	}
 	if(reply == NULL || status == false)
 	{
 		rb_helper_write(authd_helper, "E %s E %c *", id, type);
 		rb_free(id);
 		return;
 	}
 	rb_helper_write(authd_helper, "E %s O %c %s", id, type, reply);
 	rb_free(id);
 }
 void
 handle_resolve_dns(int parc, char *parv[])
 {
 	char *id = rb_strdup(parv[1]);
 	char qtype = *parv[2];
 	char *record = parv[3];
 	int aftype = AF_INET;
 	switch(qtype)
 	{
 	case '6':
 		aftype = AF_INET6;
 	case '4':
 		if(!lookup_ip(record, aftype, submit_dns_answer, id))
 			submit_dns_answer(NULL, false, qtype, NULL);
 		break;
 	case 'S':
 	case 'R':
 		if(!lookup_hostname(record, submit_dns_answer, id))
 			submit_dns_answer(NULL, false, qtype, NULL);
 		break;
 	default:
 		warn_opers(L_CRIT, "DNS: handle_resolve_dns got an unknown query: %c", qtype);
 		exit(EX_DNS_ERROR);
 	}
 }
 void
 enumerate_nameservers(uint32_t rid, const char letter)
 {
 	char buf[(HOSTIPLEN + 1) * IRCD_MAXNS];
 	size_t s = 0;
 	if (!irc_nscount)
 	{
 		/* Shouldn't happen */
 		warn_opers(L_CRIT, "DNS: no name servers!");
 		stats_error(rid, letter, "NONAMESERVERS");
 		exit(EX_DNS_ERROR);
 	}
 	for(int i = 0; i < irc_nscount; i++)
 	{
 		char addr[HOSTIPLEN];
 		size_t addrlen;
 		rb_inet_ntop_sock((struct sockaddr *)&irc_nsaddr_list[i], addr, sizeof(addr));
 		if (!addr[0])
 		{
 			/* Shouldn't happen */
 			warn_opers(L_CRIT, "DNS: bad nameserver!");
 			stats_error(rid, letter, "INVALIDNAMESERVER");
 			exit(EX_DNS_ERROR);
 		}
 		addrlen = strlen(addr) + 1;
 		(void)snprintf(&buf[s], sizeof(buf) - s, "%s ", addr);
 		s += addrlen;
 	}
 	if(s > 0)
 		buf[--s] = '\0';
 	stats_result(rid, letter, "%s", buf);
 }
 void
 reload_nameservers(const char letter)
 {
 	/* Not a whole lot to it */
 	restart_resolver();
 }
--- a/authd/dns.h
+++ b/authd/dns.h
@ -1,61 +0,0 @@
 /* authd/dns.h - header for authd DNS functions
 * Copyright (c) 2016 Ariadne Conill <ariadne@dereferenced.org>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef _AUTHD_DNS_H
 #define _AUTHD_DNS_H
 #define DNS_REQ_IDLEN 10
 #include "stdinc.h"
 #include "res.h"
 #include "reslib.h"
 typedef enum
 {
 	QUERY_INVALID = 0,
 	QUERY_A = '4',
 	QUERY_AAAA = '6',
 	QUERY_PTR_A = 'R',
 	QUERY_PTR_AAAA = 'S',
 } query_type;
 /* Similar to that in ircd */
 typedef void (*DNSCB)(const char *res, bool status, query_type type, void *data);
 struct dns_query
 {
 	struct DNSQuery query;
 	query_type type;
 	struct rb_sockaddr_storage addr;
 	uint64_t id;
 	DNSCB callback;
 	void *data;
 };
 extern struct dns_query *lookup_hostname(const char *ip, DNSCB callback, void *data);
 extern struct dns_query *lookup_ip(const char *host, int aftype, DNSCB callback, void *data);
 extern void cancel_query(struct dns_query *query);
 extern void handle_resolve_dns(int parc, char *parv[]);
 extern void enumerate_nameservers(uint32_t rid, const char letter);
 extern void reload_nameservers(const char letter);
 #endif
--- a/authd/notice.c
+++ b/authd/notice.c
@ -1,84 +0,0 @@
 /* authd/notice.c - send notices back to the ircd and to clients
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #include "authd.h"
 #include "notice.h"
 /* Send a notice to a client */
 void
 notice_client(uint32_t cid, const char *fmt, ...)
 {
 	char buf[BUFSIZE];
 	va_list args;
 	va_start(args, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	rb_helper_write(authd_helper, "N %x :%s", cid, buf);
 }
 /* Send a warning to the IRC daemon for logging, etc. */
 void
 warn_opers(notice_level_t level, const char *fmt, ...)
 {
 	char buf[BUFSIZE];
 	va_list args;
 	va_start(args, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	rb_helper_write(authd_helper, "W %c :%s", level, buf);
 }
 /* Send a stats result */
 void
 stats_result(uint32_t cid, char letter, const char *fmt, ...)
 {
 	char buf[BUFSIZE];
 	va_list args;
 	va_start(args, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	rb_helper_write(authd_helper, "Y %x %c %s", cid, letter, buf);
 }
 /* Send a stats error */
 void
 stats_error(uint32_t cid, char letter, const char *fmt, ...)
 {
 	char buf[BUFSIZE];
 	va_list args;
 	va_start(args, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	rb_helper_write(authd_helper, "X %x %c %s", cid, letter, buf);
 }
 void
 stats_done(uint32_t cid, char letter)
 {
 	rb_helper_write(authd_helper, "Z %x %c", cid, letter);
 }
--- a/authd/notice.h
+++ b/authd/notice.h
@ -1,38 +0,0 @@
 /* authd/notice.h - send notices back to the ircd and to clients
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef __SOLANUM_AUTHD_NOTICE_H__
 #define __SOLANUM_AUTHD_NOTICE_H__
 typedef enum
 {
 	L_DEBUG = 'D',
 	L_INFO = 'I',
 	L_WARN = 'W',
 	L_CRIT ='C',
 } notice_level_t;
 void notice_client(uint32_t cid, const char *fmt, ...);
 void warn_opers(notice_level_t level, const char *fmt, ...);
 void stats_result(uint32_t cid, char letter, const char *fmt, ...);
 void stats_error(uint32_t cid, char letter, const char *fmt, ...);
 void stats_done(uint32_t cid, char letter);
 #endif /* __SOLANUM_AUTHD_NOTICE_H__ */
--- a/authd/provider.c
+++ b/authd/provider.c
@ -1,433 +0,0 @@
 /* authd/provider.c - authentication provider framework
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 /* The basic design here is to have "authentication providers" that do things
 * like query ident and DNSBLs and even open proxies.
 *
 * Providers are registered in the auth_providers linked list. It is planned to
 * use a bitmap to store provider ID's later.
 *
 * Providers can either return failure immediately, immediate acceptance, or do
 * work in the background (calling set_provider to signal this).
 *
 * Provider-specific data for each client can be kept in an index of the data
 * struct member (using the provider's ID).
 *
 * All providers must implement at a minimum a perform_provider function. You
 * don't have to implement the others if you don't need them.
 *
 * Providers may kick clients off by rejecting them. Upon rejection, all
 * providers are cancelled. They can also unconditionally accept them.
 *
 * When a provider is done and is neutral on accepting/rejecting a client, it
 * should call provider_done. Do NOT call this if you have accepted or rejected
 * the client.
 *
 * Eventually, stuff like *:line handling will be moved here, but that means we
 * have to talk to bandb directly first.
 *
 * --Elizafox, 9 March 2016
 */
 #include "stdinc.h"
 #include "rb_dictionary.h"
 #include "rb_lib.h"
 #include "authd.h"
 #include "provider.h"
 #include "notice.h"
 static EVH provider_timeout_event;
 rb_dictionary *auth_clients;
 rb_dlink_list auth_providers;
 static rb_dlink_list free_pids;
 static uint32_t allocated_pids;
 static struct ev_entry *timeout_ev;
 /* Set a provider's raw status */
 static inline void
 set_provider_status(struct auth_client *auth, uint32_t provider, provider_status_t status)
 {
 	auth->data[provider].status = status;
 }
 /* Set the provider as running */
 static inline void
 set_provider_running(struct auth_client *auth, uint32_t provider)
 {
 	auth->providers_active++;
 	set_provider_status(auth, provider, PROVIDER_STATUS_RUNNING);
 }
 /* Provider is no longer operating on this auth client */
 static inline void
 set_provider_done(struct auth_client *auth, uint32_t provider)
 {
 	set_provider_status(auth, provider, PROVIDER_STATUS_DONE);
 	auth->providers_active--;
 }
 /* Initalise all providers */
 void
 init_providers(void)
 {
 	auth_clients = rb_dictionary_create("pending auth clients", rb_uint32cmp);
 	timeout_ev = rb_event_addish("provider_timeout_event", provider_timeout_event, NULL, 1);
 	/* FIXME must be started before rdns/ident to receive completion notification from them */
 	load_provider(&dnsbl_provider);
 	load_provider(&opm_provider);
 	/* FIXME must be started after dnsbl/opm in case of early completion notifications */
 	load_provider(&rdns_provider);
 	load_provider(&ident_provider);
 }
 /* Terminate all providers */
 void
 destroy_providers(void)
 {
 	rb_dlink_node *ptr, *nptr;
 	rb_dictionary_iter iter;
 	struct auth_client *auth;
 	/* Cancel outstanding connections */
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		auth_client_ref(auth);
 		/* TBD - is this the right thing? */
 		reject_client(auth, UINT32_MAX, "destroy",
 			"Authentication system is down... try reconnecting in a few seconds");
 		auth_client_unref(auth);
 	}
 	RB_DLINK_FOREACH_SAFE(ptr, nptr, auth_providers.head)
 	{
 		struct auth_provider *provider = ptr->data;
 		if(provider->destroy)
 			provider->destroy();
 		rb_dlinkDelete(ptr, &auth_providers);
 	}
 	rb_dictionary_destroy(auth_clients, NULL, NULL);
 	rb_event_delete(timeout_ev);
 }
 /* Load a provider */
 void
 load_provider(struct auth_provider *provider)
 {
 	/* Assign a PID */
 	if(rb_dlink_list_length(&free_pids) > 0)
 	{
 		/* use the free list */
 		provider->id = RB_POINTER_TO_UINT(free_pids.head->data);
 		rb_dlinkDestroy(free_pids.head, &free_pids);
 	}
 	else
 	{
 		if(allocated_pids == MAX_PROVIDERS || allocated_pids == UINT32_MAX)
 		{
 			warn_opers(L_WARN, "Cannot load additional provider, max reached!");
 			return;
 		}
 		provider->id = allocated_pids++;
 	}
 	if(provider->opt_handlers != NULL)
 	{
 		struct auth_opts_handler *handler;
 		for(handler = provider->opt_handlers; handler->option != NULL; handler++)
 			rb_dictionary_add(authd_option_handlers, handler->option, handler);
 	}
 	if(provider->stats_handler.letter != '\0')
 		authd_stat_handlers[(unsigned char)provider->stats_handler.letter] = provider->stats_handler.handler;
 	if(provider->init != NULL)
 		provider->init();
 	rb_dlinkAdd(provider, &provider->node, &auth_providers);
 }
 void
 unload_provider(struct auth_provider *provider)
 {
 	if(provider->opt_handlers != NULL)
 	{
 		struct auth_opts_handler *handler;
 		for(handler = provider->opt_handlers; handler->option != NULL; handler++)
 			rb_dictionary_delete(authd_option_handlers, handler->option);
 	}
 	if(provider->stats_handler.letter != '\0')
 		authd_stat_handlers[(unsigned char)provider->stats_handler.letter] = NULL;
 	if(provider->destroy != NULL)
 		provider->destroy();
 	rb_dlinkDelete(&provider->node, &auth_providers);
 	/* Reclaim ID */
 	rb_dlinkAddAlloc(RB_UINT_TO_POINTER(provider->id), &free_pids);
 }
 void
 auth_client_free(struct auth_client *auth)
 {
 	rb_dictionary_delete(auth_clients, RB_UINT_TO_POINTER(auth->cid));
 	rb_free(auth->data);
 	rb_free(auth);
 }
 /* Cancel outstanding providers for a client (if any). */
 void
 cancel_providers(struct auth_client *auth)
 {
 	if(auth->providers_cancelled)
 		return;
 	auth->providers_cancelled = true;
 	if(auth->providers_active > 0)
 	{
 		rb_dlink_node *ptr;
 		RB_DLINK_FOREACH(ptr, auth_providers.head)
 		{
 			struct auth_provider *provider = ptr->data;
 			if(provider->cancel != NULL && is_provider_running(auth, provider->id))
 				/* Cancel if required */
 				provider->cancel(auth);
 		}
 	}
 }
 /* Provider is done */
 void
 provider_done(struct auth_client *auth, uint32_t id)
 {
 	rb_dlink_node *ptr;
 	lrb_assert(is_provider_running(auth, id));
 	lrb_assert(id != UINT32_MAX);
 	lrb_assert(id < allocated_pids);
 	set_provider_done(auth, id);
 	if(auth->providers_active == 0 && !auth->providers_starting)
 	{
 		/* All done */
 		accept_client(auth);
 		return;
 	}
 	RB_DLINK_FOREACH(ptr, auth_providers.head)
 	{
 		struct auth_provider *provider = ptr->data;
 		if(provider->completed != NULL && is_provider_running(auth, provider->id))
 			/* Notify pending clients who asked for it */
 			provider->completed(auth, id);
 	}
 }
 /* Reject a client and cancel any outstanding providers */
 void
 reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...)
 {
 	char buf[BUFSIZE];
 	va_list args;
 	va_start(args, fmt);
 	vsnprintf(buf, sizeof(buf), fmt, args);
 	va_end(args);
 	/* We send back username and hostname in case ircd wants to overrule our decision.
 	 * In the future this may not be the case.
 	 * --Elizafox
 	 */
 	rb_helper_write(authd_helper, "R %x %c %s %s %s :%s",
 		auth->cid, id != UINT32_MAX ? auth->data[id].provider->letter : '*',
 		auth->username, auth->hostname,
 		data == NULL ? "*" : data, buf);
 	if(id != UINT32_MAX)
 		set_provider_done(auth, id);
 	cancel_providers(auth);
 }
 /* Accept a client and cancel outstanding providers if any */
 void
 accept_client(struct auth_client *auth)
 {
 	rb_helper_write(authd_helper, "A %x %s %s", auth->cid, auth->username, auth->hostname);
 	cancel_providers(auth);
 }
 /* Begin authenticating user */
 static void
 start_auth(const char *cid, const char *l_ip, const char *l_port, const char *c_ip, const char *c_port, const char *protocol)
 {
 	struct auth_client *auth;
 	unsigned long long lcid = strtoull(cid, NULL, 16);
 	rb_dlink_node *ptr;
 	if(lcid == 0 || lcid > UINT32_MAX)
 		return;
 	auth = rb_malloc(sizeof(struct auth_client));
 	auth_client_ref(auth);
 	auth->cid = (uint32_t)lcid;
 	if(rb_dictionary_find(auth_clients, RB_UINT_TO_POINTER(auth->cid)) == NULL)
 		rb_dictionary_add(auth_clients, RB_UINT_TO_POINTER(auth->cid), auth);
 	else
 	{
 		warn_opers(L_CRIT, "provider: duplicate client added via start_auth: %s", cid);
 		exit(EX_PROVIDER_ERROR);
 	}
 	auth->protocol = strtoull(protocol, NULL, 16);
 	rb_strlcpy(auth->l_ip, l_ip, sizeof(auth->l_ip));
 	auth->l_port = (uint16_t)atoi(l_port);	/* should be safe */
 	(void) rb_inet_pton_sock(l_ip, &auth->l_addr);
 	SET_SS_PORT(&auth->l_addr, htons(auth->l_port));
 	rb_strlcpy(auth->c_ip, c_ip, sizeof(auth->c_ip));
 	auth->c_port = (uint16_t)atoi(c_port);
 	(void) rb_inet_pton_sock(c_ip, &auth->c_addr);
 	SET_SS_PORT(&auth->c_addr, htons(auth->c_port));
 	rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname));
 	rb_strlcpy(auth->username, "*", sizeof(auth->username));
 	auth->data = rb_malloc(allocated_pids * sizeof(struct auth_client_data));
 	auth->providers_starting = true;
 	RB_DLINK_FOREACH(ptr, auth_providers.head)
 	{
 		struct auth_provider *provider = ptr->data;
 		auth->data[provider->id].provider = provider;
 		lrb_assert(provider->start != NULL);
 		/* Execute providers */
 		set_provider_running(auth, provider->id);
 		if(!provider->start(auth))
 			/* Rejected immediately */
 			goto done;
 		if(auth->providers_cancelled)
 			break;
 	}
 	auth->providers_starting = false;
 	/* If no providers are running, accept the client */
 	if(auth->providers_active == 0)
 		accept_client(auth);
 done:
 	auth_client_unref(auth);
 }
 /* Callback for the initiation */
 void
 handle_new_connection(int parc, char *parv[])
 {
 	if (parc < 6) {
 		warn_opers(L_CRIT, "provider: received too few params for new connection (6 expected, got %d)", parc);
 		exit(EX_PROVIDER_ERROR);
 	}
 	start_auth(parv[1], parv[2], parv[3], parv[4], parv[5], parc > 6 ? parv[6] : "0");
 }
 void
 handle_cancel_connection(int parc, char *parv[])
 {
 	struct auth_client *auth;
 	unsigned long long lcid;
 	if(parc < 2)
 	{
 		warn_opers(L_CRIT, "provider: received too few params for new connection (2 expected, got %d)", parc);
 		exit(EX_PROVIDER_ERROR);
 	}
 	lcid = strtoull(parv[1], NULL, 16);
 	if(lcid == 0 || lcid > UINT32_MAX)
 	{
 		warn_opers(L_CRIT, "provider: got a request to cancel a connection that can't exist: %s", parv[1]);
 		exit(EX_PROVIDER_ERROR);
 	}
 	if((auth = rb_dictionary_retrieve(auth_clients, RB_UINT_TO_POINTER((uint32_t)lcid))) == NULL)
 	{
 		/* This could happen as a race if we've accepted/rejected but they cancel, so don't die here.
 		 * --Elizafox */
 		return;
 	}
 	auth_client_ref(auth);
 	cancel_providers(auth);
 	auth_client_unref(auth);
 }
 static void
 provider_timeout_event(void *notused __unused)
 {
 	struct auth_client *auth;
 	rb_dictionary_iter iter;
 	const time_t curtime = rb_current_time();
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		rb_dlink_node *ptr;
 		auth_client_ref(auth);
 		RB_DLINK_FOREACH(ptr, auth_providers.head)
 		{
 			struct auth_provider *provider = ptr->data;
 			const time_t timeout = get_provider_timeout(auth, provider->id);
 			if(is_provider_running(auth, provider->id) && provider->timeout != NULL &&
 				timeout > 0 && timeout < curtime)
 			{
 				provider->timeout(auth);
 			}
 		}
 		auth_client_unref(auth);
 	}
 }
--- a/authd/provider.h
+++ b/authd/provider.h
@ -1,246 +0,0 @@
 /* authd/provider.h - authentication provider framework
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #ifndef __SOLANUM_AUTHD_PROVIDER_H__
 #define __SOLANUM_AUTHD_PROVIDER_H__
 #include "stdinc.h"
 #include "authd.h"
 #include "rb_dictionary.h"
 #define MAX_PROVIDERS 32	/* This should be enough */
 typedef enum
 {
 	PROVIDER_STATUS_NOTRUN = 0,
 	PROVIDER_STATUS_RUNNING,
 	PROVIDER_STATUS_DONE,
 } provider_status_t;
 struct auth_client_data
 {
 	struct auth_provider *provider;	/* Pointer back */
 	time_t timeout;			/* Provider timeout */
 	void *data;			/* Provider data */
 	provider_status_t status;	/* Provider status */
 };
 struct auth_client
 {
 	uint32_t cid;				/* Client ID */
 	int protocol;				/* IP protocol (TCP/SCTP) */
 	char l_ip[HOSTIPLEN + 1];		/* Listener IP address */
 	uint16_t l_port;			/* Listener port */
 	struct rb_sockaddr_storage l_addr;	/* Listener address/port */
 	char c_ip[HOSTIPLEN + 1];		/* Client IP address */
 	uint16_t c_port;			/* Client port */
 	struct rb_sockaddr_storage c_addr;	/* Client address/port */
 	char hostname[HOSTLEN + 1];		/* Used for DNS lookup */
 	char username[USERLEN + 1];		/* Used for ident lookup */
 	bool providers_starting;		/* Providers are still warming up */
 	bool providers_cancelled;		/* Providers are being cancelled */
 	unsigned int providers_active;		/* Number of active providers */
 	unsigned int refcount;			/* Held references */
 	struct auth_client_data *data;		/* Provider-specific data */
 };
 typedef bool (*provider_init_t)(void);
 typedef void (*provider_destroy_t)(void);
 typedef bool (*provider_start_t)(struct auth_client *);
 typedef void (*provider_cancel_t)(struct auth_client *);
 typedef void (*uint32_timeout_t)(struct auth_client *);
 typedef void (*provider_complete_t)(struct auth_client *, uint32_t);
 struct auth_stats_handler
 {
 	const char letter;
 	authd_stat_handler handler;
 };
 struct auth_provider
 {
 	rb_dlink_node node;
 	uint32_t id;			/* Provider ID */
 	const char *name;		/* Name of the provider */
 	char letter;			/* Letter used on reject, etc. */
 	provider_init_t init;		/* Initalise the provider */
 	provider_destroy_t destroy;	/* Terminate the provider */
 	provider_start_t start;		/* Perform authentication */
 	provider_cancel_t cancel;	/* Authentication cancelled */
 	uint32_timeout_t timeout;	/* Timeout callback */
 	provider_complete_t completed;	/* Callback for when other performers complete (think dependency chains) */
 	struct auth_stats_handler stats_handler;
 	struct auth_opts_handler *opt_handlers;
 };
 extern struct auth_provider rdns_provider;
 extern struct auth_provider ident_provider;
 extern struct auth_provider dnsbl_provider;
 extern struct auth_provider opm_provider;
 extern rb_dlink_list auth_providers;
 extern rb_dictionary *auth_clients;
 void load_provider(struct auth_provider *provider);
 void unload_provider(struct auth_provider *provider);
 void init_providers(void);
 void destroy_providers(void);
 void cancel_providers(struct auth_client *auth);
 void provider_done(struct auth_client *auth, uint32_t id);
 void accept_client(struct auth_client *auth);
 void reject_client(struct auth_client *auth, uint32_t id, const char *data, const char *fmt, ...);
 void handle_new_connection(int parc, char *parv[]);
 void handle_cancel_connection(int parc, char *parv[]);
 void auth_client_free(struct auth_client *auth);
 static inline void
 auth_client_ref(struct auth_client *auth)
 {
 	auth->refcount++;
 }
 static inline void
 auth_client_unref(struct auth_client *auth)
 {
 	auth->refcount--;
 	if (auth->refcount == 0)
 		auth_client_free(auth);
 }
 /* Get a provider by name */
 static inline struct auth_provider *
 find_provider(const char *name)
 {
 	rb_dlink_node *ptr;
 	RB_DLINK_FOREACH(ptr, auth_providers.head)
 	{
 		struct auth_provider *provider = ptr->data;
 		if(strcasecmp(provider->name, name) == 0)
 			return provider;
 	}
 	return NULL;
 }
 /* Get a provider's id by name */
 static inline bool
 get_provider_id(const char *name, uint32_t *id)
 {
 	struct auth_provider *provider = find_provider(name);
 	if(provider != NULL)
 	{
 		*id = provider->id;
 		return true;
 	}
 	else
 		return false;
 }
 /* Get a provider's raw status */
 static inline provider_status_t
 get_provider_status(struct auth_client *auth, uint32_t provider)
 {
 	return auth->data[provider].status;
 }
 /* Check if provider is operating on this auth client */
 static inline bool
 is_provider_running(struct auth_client *auth, uint32_t provider)
 {
 	return get_provider_status(auth, provider) == PROVIDER_STATUS_RUNNING;
 }
 /* Check if provider has finished on this client */
 static inline bool
 is_provider_done(struct auth_client *auth, uint32_t provider)
 {
 	return get_provider_status(auth, provider) == PROVIDER_STATUS_DONE;
 }
 /* Check if provider doesn't exist or has finished on this client */
 static inline bool
 run_after_provider(struct auth_client *auth, const char *name)
 {
 	uint32_t id;
 	if (get_provider_id(name, &id)) {
 		return get_provider_status(auth, id) == PROVIDER_STATUS_DONE;
 	} else {
 		return true;
 	}
 }
 /* Get provider auth client data */
 static inline void *
 get_provider_data(struct auth_client *auth, uint32_t id)
 {
 	return auth->data[id].data;
 }
 /* Set provider auth client data */
 static inline void
 set_provider_data(struct auth_client *auth, uint32_t id, void *data)
 {
 	auth->data[id].data = data;
 }
 /* Set timeout relative to current time on provider
 * When the timeout lapses, the provider's timeout call will execute */
 static inline void
 set_provider_timeout_relative(struct auth_client *auth, uint32_t id, time_t timeout)
 {
 	auth->data[id].timeout = timeout + rb_current_time();
 }
 /* Set timeout value in absolute time (Unix timestamp)
 * When the timeout lapses, the provider's timeout call will execute */
 static inline void
 set_provider_timeout_absolute(struct auth_client *auth, uint32_t id, time_t timeout)
 {
 	auth->data[id].timeout = timeout;
 }
 /* Get the timeout value for the provider */
 static inline time_t
 get_provider_timeout(struct auth_client *auth, uint32_t id)
 {
 	return auth->data[id].timeout;
 }
 #endif /* __SOLANUM_AUTHD_PROVIDER_H__ */
--- a/authd/providers/dnsbl.c
+++ b/authd/providers/dnsbl.c
@ -1,608 +0,0 @@
 /*
 * Solanum: a slightly advanced ircd
 * dnsbl.c: Manages DNSBL entries and lookups
 *
 * Copyright (C) 2006-2011 charybdis development team
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are
 * met:
 *
 * 1. Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 /* Originally written for charybdis circa 2006 (by nenolod?).
 * Tweaked for authd. Some functions and structs renamed. Public/private
 * interfaces have been shifted around. Some code has been cleaned up too.
 * -- Elizafox 24 March 2016
 */
 #include "authd.h"
 #include "defaults.h"
 #include "provider.h"
 #include "notice.h"
 #include "stdinc.h"
 #include "dns.h"
 #define SELF_PID (dnsbl_provider.id)
 typedef enum filter_t
 {
 	FILTER_ALL = 1,
 	FILTER_LAST = 2,
 } filter_t;
 /* dnsbl accepted IP types */
 #define IPTYPE_IPV4	1
 #define IPTYPE_IPV6	2
 /* A configured DNSBL */
 struct dnsbl
 {
 	char host[IRCD_RES_HOSTLEN + 1];
 	char reason[BUFSIZE];		/* Reason template (ircd fills in the blanks) */
 	uint8_t iptype;			/* IP types supported */
 	rb_dlink_list filters;		/* Filters for queries */
 	bool delete;			/* If true delete when no clients */
 	int refcount;			/* When 0 and delete is set, remove this dnsbl */
 	unsigned int hits;
 	time_t lastwarning;		/* Last warning about garbage replies sent */
 };
 /* A lookup in progress for a particular DNSBL for a particular client */
 struct dnsbl_lookup
 {
 	struct dnsbl *bl;		/* dnsbl we're checking */
 	struct auth_client *auth;	/* Client */
 	struct dns_query *query;	/* DNS query pointer */
 	rb_dlink_node node;
 };
 /* A dnsbl filter */
 struct dnsbl_filter
 {
 	filter_t type;			/* Type of filter */
 	char filter[HOSTIPLEN];		/* The filter itself */
 	rb_dlink_node node;
 };
 /* dnsbl user data attached to auth_client instance */
 struct dnsbl_user
 {
 	bool started;
 	rb_dlink_list queries;		/* dnsbl queries in flight */
 };
 /* public interfaces */
 static void dnsbls_destroy(void);
 static bool dnsbls_start(struct auth_client *);
 static inline void dnsbls_generic_cancel(struct auth_client *, const char *);
 static void dnsbls_timeout(struct auth_client *);
 static void dnsbls_cancel(struct auth_client *);
 static void dnsbls_cancel_none(struct auth_client *);
 /* private interfaces */
 static void unref_dnsbl(struct dnsbl *);
 static struct dnsbl *new_dnsbl(const char *, const char *, uint8_t, rb_dlink_list *);
 static struct dnsbl *find_dnsbl(const char *);
 static bool dnsbl_check_reply(struct dnsbl_lookup *, const char *);
 static void dnsbl_dns_callback(const char *, bool, query_type, void *);
 static void initiate_dnsbl_dnsquery(struct dnsbl *, struct auth_client *);
 /* Variables */
 static rb_dlink_list dnsbl_list = { NULL, NULL, 0 };
 static int dnsbl_timeout = DNSBL_TIMEOUT_DEFAULT;
 /* private interfaces */
 static void
 unref_dnsbl(struct dnsbl *bl)
 {
 	rb_dlink_node *ptr, *nptr;
 	bl->refcount--;
 	if (bl->delete && bl->refcount <= 0)
 	{
 		RB_DLINK_FOREACH_SAFE(ptr, nptr, bl->filters.head)
 		{
 			rb_dlinkDelete(ptr, &bl->filters);
 			rb_free(ptr);
 		}
 		rb_dlinkFindDestroy(bl, &dnsbl_list);
 		rb_free(bl);
 	}
 }
 static struct dnsbl *
 new_dnsbl(const char *name, const char *reason, uint8_t iptype, rb_dlink_list *filters)
 {
 	struct dnsbl *bl;
 	if (name == NULL || reason == NULL || iptype == 0)
 		return NULL;
 	if((bl = find_dnsbl(name)) == NULL)
 	{
 		bl = rb_malloc(sizeof(struct dnsbl));
 		rb_dlinkAddAlloc(bl, &dnsbl_list);
 	}
 	else
 		bl->delete = false;
 	rb_strlcpy(bl->host, name, IRCD_RES_HOSTLEN + 1);
 	rb_strlcpy(bl->reason, reason, BUFSIZE);
 	bl->iptype = iptype;
 	rb_dlinkMoveList(filters, &bl->filters);
 	bl->lastwarning = 0;
 	return bl;
 }
 static struct dnsbl *
 find_dnsbl(const char *name)
 {
 	rb_dlink_node *ptr;
 	RB_DLINK_FOREACH(ptr, dnsbl_list.head)
 	{
 		struct dnsbl *bl = (struct dnsbl *)ptr->data;
 		if (!strcasecmp(bl->host, name))
 			return bl;
 	}
 	return NULL;
 }
 static inline bool
 dnsbl_check_reply(struct dnsbl_lookup *bllookup, const char *ipaddr)
 {
 	struct dnsbl *bl = bllookup->bl;
 	const char *lastoctet;
 	rb_dlink_node *ptr;
 	/* No filters and entry found - thus positive match */
 	if (!rb_dlink_list_length(&bl->filters))
 		return true;
 	/* Below will prolly have to change if IPv6 address replies are sent back */
 	if ((lastoctet = strrchr(ipaddr, '.')) == NULL || *(++lastoctet) == '\0')
 		goto blwarn;
 	RB_DLINK_FOREACH(ptr, bl->filters.head)
 	{
 		struct dnsbl_filter *filter = ptr->data;
 		const char *cmpstr;
 		if (filter->type == FILTER_ALL)
 			cmpstr = ipaddr;
 		else if (filter->type == FILTER_LAST)
 			cmpstr = lastoctet;
 		else
 		{
 			warn_opers(L_CRIT, "dnsbl: Unknown dnsbl filter type (host %s): %d",
 					bl->host, filter->type);
 			exit(EX_PROVIDER_ERROR);
 		}
 		if (strcmp(cmpstr, filter->filter) == 0)
 			/* Match! */
 			return true;
 	}
 	return false;
 blwarn:
 	if (bl->lastwarning + 3600 < rb_current_time())
 	{
 		warn_opers(L_WARN, "Garbage/undecipherable reply received from dnsbl %s (reply %s)",
 				bl->host, ipaddr);
 		bl->lastwarning = rb_current_time();
 	}
 	return false;
 }
 static void
 dnsbl_dns_callback(const char *result, bool status, query_type type, void *data)
 {
 	struct dnsbl_lookup *bllookup = (struct dnsbl_lookup *)data;
 	struct dnsbl_user *bluser;
 	struct dnsbl *bl;
 	struct auth_client *auth;
 	lrb_assert(bllookup != NULL);
 	lrb_assert(bllookup->auth != NULL);
 	bl = bllookup->bl;
 	auth = bllookup->auth;
 	if((bluser = get_provider_data(auth, SELF_PID)) == NULL)
 		return;
 	if (result != NULL && status && dnsbl_check_reply(bllookup, result))
 	{
 		/* Match found, so proceed no further */
 		bl->hits++;
 		reject_client(auth, SELF_PID, bl->host, bl->reason);
 		dnsbls_cancel(auth);
 		return;
 	}
 	unref_dnsbl(bl);
 	cancel_query(bllookup->query);	/* Ignore future responses */
 	rb_dlinkDelete(&bllookup->node, &bluser->queries);
 	rb_free(bllookup);
 	if(!rb_dlink_list_length(&bluser->queries))
 	{
 		/* Done here */
 		notice_client(auth->cid, "*** No DNSBL entry found for this IP");
 		rb_free(bluser);
 		set_provider_data(auth, SELF_PID, NULL);
 		set_provider_timeout_absolute(auth, SELF_PID, 0);
 		provider_done(auth, SELF_PID);
 		auth_client_unref(auth);
 	}
 }
 static void
 initiate_dnsbl_dnsquery(struct dnsbl *bl, struct auth_client *auth)
 {
 	struct dnsbl_lookup *bllookup = rb_malloc(sizeof(struct dnsbl_lookup));
 	struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
 	char buf[IRCD_RES_HOSTLEN + 1];
 	int aftype;
 	bllookup->bl = bl;
 	bllookup->auth = auth;
 	aftype = GET_SS_FAMILY(&auth->c_addr);
 	if((aftype == AF_INET && (bl->iptype & IPTYPE_IPV4) == 0) ||
 		(aftype == AF_INET6 && (bl->iptype & IPTYPE_IPV6) == 0))
 		/* Incorrect dnsbl type for this IP... */
 	{
 		rb_free(bllookup);
 		return;
 	}
 	build_rdns(buf, sizeof(buf), &auth->c_addr, bl->host);
 	bllookup->query = lookup_ip(buf, AF_INET, dnsbl_dns_callback, bllookup);
 	rb_dlinkAdd(bllookup, &bllookup->node, &bluser->queries);
 	bl->refcount++;
 }
 static inline bool
 lookup_all_dnsbls(struct auth_client *auth)
 {
 	struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
 	rb_dlink_node *ptr;
 	int iptype;
 	if(GET_SS_FAMILY(&auth->c_addr) == AF_INET)
 		iptype = IPTYPE_IPV4;
 	else if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
 		iptype = IPTYPE_IPV6;
 	else
 		return false;
 	bluser->started = true;
 	notice_client(auth->cid, "*** Checking your IP against DNSBLs");
 	RB_DLINK_FOREACH(ptr, dnsbl_list.head)
 	{
 		struct dnsbl *bl = (struct dnsbl *)ptr->data;
 		if (!bl->delete && (bl->iptype & iptype))
 			initiate_dnsbl_dnsquery(bl, auth);
 	}
 	if(!rb_dlink_list_length(&bluser->queries))
 		/* None checked. */
 		return false;
 	set_provider_timeout_relative(auth, SELF_PID, dnsbl_timeout);
 	return true;
 }
 static inline void
 delete_dnsbl(struct dnsbl *bl)
 {
 	if (bl->refcount > 0)
 		bl->delete = true;
 	else
 	{
 		rb_dlinkFindDestroy(bl, &dnsbl_list);
 		rb_free(bl);
 	}
 }
 static void
 delete_all_dnsbls(void)
 {
 	rb_dlink_node *ptr, *nptr;
 	RB_DLINK_FOREACH_SAFE(ptr, nptr, dnsbl_list.head)
 	{
 		delete_dnsbl(ptr->data);
 	}
 }
 /* public interfaces */
 static bool
 dnsbls_start(struct auth_client *auth)
 {
 	lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
 	if (!rb_dlink_list_length(&dnsbl_list)) {
 		/* Nothing to do... */
 		provider_done(auth, SELF_PID);
 		return true;
 	}
 	auth_client_ref(auth);
 	set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct dnsbl_user)));
 	if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
 		/* Start the lookup if ident and rdns are finished, or not loaded. */
 		if (!lookup_all_dnsbls(auth)) {
 			dnsbls_cancel_none(auth);
 			return true;
 		}
 	}
 	return true;
 }
 /* This is called every time a provider is completed as long as we are marked not done */
 static void
 dnsbls_initiate(struct auth_client *auth, uint32_t provider)
 {
 	struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
 	lrb_assert(provider != SELF_PID);
 	lrb_assert(!is_provider_done(auth, SELF_PID));
 	lrb_assert(rb_dlink_list_length(&dnsbl_list) > 0);
 	if (bluser == NULL || bluser->started) {
 		/* Nothing to do */
 		return;
 	} else if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
 		/* Start the lookup if ident and rdns are finished, or not loaded. */
 		if (!lookup_all_dnsbls(auth)) {
 			dnsbls_cancel_none(auth);
 		}
 	}
 }
 static inline void
 dnsbls_generic_cancel(struct auth_client *auth, const char *message)
 {
 	rb_dlink_node *ptr, *nptr;
 	struct dnsbl_user *bluser = get_provider_data(auth, SELF_PID);
 	if(bluser == NULL)
 		return;
 	if(rb_dlink_list_length(&bluser->queries))
 	{
 		notice_client(auth->cid, message);
 		RB_DLINK_FOREACH_SAFE(ptr, nptr, bluser->queries.head)
 		{
 			struct dnsbl_lookup *bllookup = ptr->data;
 			cancel_query(bllookup->query);
 			unref_dnsbl(bllookup->bl);
 			rb_dlinkDelete(&bllookup->node, &bluser->queries);
 			rb_free(bllookup);
 		}
 	}
 	rb_free(bluser);
 	set_provider_data(auth, SELF_PID, NULL);
 	set_provider_timeout_absolute(auth, SELF_PID, 0);
 	provider_done(auth, SELF_PID);
 	auth_client_unref(auth);
 }
 static void
 dnsbls_timeout(struct auth_client *auth)
 {
 	dnsbls_generic_cancel(auth, "*** No response from DNSBLs");
 }
 static void
 dnsbls_cancel(struct auth_client *auth)
 {
 	dnsbls_generic_cancel(auth, "*** Aborting DNSBL checks");
 }
 static void
 dnsbls_cancel_none(struct auth_client *auth)
 {
 	dnsbls_generic_cancel(auth, "*** Could not check DNSBLs");
 }
 static void
 dnsbls_destroy(void)
 {
 	rb_dictionary_iter iter;
 	struct auth_client *auth;
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		dnsbls_cancel(auth);
 		/* auth is now invalid as we have no reference */
 	}
 	delete_all_dnsbls();
 }
 static void
 add_conf_dnsbl(const char *key, int parc, const char **parv)
 {
 	rb_dlink_list filters = { NULL, NULL, 0 };
 	char *tmp, *elemlist = rb_strdup(parv[2]);
 	uint8_t iptype;
 	if(*elemlist == '*')
 		goto end;
 	for(char *elem = rb_strtok_r(elemlist, ",", &tmp); elem; elem = rb_strtok_r(NULL, ",", &tmp))
 	{
 		struct dnsbl_filter *filter = rb_malloc(sizeof(struct dnsbl_filter));
 		int dot_c = 0;
 		filter_t type = FILTER_LAST;
 		/* Check dnsbl filter type and for validity */
 		for(char *c = elem; *c != '\0'; c++)
 		{
 			if(*c == '.')
 			{
 				if(++dot_c > 3)
 				{
 					warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (too many octets)");
 					exit(EX_PROVIDER_ERROR);
 				}
 				type = FILTER_ALL;
 			}
 			else if(!isdigit(*c))
 			{
 				warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (invalid character in dnsbl filter: %c)",
 						*c);
 				exit(EX_PROVIDER_ERROR);
 			}
 		}
 		if(dot_c > 0 && dot_c < 3)
 		{
 			warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a bad filter (insufficient octets)");
 			exit(EX_PROVIDER_ERROR);
 		}
 		filter->type = type;
 		rb_strlcpy(filter->filter, elem, sizeof(filter->filter));
 		rb_dlinkAdd(filter, &filter->node, &filters);
 	}
 end:
 	rb_free(elemlist);
 	iptype = atoi(parv[1]) & 0x3;
 	if(new_dnsbl(parv[0], parv[3], iptype, &filters) == NULL)
 	{
 		warn_opers(L_CRIT, "dnsbl: addr_conf_dnsbl got a malformed dnsbl");
 		exit(EX_PROVIDER_ERROR);
 	}
 }
 static void
 del_conf_dnsbl(const char *key, int parc, const char **parv)
 {
 	struct dnsbl *bl = find_dnsbl(parv[0]);
 	if(bl == NULL)
 	{
 		/* Not fatal for now... */
 		warn_opers(L_WARN, "dnsbl: tried to remove nonexistent dnsbl %s", parv[0]);
 		return;
 	}
 	delete_dnsbl(bl);
 }
 static void
 del_conf_dnsbl_all(const char *key, int parc, const char **parv)
 {
 	delete_all_dnsbls();
 }
 static void
 add_conf_dnsbl_timeout(const char *key, int parc, const char **parv)
 {
 	int timeout = atoi(parv[0]);
 	if(timeout < 0)
 	{
 		warn_opers(L_CRIT, "dnsbl: dnsbl timeout < 0 (value: %d)", timeout);
 		exit(EX_PROVIDER_ERROR);
 	}
 	dnsbl_timeout = timeout;
 }
 #if 0
 static void
 dnsbl_stats(uint32_t rid, char letter)
 {
 	rb_dlink_node *ptr;
 	RB_DLINK_FOREACH(ptr, dnsbl_list.head)
 	{
 		struct dnsbl *bl = ptr->data;
 		if(bl->delete)
 			continue;
 		stats_result(rid, letter, "%s %hhu %u", bl->host, bl->iptype, bl->hits);
 	}
 	stats_done(rid, letter);
 }
 #endif
 struct auth_opts_handler dnsbl_options[] =
 {
 	{ "rbl", 4, add_conf_dnsbl },
 	{ "rbl_del", 1, del_conf_dnsbl },
 	{ "rbl_del_all", 0, del_conf_dnsbl_all },
 	{ "rbl_timeout", 1, add_conf_dnsbl_timeout },
 	{ NULL, 0, NULL },
 };
 struct auth_provider dnsbl_provider =
 {
 	.name = "dnsbl",
 	.letter = 'B',
 	.destroy = dnsbls_destroy,
 	.start = dnsbls_start,
 	.cancel = dnsbls_cancel,
 	.timeout = dnsbls_timeout,
 	.completed = dnsbls_initiate,
 	.opt_handlers = dnsbl_options,
 	/* .stats_handler = { 'B', dnsbl_stats }, */
 };
--- a/authd/providers/ident.c
+++ b/authd/providers/ident.c
@ -1,387 +0,0 @@
 /* authd/providers/ident.c - ident lookup provider for authd
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 /* Largely adapted from old s_auth.c, but reworked for authd. rDNS code
 * moved to its own provider.
 *
 * --Elizafox 13 March 2016
 */
 #include "stdinc.h"
 #include "defaults.h"
 #include "match.h"
 #include "authd.h"
 #include "notice.h"
 #include "provider.h"
 #include "res.h"
 #define SELF_PID (ident_provider.id)
 #define IDENT_BUFSIZE 128
 struct ident_query
 {
 	rb_fde_t *F;				/* Our FD */
 };
 /* Goinked from old s_auth.c --Elizafox */
 static const char *messages[] =
 {
 	"*** Checking Ident",
 	"*** Got Ident response",
 	"*** No Ident response",
 	"*** Cannot verify ident validity, ignoring ident",
 	"*** Ident disabled, not checking ident",
 };
 typedef enum
 {
 	REPORT_LOOKUP,
 	REPORT_FOUND,
 	REPORT_FAIL,
 	REPORT_INVALID,
 	REPORT_DISABLED,
 } ident_message;
 static CNCB ident_connected;
 static PF read_ident_reply;
 static void client_fail(struct auth_client *auth, ident_message message);
 static void client_success(struct auth_client *auth);
 static char * get_valid_ident(char *buf);
 static int ident_timeout = IDENT_TIMEOUT_DEFAULT;
 static bool ident_enable = true;
 /*
 * ident_connected() - deal with the result of rb_connect_tcp()
 *
 * If the connection failed, we simply close the auth fd and report
 * a failure. If the connection suceeded send the ident server a query
 * giving "theirport , ourport". The write is only attempted *once* so
 * it is deemed to be a fail if the entire write doesn't write all the
 * data given.  This shouldnt be a problem since the socket should have
 * a write buffer far greater than this message to store it in should
 * problems arise. -avalon
 */
 static void
 ident_connected(rb_fde_t *F __unused, int error, void *data)
 {
 	struct auth_client *auth = data;
 	struct ident_query *query;
 	char authbuf[32];
 	int authlen;
 	lrb_assert(auth != NULL);
 	query = get_provider_data(auth, SELF_PID);
 	lrb_assert(query != NULL);
 	/* Check the error */
 	if(error != RB_OK)
 	{
 		/* We had an error during connection :( */
 		client_fail(auth, REPORT_FAIL);
 		return;
 	}
 	snprintf(authbuf, sizeof(authbuf), "%u , %u\r\n",
 			auth->c_port, auth->l_port);
 	authlen = strlen(authbuf);
 	if(rb_write(query->F, authbuf, authlen) != authlen)
 	{
 		client_fail(auth, REPORT_FAIL);
 		return;
 	}
 	read_ident_reply(query->F, auth);
 }
 static void
 read_ident_reply(rb_fde_t *F, void *data)
 {
 	struct auth_client *auth = data;
 	char buf[IDENT_BUFSIZE + 1] = { 0 }; /* buffer to read auth reply into */
 	ident_message message = REPORT_FAIL;
 	char *s = NULL;
 	char *t = NULL;
 	ssize_t len;
 	int count;
 	len = rb_read(F, buf, IDENT_BUFSIZE);
 	if(len < 0 && rb_ignore_errno(errno))
 	{
 		rb_setselect(F, RB_SELECT_READ, read_ident_reply, auth);
 		return;
 	}
 	if(len > 0)
 	{
 		if((s = get_valid_ident(buf)) != NULL)
 		{
 			t = auth->username;
 			while (*s == '~' || *s == '^')
 				s++;
 			for (count = USERLEN; *s && count; s++)
 			{
 				if(*s == '@' || *s == '\r' || *s == '\n')
 					break;
 				if(*s != ' ' && *s != ':' && *s != '[')
 				{
 					*t++ = *s;
 					count--;
 				}
 			}
 			*t = '\0';
 		}
 		else
 			message = REPORT_INVALID;
 	}
 	if (*auth->username == '\0')
 	{
 		auth->username[0] = '*';
 		auth->username[1] = '\0';
 	}
 	if(s == NULL)
 		client_fail(auth, message);
 	else
 		client_success(auth);
 }
 static void
 client_fail(struct auth_client *auth, ident_message report)
 {
 	struct ident_query *query = get_provider_data(auth, SELF_PID);
 	lrb_assert(query != NULL);
 	rb_strlcpy(auth->username, "*", sizeof(auth->username));
 	if(query->F != NULL)
 		rb_close(query->F);
 	rb_free(query);
 	set_provider_data(auth, SELF_PID, NULL);
 	set_provider_timeout_absolute(auth, SELF_PID, 0);
 	notice_client(auth->cid, messages[report]);
 	provider_done(auth, SELF_PID);
 	auth_client_unref(auth);
 }
 static void
 client_success(struct auth_client *auth)
 {
 	struct ident_query *query = get_provider_data(auth, SELF_PID);
 	lrb_assert(query != NULL);
 	if(query->F != NULL)
 		rb_close(query->F);
 	rb_free(query);
 	set_provider_data(auth, SELF_PID, NULL);
 	set_provider_timeout_absolute(auth, SELF_PID, 0);
 	notice_client(auth->cid, messages[REPORT_FOUND]);
 	provider_done(auth, SELF_PID);
 	auth_client_unref(auth);
 }
 /* get_valid_ident
 * parse ident query reply from identd server
 *
 * Taken from old s_auth.c --Elizafox
 *
 * Inputs	- pointer to ident buf
 * Outputs	- NULL if no valid ident found, otherwise pointer to name
 * Side effects - None
 */
 static char *
 get_valid_ident(char *buf)
 {
 	int remp = 0;
 	int locp = 0;
 	char *colon1Ptr;
 	char *colon2Ptr;
 	char *colon3Ptr;
 	char *commaPtr;
 	char *remotePortString;
 	/* All this to get rid of a sscanf() fun. */
 	remotePortString = buf;
 	colon1Ptr = strchr(remotePortString, ':');
 	if(!colon1Ptr)
 		return NULL;
 	*colon1Ptr = '\0';
 	colon1Ptr++;
 	colon2Ptr = strchr(colon1Ptr, ':');
 	if(!colon2Ptr)
 		return NULL;
 	*colon2Ptr = '\0';
 	colon2Ptr++;
 	commaPtr = strchr(remotePortString, ',');
 	if(!commaPtr)
 		return NULL;
 	*commaPtr = '\0';
 	commaPtr++;
 	remp = atoi(remotePortString);
 	if(!remp)
 		return NULL;
 	locp = atoi(commaPtr);
 	if(!locp)
 		return NULL;
 	/* look for USERID bordered by first pair of colons */
 	if(!strstr(colon1Ptr, "USERID"))
 		return NULL;
 	colon3Ptr = strchr(colon2Ptr, ':');
 	if(!colon3Ptr)
 		return NULL;
 	*colon3Ptr = '\0';
 	colon3Ptr++;
 	return (colon3Ptr);
 }
 static void
 ident_destroy(void)
 {
 	struct auth_client *auth;
 	rb_dictionary_iter iter;
 	/* Nuke all ident queries */
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		if(get_provider_data(auth, SELF_PID) != NULL)
 			client_fail(auth, REPORT_FAIL);
 		/* auth is now invalid as we have no reference */
 	}
 }
 static bool
 ident_start(struct auth_client *auth)
 {
 	struct ident_query *query = rb_malloc(sizeof(struct ident_query));
 	struct rb_sockaddr_storage l_addr, c_addr;
 	int family = GET_SS_FAMILY(&auth->c_addr);
 	lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
 	if(!ident_enable)
 	{
 		rb_free(query);
 		notice_client(auth->cid, messages[REPORT_DISABLED]);
 		provider_done(auth, SELF_PID);
 		return true;
 	}
 	auth_client_ref(auth);
 	notice_client(auth->cid, messages[REPORT_LOOKUP]);
 	set_provider_data(auth, SELF_PID, query);
 	set_provider_timeout_relative(auth, SELF_PID, ident_timeout);
 	if((query->F = rb_socket(family, SOCK_STREAM, auth->protocol, "ident")) == NULL)
 	{
 		warn_opers(L_WARN, "Could not create ident socket: %s", strerror(errno));
 		client_fail(auth, REPORT_FAIL);
 		return true;	/* Not a fatal error */
 	}
 	/* Build sockaddr_storages for rb_connect_tcp below */
 	l_addr = auth->l_addr;
 	c_addr = auth->c_addr;
 	SET_SS_PORT(&l_addr, 0);
 	SET_SS_PORT(&c_addr, htons(113));
 	rb_connect_tcp(query->F, (struct sockaddr *)&c_addr,
 			(struct sockaddr *)&l_addr,
 			ident_connected,
 			auth, ident_timeout);
 	return true;
 }
 static void
 ident_cancel(struct auth_client *auth)
 {
 	struct ident_query *query = get_provider_data(auth, SELF_PID);
 	if(query != NULL)
 		client_fail(auth, REPORT_FAIL);
 }
 static void
 add_conf_ident_timeout(const char *key __unused, int parc __unused, const char **parv)
 {
 	int timeout = atoi(parv[0]);
 	if(timeout < 0)
 	{
 		warn_opers(L_CRIT, "Ident: ident timeout < 0 (value: %d)", timeout);
 		exit(EX_PROVIDER_ERROR);
 	}
 	ident_timeout = timeout;
 }
 static void
 set_ident_enabled(const char *key __unused, int parc __unused, const char **parv)
 {
 	ident_enable = (*parv[0] == '1');
 }
 struct auth_opts_handler ident_options[] =
 {
 	{ "ident_timeout", 1, add_conf_ident_timeout },
 	{ "ident_enabled", 1, set_ident_enabled },
 	{ NULL, 0, NULL },
 };
 struct auth_provider ident_provider =
 {
 	.name = "ident",
 	.letter = 'I',
 	.start = ident_start,
 	.destroy = ident_destroy,
 	.cancel = ident_cancel,
 	.timeout = ident_cancel,
 	.opt_handlers = ident_options,
 };
--- a/authd/providers/opm.c
+++ b/authd/providers/opm.c
@ -1,921 +0,0 @@
 /* authd/providers/opm.c - small open proxy monitor
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #include "stdinc.h"
 #include "rb_lib.h"
 #include "defaults.h"
 #include "setup.h"
 #include "authd.h"
 #include "notice.h"
 #include "provider.h"
 #include <netinet/tcp.h> // TCP_NODELAY
 #define SELF_PID (opm_provider.id)
 #define OPM_READSIZE 128
 typedef enum protocol_t
 {
 	PROTO_NONE,
 	PROTO_SOCKS4,
 	PROTO_SOCKS5,
 	PROTO_HTTP_CONNECT,
 	PROTO_HTTPS_CONNECT,
 } protocol_t;
 /* Lookup data associated with auth client */
 struct opm_lookup
 {
 	rb_dlink_list scans;	/* List of scans */
 	bool in_progress;
 };
 struct opm_scan;
 typedef void (*opm_callback_t)(struct opm_scan *);
 /* A proxy scanner */
 struct opm_proxy
 {
 	char note[16];
 	protocol_t proto;
 	uint16_t port;
 	bool ssl;		/* Connect to proxy with SSL */
 	bool ipv6;		/* Proxy supports IPv6 */
 	opm_callback_t callback;
 	rb_dlink_node node;
 };
 /* A listener for proxy replies */
 struct opm_listener
 {
 	char ip[HOSTIPLEN];
 	uint16_t port;
 	struct rb_sockaddr_storage addr;
 	rb_fde_t *F;
 };
 /* An individual proxy scan */
 struct opm_scan
 {
 	struct auth_client *auth;
 	rb_fde_t *F;			/* fd for scan */
 	struct opm_proxy *proxy;	/* Associated proxy */
 	struct opm_listener *listener;	/* Associated listener */
 	rb_dlink_node node;
 };
 /* Proxies that we scan for */
 static rb_dlink_list proxy_scanners;
 static ACCB accept_opm;
 static PF read_opm_reply;
 static CNCB opm_connected;
 static void opm_cancel(struct auth_client *auth);
 static bool create_listener(const char *ip, uint16_t port);
 static int opm_timeout = OPM_TIMEOUT_DEFAULT;
 static bool opm_enable = false;
 enum
 {
 	LISTEN_IPV4,
 	LISTEN_IPV6,
 	LISTEN_LAST,
 };
 /* IPv4 and IPv6 */
 static struct opm_listener listeners[LISTEN_LAST];
 static inline protocol_t
 get_protocol_from_string(const char *str)
 {
 	if(strcasecmp(str, "socks4") == 0)
 		return PROTO_SOCKS4;
 	else if(strcasecmp(str, "socks5") == 0)
 		return PROTO_SOCKS5;
 	else if(strcasecmp(str, "httpconnect") == 0)
 		return PROTO_HTTP_CONNECT;
 	else if(strcasecmp(str, "httpsconnect") == 0)
 		return PROTO_HTTPS_CONNECT;
 	else
 		return PROTO_NONE;
 }
 static inline struct opm_proxy *
 find_proxy_scanner(protocol_t proto, uint16_t port)
 {
 	rb_dlink_node *ptr;
 	RB_DLINK_FOREACH(ptr, proxy_scanners.head)
 	{
 		struct opm_proxy *proxy = ptr->data;
 		if(proxy->proto == proto && proxy->port == port)
 			return proxy;
 	}
 	return NULL;
 }
 /* This is called when an open proxy connects to us */
 static void
 read_opm_reply(rb_fde_t *F, void *data)
 {
 	rb_dlink_node *ptr;
 	struct auth_client *auth = data;
 	struct opm_lookup *lookup;
 	char readbuf[OPM_READSIZE];
 	ssize_t len;
 	lrb_assert(auth != NULL);
 	lookup = get_provider_data(auth, SELF_PID);
 	lrb_assert(lookup != NULL);
 	if((len = rb_read(F, readbuf, sizeof(readbuf))) < 0 && rb_ignore_errno(errno))
 	{
 		rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
 		return;
 	}
 	else if(len <= 0)
 	{
 		/* Dead */
 		rb_close(F);
 		return;
 	}
 	RB_DLINK_FOREACH(ptr, proxy_scanners.head)
 	{
 		struct opm_proxy *proxy = ptr->data;
 		if(strncmp(proxy->note, readbuf, strlen(proxy->note)) == 0)
 		{
 			rb_dlink_node *ptr, *nptr;
 			/* Cancel outstanding lookups */
 			RB_DLINK_FOREACH_SAFE(ptr, nptr, lookup->scans.head)
 			{
 				struct opm_scan *scan = ptr->data;
 				rb_close(scan->F);
 				rb_free(scan);
 			}
 			/* No longer needed, client is going away */
 			rb_free(lookup);
 			reject_client(auth, SELF_PID, readbuf, "Open proxy detected");
 			break;
 		}
 	}
 	rb_close(F);
 }
 static void
 accept_opm(rb_fde_t *F, int status, struct sockaddr *addr, rb_socklen_t len, void *data)
 {
 	struct auth_client *auth = NULL;
 	struct opm_listener *listener = data;
 	struct rb_sockaddr_storage localaddr;
 	unsigned int llen = sizeof(struct rb_sockaddr_storage);
 	rb_dictionary_iter iter;
 	if(status != 0 || listener == NULL)
 	{
 		rb_close(F);
 		return;
 	}
 	if(getsockname(rb_get_fd(F), (struct sockaddr *)&localaddr, &llen))
 	{
 		/* This can happen if the client goes away after accept */
 		rb_close(F);
 		return;
 	}
 	/* Correlate connection with client(s) */
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		if(GET_SS_FAMILY(&auth->c_addr) != GET_SS_FAMILY(&localaddr))
 			continue;
 		/* Compare the addresses */
 		switch(GET_SS_FAMILY(&localaddr))
 		{
 		case AF_INET:
 			{
 				struct sockaddr_in *s = (struct sockaddr_in *)&localaddr, *c = (struct sockaddr_in *)&auth->c_addr;
 				if(s->sin_addr.s_addr == c->sin_addr.s_addr)
 				{
 					/* Match... check if it's real */
 					rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
 					return;
 				}
 				break;
 			}
 		case AF_INET6:
 			{
 				struct sockaddr_in6 *s = (struct sockaddr_in6 *)&localaddr, *c = (struct sockaddr_in6 *)&auth->c_addr;
 				if(IN6_ARE_ADDR_EQUAL(&s->sin6_addr, &c->sin6_addr))
 				{
 					rb_setselect(F, RB_SELECT_READ, read_opm_reply, auth);
 					return;
 				}
 				break;
 			}
 		default:
 			warn_opers(L_CRIT, "OPM: unknown address type in listen function");
 			exit(EX_PROVIDER_ERROR);
 		}
 	}
 	/* We don't care about the socket if we get here */
 	rb_close(F);
 }
 /* Scanners */
 static void
 opm_connected(rb_fde_t *F, int error, void *data)
 {
 	struct opm_scan *scan = data;
 	struct opm_proxy *proxy = scan->proxy;
 	struct auth_client *auth = scan->auth;
 	struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
 	if(error || !opm_enable)
 	{
 		//notice_client(scan->auth->cid, "*** Scan not connected: %s", proxy->note);
 		goto end;
 	}
 	switch(GET_SS_FAMILY(&auth->c_addr))
 	{
 	case AF_INET:
 		if(listeners[LISTEN_IPV4].F == NULL)
 			/* They cannot respond to us */
 			goto end;
 		break;
 	case AF_INET6:
 		if(!proxy->ipv6)
 			/* Welp, too bad */
 			goto end;
 		if(listeners[LISTEN_IPV6].F == NULL)
 			/* They cannot respond to us */
 			goto end;
 		break;
 	default:
 		goto end;
 	}
 	proxy->callback(scan);
 end:
 	rb_close(scan->F);
 	rb_dlinkDelete(&scan->node, &lookup->scans);
 	rb_free(scan);
 }
 static void
 socks4_connected(struct opm_scan *scan)
 {
 	uint8_t sendbuf[9]; /* Size we're building */
 	uint8_t *c = sendbuf;
 	memcpy(c, "\x04\x01", 2); c += 2; /* Socks version 4, connect command */
 	memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
 	memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
 	*c = '\x00'; /* No userid */
 	/* Send header */
 	if(rb_write(scan->F, sendbuf, sizeof(sendbuf)) < 0)
 		return;
 	/* Send note */
 	if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) < 0)
 		return;
 }
 static void
 socks5_connected(struct opm_scan *scan)
 {
 	struct auth_client *auth = scan->auth;
 	uint8_t sendbuf[25]; /* Size we're building */
 	uint8_t *c = sendbuf;
 	/* Build the version header and socks request
 	 * version header (3 bytes): version, number of auth methods, auth type (0 for none)
 	 * connect req (3 bytes): version, command (1 = connect), reserved (0)
 	 */
 	memcpy(c, "\x05\x01\x00\x05\x01\x00", 6); c += 6;
 	switch(GET_SS_FAMILY(&auth->c_addr))
 	{
 	case AF_INET:
 		*(c++) = '\x01'; /* Address type (1 = IPv4) */
 		memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_addr.s_addr), 4); c += 4; /* Address */
 		memcpy(c, &(((struct sockaddr_in *)&scan->listener->addr)->sin_port), 2); c += 2; /* Port */
 		break;
 	case AF_INET6:
 		*(c++) = '\x04'; /* Address type (4 = IPv6) */
 		memcpy(c, ((struct sockaddr_in6 *)&scan->listener->addr)->sin6_addr.s6_addr, 16); c += 16; /* Address */
 		memcpy(c, &(((struct sockaddr_in6 *)&scan->listener->addr)->sin6_port), 2); c += 2; /* Port */
 		break;
 	default:
 		return;
 	}
 	/* Send header */
 	if(rb_write(scan->F, sendbuf, (size_t)(sendbuf - c)) <= 0)
 		return;
 	/* Now the note in a separate write */
 	if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
 		return;
 }
 static void
 http_connect_connected(struct opm_scan *scan)
 {
 	char sendbuf[128]; /* A bit bigger than we need but better safe than sorry */
 	/* Simple enough to build */
 	snprintf(sendbuf, sizeof(sendbuf), "CONNECT %s:%hu HTTP/1.0\r\n\r\n", scan->listener->ip, scan->listener->port);
 	/* Send request */
 	if(rb_write(scan->F, sendbuf, strlen(sendbuf)) <= 0)
 		return;
 	/* Now the note in a separate write */
 	if(rb_write(scan->F, scan->proxy->note, strlen(scan->proxy->note) + 1) <= 0)
 		return;
 	/* MiroTik needs this, and as a separate write */
 	if(rb_write(scan->F, "\r\n", 2) <= 0)
 		return;
 }
 /* Establish connections */
 static inline void
 establish_connection(struct auth_client *auth, struct opm_proxy *proxy)
 {
 	struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
 	struct opm_scan *scan = rb_malloc(sizeof(struct opm_scan));
 	struct opm_listener *listener;
 	struct rb_sockaddr_storage c_a, l_a;
 	int opt = 1;
 	lrb_assert(lookup != NULL);
 	if(GET_SS_FAMILY(&auth->c_addr) == AF_INET6)
 	{
 		if(proxy->proto == PROTO_SOCKS4)
 		{
 			/* SOCKS4 doesn't support IPv6 */
 			rb_free(scan);
 			return;
 		}
 		listener = &listeners[LISTEN_IPV6];
 	}
 	else
 		listener = &listeners[LISTEN_IPV4];
 	if(listener->F == NULL)
 	{
 		/* We can't respond */
 		rb_free(scan);
 		return;
 	}
 	c_a = auth->c_addr;	/* Client */
 	l_a = listener->addr;	/* Listener (connect using its IP) */
 	scan->auth = auth;
 	scan->proxy = proxy;
 	scan->listener = listener;
 	if((scan->F = rb_socket(GET_SS_FAMILY(&auth->c_addr), SOCK_STREAM, 0, proxy->note)) == NULL)
 	{
 		warn_opers(L_WARN, "OPM: could not create OPM socket (proto %s): %s", proxy->note, strerror(errno));
 		rb_free(scan);
 		return;
 	}
 	/* Disable Nagle's algorithim - buffering could affect scans */
 	(void)setsockopt(rb_get_fd(scan->F), IPPROTO_TCP, TCP_NODELAY, (char *)&opt, sizeof(opt));
 	SET_SS_PORT(&l_a, 0);
 	SET_SS_PORT(&c_a, htons(proxy->port));
 	rb_dlinkAdd(scan, &scan->node, &lookup->scans);
 	if(!proxy->ssl)
 		rb_connect_tcp(scan->F,
 				(struct sockaddr *)&c_a,
 				(struct sockaddr *)&l_a,
 				opm_connected, scan, opm_timeout);
 	else
 		rb_connect_tcp_ssl(scan->F,
 				(struct sockaddr *)&c_a,
 				(struct sockaddr *)&l_a,
 				opm_connected, scan, opm_timeout);
 }
 static bool
 create_listener(const char *ip, uint16_t port)
 {
 	struct auth_client *auth;
 	struct opm_listener *listener;
 	struct rb_sockaddr_storage addr;
 	rb_dictionary_iter iter;
 	rb_fde_t *F;
 	int opt = 1;
 	if(!rb_inet_pton_sock(ip, &addr))
 	{
 		warn_opers(L_CRIT, "OPM: got a bad listener: %s:%hu", ip, port);
 		exit(EX_PROVIDER_ERROR);
 	}
 	SET_SS_PORT(&addr, htons(port));
 	if(GET_SS_FAMILY(&addr) == AF_INET6)
 	{
 		struct sockaddr_in6 *a1, *a2;
 		listener = &listeners[LISTEN_IPV6];
 		a1 = (struct sockaddr_in6 *)&addr;
 		a2 = (struct sockaddr_in6 *)&listener->addr;
 		if(IN6_ARE_ADDR_EQUAL(&a1->sin6_addr, &a2->sin6_addr) &&
 			GET_SS_PORT(&addr) == GET_SS_PORT(&listener->addr) &&
 			listener->F != NULL)
 		{
 			/* Listener already exists */
 			return false;
 		}
 	}
 	else
 	{
 		struct sockaddr_in *a1, *a2;
 		listener = &listeners[LISTEN_IPV4];
 		a1 = (struct sockaddr_in *)&addr;
 		a2 = (struct sockaddr_in *)&listener->addr;
 		if(a1->sin_addr.s_addr == a2->sin_addr.s_addr &&
 			GET_SS_PORT(&addr) == GET_SS_PORT(&listener->addr) &&
 			listener->F != NULL)
 		{
 			/* Listener already exists */
 			return false;
 		}
 	}
 	if((F = rb_socket(GET_SS_FAMILY(&addr), SOCK_STREAM, 0, "OPM listener socket")) == NULL)
 	{
 		/* This shouldn't fail, or we have big problems... */
 		warn_opers(L_CRIT, "OPM: cannot create socket: %s", strerror(errno));
 		exit(EX_PROVIDER_ERROR);
 	}
 	if(setsockopt(rb_get_fd(F), SOL_SOCKET, SO_REUSEADDR, (char *)&opt, sizeof(opt)))
 	{
 		/* This shouldn't fail either... */
 		warn_opers(L_CRIT, "OPM: cannot set options on socket: %s", strerror(errno));
 		exit(EX_PROVIDER_ERROR);
 	}
 	if(bind(rb_get_fd(F), (struct sockaddr *)&addr, GET_SS_LEN(&addr)))
 	{
 		/* Shit happens, let's not cripple authd over /this/ since it could be user error */
 		warn_opers(L_WARN, "OPM: cannot bind on socket: %s", strerror(errno));
 		rb_close(F);
 		return false;
 	}
 	if(rb_listen(F, SOMAXCONN, false)) /* deferred accept could interfere with detection */
 	{
 		/* Again, could be user error */
 		warn_opers(L_WARN, "OPM: cannot listen on socket: %s", strerror(errno));
 		rb_close(F);
 		return false;
 	}
 	/* From this point forward we assume we have a listener */
 	if(listener->F != NULL)
 		/* Close old listener */
 		rb_close(listener->F);
 	listener->F = F;
 	/* Cancel clients that may be on old listener
 	 * XXX - should rescan clients that need it
 	 */
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		opm_cancel(auth);
 		/* auth is now invalid as we have no reference */
 	}
 	/* Copy data */
 	rb_strlcpy(listener->ip, ip, sizeof(listener->ip));
 	listener->port = port;
 	listener->addr = addr;
 	opm_enable = true; /* Implicitly set this to true for now if we have a listener */
 	rb_accept_tcp(listener->F, NULL, accept_opm, listener);
 	return true;
 }
 static void
 opm_scan(struct auth_client *auth)
 {
 	rb_dlink_node *ptr;
 	struct opm_lookup *lookup;
 	lrb_assert(auth != NULL);
 	lookup = get_provider_data(auth, SELF_PID);
 	set_provider_timeout_relative(auth, SELF_PID, opm_timeout);
 	lookup->in_progress = true;
 	RB_DLINK_FOREACH(ptr, proxy_scanners.head)
 	{
 		struct opm_proxy *proxy = ptr->data;
 		//notice_client(auth->cid, "*** Scanning for proxy type %s", proxy->note);
 		establish_connection(auth, proxy);
 	}
 	notice_client(auth->cid, "*** Scanning for open proxies...");
 }
 /* This is called every time a provider is completed as long as we are marked not done */
 static void
 opm_initiate(struct auth_client *auth, uint32_t provider)
 {
 	struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
 	lrb_assert(provider != SELF_PID);
 	lrb_assert(!is_provider_done(auth, SELF_PID));
 	lrb_assert(rb_dlink_list_length(&proxy_scanners) > 0);
 	if (lookup == NULL || lookup->in_progress) {
 		/* Nothing to do */
 		return;
 	} else if (run_after_provider(auth, "rdns") && run_after_provider(auth,"ident")) {
 		/* Start scanning if ident and rdns are finished, or not loaded. */
 		opm_scan(auth);
 	}
 }
 static bool
 opm_start(struct auth_client *auth)
 {
 	lrb_assert(get_provider_data(auth, SELF_PID) == NULL);
 	if (!opm_enable || rb_dlink_list_length(&proxy_scanners) == 0) {
 		/* Nothing to do... */
 		provider_done(auth, SELF_PID);
 		return true;
 	}
 	auth_client_ref(auth);
 	set_provider_data(auth, SELF_PID, rb_malloc(sizeof(struct opm_lookup)));
 	if (run_after_provider(auth, "rdns") && run_after_provider(auth, "ident")) {
 		/* Start scanning if ident and rdns are finished, or not loaded. */
 		opm_scan(auth);
 	}
 	return true;
 }
 static void
 opm_cancel(struct auth_client *auth)
 {
 	struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
 	if(lookup != NULL)
 	{
 		rb_dlink_node *ptr, *nptr;
 		notice_client(auth->cid, "*** Did not detect open proxies");
 		RB_DLINK_FOREACH_SAFE(ptr, nptr, lookup->scans.head)
 		{
 			struct opm_scan *scan = ptr->data;
 			rb_close(scan->F);
 			rb_free(scan);
 		}
 		rb_free(lookup);
 		set_provider_data(auth, SELF_PID, NULL);
 		set_provider_timeout_absolute(auth, SELF_PID, 0);
 		provider_done(auth, SELF_PID);
 		auth_client_unref(auth);
 	}
 }
 static void
 opm_destroy(void)
 {
 	struct auth_client *auth;
 	rb_dictionary_iter iter;
 	/* Nuke all opm lookups */
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		opm_cancel(auth);
 		/* auth is now invalid as we have no reference */
 	}
 }
 static void
 add_conf_opm_timeout(const char *key __unused, int parc __unused, const char **parv)
 {
 	int timeout = atoi(parv[0]);
 	if(timeout < 0)
 	{
 		warn_opers(L_CRIT, "opm: opm timeout < 0 (value: %d)", timeout);
 		return;
 	}
 	opm_timeout = timeout;
 }
 static void
 set_opm_enabled(const char *key __unused, int parc __unused, const char **parv)
 {
 	bool enable = (*parv[0] == '1');
 	if(!enable)
 	{
 		if(listeners[LISTEN_IPV4].F != NULL || listeners[LISTEN_IPV6].F != NULL)
 		{
 			struct auth_client *auth;
 			rb_dictionary_iter iter;
 			/* Close the listening socket */
 			if(listeners[LISTEN_IPV4].F != NULL)
 				rb_close(listeners[LISTEN_IPV4].F);
 			if(listeners[LISTEN_IPV6].F != NULL)
 				rb_close(listeners[LISTEN_IPV6].F);
 			listeners[LISTEN_IPV4].F = listeners[LISTEN_IPV6].F = NULL;
 			RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 			{
 				opm_cancel(auth);
 				/* auth is now invalid as we have no reference */
 			}
 		}
 	}
 	else
 	{
 		if(listeners[LISTEN_IPV4].ip[0] != '\0' && listeners[LISTEN_IPV4].port != 0)
 		{
 			if(listeners[LISTEN_IPV4].F == NULL)
 				/* Pre-configured IP/port, just re-establish */
 				create_listener(listeners[LISTEN_IPV4].ip, listeners[LISTEN_IPV4].port);
 		}
 		if(listeners[LISTEN_IPV6].ip[0] != '\0' && listeners[LISTEN_IPV6].port != 0)
 		{
 			if(listeners[LISTEN_IPV6].F == NULL)
 				/* Pre-configured IP/port, just re-establish */
 				create_listener(listeners[LISTEN_IPV6].ip, listeners[LISTEN_IPV6].port);
 		}
 	}
 	opm_enable = enable;
 }
 static void
 set_opm_listener(const char *key __unused, int parc __unused, const char **parv)
 {
 	const char *ip = parv[0];
 	int iport = atoi(parv[1]);
 	if(iport > 65535 || iport <= 0)
 	{
 		warn_opers(L_CRIT, "OPM: got a bad listener: %s:%s", parv[0], parv[1]);
 		exit(EX_PROVIDER_ERROR);
 	}
 	create_listener(ip, (uint16_t)iport);
 }
 static void
 create_opm_scanner(const char *key __unused, int parc __unused, const char **parv)
 {
 	int iport = atoi(parv[1]);
 	struct opm_proxy *proxy = rb_malloc(sizeof(struct opm_proxy));
 	if(iport <= 0 || iport > 65535)
 	{
 		warn_opers(L_CRIT, "OPM: got a bad scanner: %s (port %s)", parv[0], parv[1]);
 		exit(EX_PROVIDER_ERROR);
 	}
 	proxy->port = (uint16_t)iport;
 	switch((proxy->proto = get_protocol_from_string(parv[0])))
 	{
 	case PROTO_SOCKS4:
 		snprintf(proxy->note, sizeof(proxy->note), "socks4:%hu", proxy->port);
 		proxy->ssl = false;
 		proxy->callback = socks4_connected;
 		break;
 	case PROTO_SOCKS5:
 		snprintf(proxy->note, sizeof(proxy->note), "socks5:%hu", proxy->port);
 		proxy->ssl = false;
 		proxy->callback = socks5_connected;
 		break;
 	case PROTO_HTTP_CONNECT:
 		snprintf(proxy->note, sizeof(proxy->note), "httpconnect:%hu", proxy->port);
 		proxy->ssl = false;
 		proxy->callback = http_connect_connected;
 		break;
 	case PROTO_HTTPS_CONNECT:
 		snprintf(proxy->note, sizeof(proxy->note), "httpsconnect:%hu", proxy->port);
 		proxy->callback = http_connect_connected;
 		proxy->ssl = true;
 		break;
 	default:
 		warn_opers(L_CRIT, "OPM: got an unknown proxy type: %s (port %hu)", parv[0], proxy->port);
 		exit(EX_PROVIDER_ERROR);
 	}
 	if(find_proxy_scanner(proxy->proto, proxy->port) != NULL)
 	{
 		warn_opers(L_CRIT, "OPM: got a duplicate scanner: %s (port %hu)", parv[0], proxy->port);
 		rb_free(proxy);
 		return;
 	}
 	rb_dlinkAdd(proxy, &proxy->node, &proxy_scanners);
 }
 static void
 delete_opm_scanner(const char *key __unused, int parc __unused, const char **parv)
 {
 	struct auth_client *auth;
 	struct opm_proxy *proxy;
 	protocol_t proto = get_protocol_from_string(parv[0]);
 	int iport = atoi(parv[1]);
 	rb_dictionary_iter iter;
 	if(iport <= 0 || iport > 65535)
 	{
 		warn_opers(L_CRIT, "OPM: got a bad scanner to delete: %s (port %s)", parv[0], parv[1]);
 		exit(EX_PROVIDER_ERROR);
 	}
 	if(proto == PROTO_NONE)
 	{
 		warn_opers(L_CRIT, "OPM: got an unknown proxy type to delete: %s (port %d)", parv[0], iport);
 		exit(EX_PROVIDER_ERROR);
 	}
 	if((proxy = find_proxy_scanner(proto, (uint16_t)iport)) == NULL)
 	{
 		warn_opers(L_CRIT, "OPM: cannot find proxy to delete: %s (port %d)", parv[0], iport);
 		exit(EX_PROVIDER_ERROR);
 	}
 	/* Abort remaining clients on this scanner */
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		rb_dlink_node *ptr;
 		struct opm_lookup *lookup = get_provider_data(auth, SELF_PID);
 		if(lookup == NULL)
 			continue;
 		auth_client_ref(auth);
 		RB_DLINK_FOREACH(ptr, lookup->scans.head)
 		{
 			struct opm_scan *scan = ptr->data;
 			if(scan->proxy->port == proxy->port && scan->proxy->proto == proxy->proto)
 			{
 				/* Match */
 				rb_dlinkDelete(&scan->node, &lookup->scans);
 				rb_free(scan);
 				if(rb_dlink_list_length(&lookup->scans) == 0)
 					opm_cancel(auth);
 				break;
 			}
 		}
 		auth_client_unref(auth);
 	}
 	rb_dlinkDelete(&proxy->node, &proxy_scanners);
 	rb_free(proxy);
 	if(rb_dlink_list_length(&proxy_scanners) == 0)
 		opm_enable = false;
 }
 static void
 delete_opm_scanner_all(const char *key __unused, int parc __unused, const char **parv __unused)
 {
 	struct auth_client *auth;
 	rb_dlink_node *ptr, *nptr;
 	rb_dictionary_iter iter;
 	RB_DLINK_FOREACH_SAFE(ptr, nptr, proxy_scanners.head)
 	{
 		rb_free(ptr->data);
 		rb_dlinkDelete(ptr, &proxy_scanners);
 	}
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		opm_cancel(auth);
 		/* auth is now invalid as we have no reference */
 	}
 	opm_enable = false;
 }
 static void
 delete_opm_listener_all(const char *key __unused, int parc __unused, const char **parv __unused)
 {
 	if(listeners[LISTEN_IPV4].F != NULL)
 		rb_close(listeners[LISTEN_IPV4].F);
 	if(listeners[LISTEN_IPV6].F != NULL)
 		rb_close(listeners[LISTEN_IPV6].F);
 	memset(&listeners, 0, sizeof(listeners));
 }
 struct auth_opts_handler opm_options[] =
 {
 	{ "opm_timeout", 1, add_conf_opm_timeout },
 	{ "opm_enabled", 1, set_opm_enabled },
 	{ "opm_listener", 2, set_opm_listener },
 	{ "opm_listener_del_all", 0, delete_opm_listener_all },
 	{ "opm_scanner", 2, create_opm_scanner },
 	{ "opm_scanner_del", 2, delete_opm_scanner },
 	{ "opm_scanner_del_all", 0, delete_opm_scanner_all },
 	{ NULL, 0, NULL },
 };
 struct auth_provider opm_provider =
 {
 	.name = "opm",
 	.letter = 'O',
 	.destroy = opm_destroy,
 	.start = opm_start,
 	.cancel = opm_cancel,
 	.timeout = opm_cancel,
 	.completed = opm_initiate,
 	.opt_handlers = opm_options,
 };
--- a/authd/providers/rdns.c
+++ b/authd/providers/rdns.c
@ -1,181 +0,0 @@
 /* authd/providers/rdns.c - rDNS lookup provider for authd
 * Copyright (c) 2016 Elizabeth Myers <elizabeth@interlinked.me>
 *
 * Permission to use, copy, modify, and/or distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice is present in all copies.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
 #include "stdinc.h"
 #include "rb_commio.h"
 #include "authd.h"
 #include "provider.h"
 #include "notice.h"
 #include "res.h"
 #include "dns.h"
 #define SELF_PID (rdns_provider.id)
 struct user_query
 {
 	struct dns_query *query;		/* Pending DNS query */
 };
 /* Goinked from old s_auth.c --Elizabeth */
 static const char *messages[] =
 {
 	"*** Looking up your hostname...",
 	"*** Couldn't look up your hostname",
 	"*** Your hostname is too long, ignoring hostname",
 };
 typedef enum
 {
 	REPORT_LOOKUP,
 	REPORT_FAIL,
 	REPORT_TOOLONG,
 } dns_message;
 static void client_fail(struct auth_client *auth, dns_message message);
 static void client_success(struct auth_client *auth);
 static void dns_answer_callback(const char *res, bool status, query_type type, void *data);
 static int rdns_timeout = RDNS_TIMEOUT_DEFAULT;
 static void
 dns_answer_callback(const char *res, bool status, query_type type, void *data)
 {
 	struct auth_client *auth = data;
 	if(res == NULL || status == false)
 		client_fail(auth, REPORT_FAIL);
 	else if(strlen(res) > HOSTLEN)
 		client_fail(auth, REPORT_TOOLONG);
 	else
 	{
 		rb_strlcpy(auth->hostname, res, HOSTLEN + 1);
 		client_success(auth);
 	}
 }
 static void
 client_fail(struct auth_client *auth, dns_message report)
 {
 	struct user_query *query = get_provider_data(auth, SELF_PID);
 	lrb_assert(query != NULL);
 	rb_strlcpy(auth->hostname, "*", sizeof(auth->hostname));
 	notice_client(auth->cid, messages[report]);
 	cancel_query(query->query);
 	rb_free(query);
 	set_provider_data(auth, SELF_PID, NULL);
 	set_provider_timeout_absolute(auth, SELF_PID, 0);
 	provider_done(auth, SELF_PID);
 	auth_client_unref(auth);
 }
 static void
 client_success(struct auth_client *auth)
 {
 	struct user_query *query = get_provider_data(auth, SELF_PID);
 	lrb_assert(query != NULL);
 	notice_client(auth->cid, "*** Found your hostname: %s", auth->hostname);
 	cancel_query(query->query);
 	rb_free(query);
 	set_provider_data(auth, SELF_PID, NULL);
 	set_provider_timeout_absolute(auth, SELF_PID, 0);
 	provider_done(auth, SELF_PID);
 	auth_client_unref(auth);
 }
 static void
 rdns_destroy(void)
 {
 	struct auth_client *auth;
 	rb_dictionary_iter iter;
 	RB_DICTIONARY_FOREACH(auth, &iter, auth_clients)
 	{
 		if(get_provider_data(auth, SELF_PID) != NULL)
 			client_fail(auth, REPORT_FAIL);
 		/* auth is now invalid as we have no reference */
 	}
 }
 static bool
 rdns_start(struct auth_client *auth)
 {
 	struct user_query *query = rb_malloc(sizeof(struct user_query));
 	auth_client_ref(auth);
 	set_provider_data(auth, SELF_PID, query);
 	set_provider_timeout_relative(auth, SELF_PID, rdns_timeout);
 	query->query = lookup_hostname(auth->c_ip, dns_answer_callback, auth);
 	notice_client(auth->cid, messages[REPORT_LOOKUP]);
 	return true;
 }
 static void
 rdns_cancel(struct auth_client *auth)
 {
 	struct user_query *query = get_provider_data(auth, SELF_PID);
 	if(query != NULL)
 		client_fail(auth, REPORT_FAIL);
 }
 static void
 add_conf_dns_timeout(const char *key, int parc, const char **parv)
 {
 	int timeout = atoi(parv[0]);
 	if(timeout < 0)
 	{
 		warn_opers(L_CRIT, "rDNS: DNS timeout < 0 (value: %d)", timeout);
 		exit(EX_PROVIDER_ERROR);
 	}
 	rdns_timeout = timeout;
 }
 struct auth_opts_handler rdns_options[] =
 {
 	{ "rdns_timeout", 1, add_conf_dns_timeout },
 	{ NULL, 0, NULL },
 };
 struct auth_provider rdns_provider =
 {
 	.name = "rdns",
 	.letter = 'R',
 	.destroy = rdns_destroy,
 	.start = rdns_start,
 	.cancel = rdns_cancel,
 	.timeout = rdns_cancel,
 	.opt_handlers = rdns_options,
 };
--- a/autogen.sh
+++ b/autogen.sh
@ -1,96 +0,0 @@
 #! /bin/sh
 TOP_DIR=$(dirname $0)
 LAST_DIR=$PWD
 if test ! -f $TOP_DIR/configure.ac ; then
   echo "You must execute this script from the top level directory."
   exit 1
 fi
 AUTOCONF=${AUTOCONF:-autoconf}
 ACLOCAL=${ACLOCAL:-aclocal}
 AUTOMAKE=${AUTOMAKE:-automake}
 AUTOHEADER=${AUTOHEADER:-autoheader}
 LIBTOOLIZE=${LIBTOOLIZE:-libtoolize}
 #SHTOOLIZE=${SHTOOLIZE:-shtoolize}
 dump_help_screen ()
 {
   echo "Usage: $0 [options]"
   echo 
   echo "options:"
   echo "  -n           skip CVS changelog creation"
   echo "  -h,--help    show this help screen"
   echo
   exit 0
 }
 parse_options ()
 {
   while test "$1" != "" ; do
      case $1 in
         -h|--help)
            dump_help_screen
            ;;
         -n)
            SKIP_CVS_CHANGELOG=yes
            ;;
         *)
            echo Invalid argument - $1
            dump_help_screen
            ;;
      esac
      shift
   done
 }
 run_or_die ()
 {
   COMMAND=$1
   # check for empty commands
   if test -z "$COMMAND" ; then
      echo "*warning* no command specified"
      return 1
   fi
   shift;
   OPTIONS="$@"
   # print a message
   echo -n "*info* running $COMMAND"
   if test -n "$OPTIONS" ; then
      echo " ($OPTIONS)"
   else
      echo
   fi
   # run or die
   $COMMAND $OPTIONS ; RESULT=$?
   if test $RESULT -ne 0 ; then
      echo "*error* $COMMAND failed. (exit code = $RESULT)"
      exit 1
   fi
   return 0
 }
 parse_options "$@"
 echo "Building librb autotools files."
 cd "$TOP_DIR"/librb
 sh autogen.sh
 echo "Building main autotools files."
 cd "$LAST_DIR"
 run_or_die $ACLOCAL -I m4
 run_or_die $LIBTOOLIZE --force --copy
 run_or_die $AUTOHEADER
 run_or_die $AUTOCONF
 run_or_die $AUTOMAKE --add-missing --copy
 #run_or_die $SHTOOLIZE all
--- a/bandb/Makefile.am
+++ b/bandb/Makefile.am
@ -1,11 +0,0 @@
 pkglibexec_PROGRAMS = bandb
 bin_PROGRAMS = solanum-bantool
 AM_CFLAGS=$(WARNFLAGS)
 AM_CPPFLAGS = -I../include -I../librb/include @SQLITE_INCLUDES@
 bandb_SOURCES = bandb.c rsdb_sqlite3.c rsdb_snprintf.c
 bandb_LDADD = ../librb/src/librb.la @SQLITE_LD@
 solanum_bantool_SOURCES = bantool.c rsdb_sqlite3.c rsdb_snprintf.c
 solanum_bantool_LDADD = ../librb/src/librb.la @SQLITE_LD@
--- a/bandb/Makefile.in
+++ b/bandb/Makefile.in
@ -0,0 +1,110 @@
 #
 # Makefile.in for bandb/src
 #
 # $Id: Makefile.in 1285 2006-05-05 15:03:53Z nenolod $
 #
 CC              = @CC@
 INSTALL         = @INSTALL@
 INSTALL_BIN     = @INSTALL_PROGRAM@
 INSTALL_DATA    = @INSTALL_DATA@
 INSTALL_SUID    = @INSTALL_PROGRAM@ -o root -m 4755
 RM              = @RM@
 LEX             = @LEX@
 LEXLIB          = @LEXLIB@
 CFLAGS          = @IRC_CFLAGS@ -DIRCD_PREFIX=\"@prefix@\"
 LDFLAGS         = @LDFLAGS@
 MKDEP           = @MKDEP@ -DIRCD_PREFIX=\"@prefix@\"
 MV              = @MV@
 RM              = @RM@
 prefix          = @prefix@
 exec_prefix     = @exec_prefix@
 bindir          = @bindir@
 libdir		= @libdir@
 libexecdir      = @libexecdir@
 pkglibexecdir   = @pkglibexecdir@
 sysconfdir	= @sysconfdir@
 localstatedir   = @localstatedir@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 PROGRAM_PREFIX   = @PROGRAM_PREFIX@
 SQLITE_LIBS	= @SQLITE_LD@
 SQLITE_INCLUDES	= @SQLITE_INCLUDES@
 ZIP_LIB		= @ZLIB_LD@
 IRCDLIBS	= @MODULES_LIBS@ -L../libratbox/src/.libs -lratbox @LIBS@ $(SSL_LIBS) $(ZIP_LIB) $(SQLITE_LIBS)
 INCLUDES        = -I. -I../include -I../libratbox/include $(SSL_INCLUDES) $(SQLITE_INCLUDES)
 CPPFLAGS        = ${INCLUDES} @CPPFLAGS@
 CFLAGS          += -DSQLITE_THREADSAFE=0 -DSQLITE_OMIT_LOAD_EXTENSION=1
 pkglibexec_PROGS = bandb
 bin_PROGS       = bantool
 PROGS		= $(pkglibexec_PROGS) $(bin_PROGS)
 BANDB_SOURCES =     \
  bandb.c	\
  rsdb_snprintf.c \
  rsdb_sqlite3.c \
  @SQLITE_SRC@
 BANDB_OBJECTS = ${BANDB_SOURCES:.c=.o}
 BANTOOL_SOURCES =     \
  bantool.c	\
  rsdb_snprintf.c \
  rsdb_sqlite3.c \
  @SQLITE_SRC@
 BANTOOL_OBJECTS = ${BANTOOL_SOURCES:.c=.o}
 all: bandb bantool
 build: all
 bandb: ${BANDB_OBJECTS}
 	${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${BANDB_OBJECTS} ${IRCDLIBS}
 bantool: ${BANTOOL_OBJECTS}
 	${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${BANTOOL_OBJECTS} ${IRCDLIBS}
 install: build
 	@echo "ircd: installing bandb ($(PROGS))"
 	@for i in $(bin_PROGS); do \
                if test -f $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i; then \
                        $(MV) $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i.old; \
                fi; \
                $(INSTALL_BIN) $$i $(DESTDIR)$(bindir)/$(PROGRAM_PREFIX)$$i; \
        done
 	@for i in $(pkglibexec_PROGS); do \
 		if test -f '$(DESTDIR)$(pkglibexecdir)/'$$i; then \
 			$(MV) '$(DESTDIR)$(pkglibexecdir)/'$$i '$(DESTDIR)$(pkglibexecdir)/'$$i.old; \
 		fi; \
 		$(INSTALL_BIN) $$i '$(DESTDIR)$(pkglibexecdir)/'$$i; \
 	done
 .c.o:
 	${CC} ${CPPFLAGS} ${CFLAGS} -c $<
 .PHONY: depend clean distclean
 depend:
 	@${MKDEP} ${CPPFLAGS} ${SOURCES} > .depend.tmp
 	@sed -e '/^# DO NOT DELETE THIS LINE/,$$d' <Makefile >Makefile.depend
 	@echo '# DO NOT DELETE THIS LINE!!!' >>Makefile.depend
 	@echo '# make depend needs it.' >>Makefile.depend
 	@cat .depend.tmp >>Makefile.depend
 	@mv Makefile.depend Makefile
 	@rm -f .depend.tmp
 clean:
 	${RM} -f *.o *~ *.core core bandb bantool
 lint:
 	lint -aacgprxhH $(CPPFLAGS) -DIRCD_PREFIX=\"@prefix@\" $(SOURCES) >>../lint.out
 distclean: clean
 	${RM} -f Makefile
 # End of Makefile
--- a/bandb/bandb.c
+++ b/bandb/bandb.c
@ -26,12 +26,14 @@
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * $Id: bandb.c 26094 2008-09-19 15:33:46Z androsyn $
 */
 #include "setup.h"
-#include <rb_lib.h>
+#include <ratbox_lib.h>
 #include <stdio.h>
 #include "rsdb.h"
-#include "ircd_defs.h"
+#include "common.h"
 #define MAXPARA 10
@ -159,11 +161,11 @@ list_bans(void)
 		for(j = 0; j < table.row_count; j++)
 		{
 			if(i == BANDB_KLINE)
-				snprintf(buf, sizeof(buf), "%c %s %s %s :%s",
+				rb_snprintf(buf, sizeof(buf), "%c %s %s %s :%s",
 					    bandb_letter[i], table.row[j][0],
 					    table.row[j][1], table.row[j][2], table.row[j][3]);
 			else
-				snprintf(buf, sizeof(buf), "%c %s %s :%s",
+				rb_snprintf(buf, sizeof(buf), "%c %s %s :%s",
 					    bandb_letter[i], table.row[j][0],
 					    table.row[j][2], table.row[j][3]);
@ -236,10 +238,7 @@ parse_request(rb_helper *helper)
 }
-static void
+static void __attribute__((noreturn))
 error_cb(rb_helper *helper) __attribute__((noreturn));
 static void
 error_cb(rb_helper *helper)
 {
 	if(in_transaction)
@ -247,15 +246,18 @@ error_cb(rb_helper *helper)
 	exit(1);
 }
 #ifndef WINDOWS
 static void
 dummy_handler(int sig)
 {
 	return;
 }
 #endif
 static void
 setup_signals(void)
 {
 #ifndef WINDOWS
 	struct sigaction act;
 	act.sa_flags = 0;
@ -278,17 +280,15 @@ setup_signals(void)
 	act.sa_handler = dummy_handler;
 	sigaction(SIGALRM, &act, 0);
 #endif
 }
-static void
+static void __attribute__((noreturn))
 db_error_cb(const char *errstr) __attribute__((noreturn));
 static void
 db_error_cb(const char *errstr)
 {
 	char buf[256];
-	snprintf(buf, sizeof(buf), "! :%s", errstr);
+	rb_snprintf(buf, sizeof(buf), "! :%s", errstr);
 	rb_helper_write(bandb_helper, "%s", buf);
 	rb_sleep(1 << 30, 0);
 	exit(1);
@ -302,16 +302,16 @@ main(int argc, char *argv[])
 	if(bandb_helper == NULL)
 	{
 		fprintf(stderr,
-			"This is the solanum bandb for internal ircd use.\n");
+			"This is ircd-ratbox bandb.  You aren't supposed to run me directly. Maybe you want bantool?\n");
 		fprintf(stderr,
-			"You aren't supposed to run me directly (did you want solanum-bantool?). Exiting.\n");
+			"However I will print my Id tag $Id: bandb.c 26094 2008-09-19 15:33:46Z androsyn $\n");
 		fprintf(stderr, "Have a nice day\n");
 		exit(1);
 	}
 	rsdb_init(db_error_cb);
 	check_schema();
 	rb_helper_loop(bandb_helper, 0);
-
+	/* UNREACHABLE */
 	return 0;
 }
 static void
--- a/bandb/bantool.c
+++ b/bandb/bantool.c
@ -22,6 +22,9 @@
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
 *  $Id: bantool.c 26164 2008-10-26 19:52:43Z androsyn $
 *
 *
 * The following server admins have either contributed various configs to test against,
 * or helped with debugging and feature requests. Many thanks to them.
 * stevoo / efnet.port80.se
@ -40,9 +43,11 @@
 #include <time.h>
 #include "stdinc.h"
 #include "common.h"
 #include "rsdb.h"
 #define EmptyString(x) ((x == NULL) || (*(x) == '\0'))
 #define CheckEmpty(x) EmptyString(x) ? "" : x
 #define BT_VERSION "0.4.1"
@ -91,16 +96,16 @@ struct counter
 /* flags set by command line options */
 struct flags
 {
-	bool none;
+	int none;
-	bool export;
+	int export;
-	bool import;
+	int import;
-	bool verify;
+	int verify;
-	bool vacuum;
+	int vacuum;
-	bool pretend;
+	int pretend;
-	bool verbose;
+	int verbose;
-	bool wipe;
+	int wipe;
-	bool dupes_ok;
+	int dupes_ok;
-} flag = {true, false, false, false, false, false, false, false, false};
+} flag = {YES, NO, NO, NO, NO, NO, NO, NO, NO};
 /* *INDENT-ON* */
 static int table_has_rows(const char *table);
@ -141,34 +146,34 @@ main(int argc, char *argv[])
 		{
 		case 'h':
 			print_help(EXIT_SUCCESS);
-			break;
+			/* noreturn call above, this is unreachable */
 		case 'i':
-			flag.none = false;
+			flag.none = NO;
-			flag.import = true;
+			flag.import = YES;
 			break;
 		case 'e':
-			flag.none = false;
+			flag.none = NO;
-			flag.export = true;
+			flag.export = YES;
 			break;
 		case 'u':
-			flag.none = false;
+			flag.none = NO;
-			flag.verify = true;
+			flag.verify = YES;
 			break;
 		case 's':
-			flag.none = false;
+			flag.none = NO;
-			flag.vacuum = true;
+			flag.vacuum = YES;
 			break;
 		case 'p':
-			flag.pretend = true;
+			flag.pretend = YES;
 			break;
 		case 'v':
-			flag.verbose = true;
+			flag.verbose = YES;
 			break;
 		case 'w':
-			flag.wipe = true;
+			flag.wipe = YES;
 			break;
 		case 'd':
-			flag.dupes_ok = true;
+			flag.dupes_ok = YES;
 			break;
 		default:	/* '?' */
 			print_help(EXIT_FAILURE);
@ -196,9 +201,10 @@ main(int argc, char *argv[])
 		rb_strlcpy(etc, ETCPATH, sizeof(ETCPATH));
 	fprintf(stdout,
-		"* solanum bantool v.%s\n", BT_VERSION);
+		"* ircd-ratbox bantool v.%s ($Id: bantool.c 26164 2008-10-26 19:52:43Z androsyn $)\n",
 		BT_VERSION);
-	if(flag.pretend == false)
+	if(flag.pretend == NO)
 	{
 		if(rsdb_init(db_error_cb) == -1)
 		{
@ -212,7 +218,7 @@ main(int argc, char *argv[])
 		if(flag.import && flag.wipe)
 		{
-			flag.dupes_ok = true;	/* dont check for dupes if we are wiping the db clean */
+			flag.dupes_ok = YES;	/* dont check for dupes if we are wiping the db clean */
 			for(i = 0; i < 3; i++)
 				fprintf(stdout,
 					"* WARNING: YOU ARE ABOUT TO WIPE YOUR DATABASE!\n");
@ -224,19 +230,16 @@ main(int argc, char *argv[])
 			wipe_schema();
 		}
 	}
-	if(flag.verbose && flag.dupes_ok == true)
+	if(flag.verbose && flag.dupes_ok == YES)
 		fprintf(stdout, "* Allowing duplicate bans...\n");
 	/* checking for our files to import or export */
 	for(i = 0; i < LAST_BANDB_TYPE; i++)
 	{
-		if (snprintf(conf, sizeof(conf), "%s/%s.conf%s",
+		rb_snprintf(conf, sizeof(conf), "%s/%s.conf%s",
-			    etc, bandb_table[i], bandb_suffix[i]) >= sizeof(conf)) {
+			    etc, bandb_table[i], bandb_suffix[i]);
 			fprintf(stderr, "* Error: Config filename too long\n");
 			exit(EXIT_FAILURE);
 		}
-		if(flag.import && flag.pretend == false)
+		if(flag.import && flag.pretend == NO)
 			rsdb_transaction(RSDB_TRANS_START);
 		if(flag.import)
@ -245,7 +248,7 @@ main(int argc, char *argv[])
 		if(flag.export)
 			export_config(conf, i);
-		if(flag.import && flag.pretend == false)
+		if(flag.import && flag.pretend == NO)
 			rsdb_transaction(RSDB_TRANS_END);
 	}
@ -294,11 +297,11 @@ export_config(const char *conf, int id)
 		return;
 	if(strstr(conf, ".perm") != 0)
-		snprintf(sql, sizeof(sql),
+		rb_snprintf(sql, sizeof(sql),
 			    "SELECT DISTINCT mask1,mask2,reason,oper,time FROM %s WHERE perm = 1 ORDER BY time",
 			    bandb_table[id]);
 	else
-		snprintf(sql, sizeof(sql),
+		rb_snprintf(sql, sizeof(sql),
 			    "SELECT DISTINCT mask1,mask2,reason,oper,time FROM %s WHERE perm = 0 ORDER BY time",
 			    bandb_table[id]);
@ -327,7 +330,7 @@ export_config(const char *conf, int id)
 		{
 		case BANDB_DLINE:
 		case BANDB_DLINE_PERM:
-			snprintf(buf, sizeof(buf),
+			rb_snprintf(buf, sizeof(buf),
 				    "\"%s\",\"%s\",\"\",\"%s\",\"%s\",%s\n",
 				    table.row[j][mask1],
 				    mangle_reason(table.row[j][reason]),
@ -337,7 +340,7 @@ export_config(const char *conf, int id)
 		case BANDB_XLINE:
 		case BANDB_XLINE_PERM:
-			snprintf(buf, sizeof(buf),
+			rb_snprintf(buf, sizeof(buf),
 				    "\"%s\",\"0\",\"%s\",\"%s\",%s\n",
 				    escape_quotes(table.row[j][mask1]),
 				    mangle_reason(table.row[j][reason]),
@ -346,7 +349,7 @@ export_config(const char *conf, int id)
 		case BANDB_RESV:
 		case BANDB_RESV_PERM:
-			snprintf(buf, sizeof(buf),
+			rb_snprintf(buf, sizeof(buf),
 				    "\"%s\",\"%s\",\"%s\",%s\n",
 				    table.row[j][mask1],
 				    mangle_reason(table.row[j][reason]),
@ -355,7 +358,7 @@ export_config(const char *conf, int id)
 		default:	/* Klines */
-			snprintf(buf, sizeof(buf),
+			rb_snprintf(buf, sizeof(buf),
 				    "\"%s\",\"%s\",\"%s\",\"\",\"%s\",\"%s\",%s\n",
 				    table.row[j][mask1], table.row[j][mask2],
 				    mangle_reason(table.row[j][reason]),
@ -494,13 +497,13 @@ import_config(const char *conf, int id)
 		/* append operreason_field to reason_field */
 		if(!EmptyString(f_oreason))
-			snprintf(newreason, sizeof(newreason), "%s | %s", f_reason, f_oreason);
+			rb_snprintf(newreason, sizeof(newreason), "%s | %s", f_reason, f_oreason);
 		else
-			snprintf(newreason, sizeof(newreason), "%s", f_reason);
+			rb_snprintf(newreason, sizeof(newreason), "%s", f_reason);
-		if(flag.pretend == false)
+		if(flag.pretend == NO)
 		{
-			if(flag.dupes_ok == false)
+			if(flag.dupes_ok == NO)
 				drop_dupes(f_mask1, f_mask2, bandb_table[id]);
 			rsdb_exec(NULL,
@ -743,7 +746,7 @@ check_schema(void)
 		NULL
 	};
-	for(i = 0; i < LAST_BANDB_TYPE; i += 2 /* skip over _PERM */)
+	for(i = 0; i < LAST_BANDB_TYPE; i++)
 	{
 		if(!table_exists(bandb_table[i]))
 		{
@ -770,6 +773,8 @@ check_schema(void)
 					  columns[j], type);
 			}
 		}
 		i++;		/* skip over .perm */
 	}
 }
@ -807,16 +812,17 @@ table_has_rows(const char *dbtab)
 }
 /**
- * completely wipes out an existing ban.db of all entries.
+ * completly wipes out an existing ban.db of all entries.
 */
 static void
 wipe_schema(void)
 {
 	int i;
 	rsdb_transaction(RSDB_TRANS_START);
-	for(i = 0; i < LAST_BANDB_TYPE; i += 2 /* double increment to skip over _PERM */)
+	for(i = 0; i < LAST_BANDB_TYPE; i++)
 	{
 		rsdb_exec(NULL, "DROP TABLE %s", bandb_table[i]);
 		i++;		/* double increment to skip over .perm */
 	}
 	rsdb_transaction(RSDB_TRANS_END);
@ -853,7 +859,7 @@ bt_smalldate(const char *string)
 	lt = gmtime(&t);
 	if(lt == NULL)
 		return NULL;
-	snprintf(buf, sizeof(buf), "%d/%d/%d %02d.%02d",
+	rb_snprintf(buf, sizeof(buf), "%d/%d/%d %02d.%02d",
 		    lt->tm_year + 1900, lt->tm_mon + 1, lt->tm_mday, lt->tm_hour, lt->tm_min);
 	return buf;
 }
@ -861,11 +867,12 @@ bt_smalldate(const char *string)
 /**
 * you are here ->.
 */
-void
+static void
-print_help(int i_exit)
+print_help(const int i_exit)
 {
-	fprintf(stderr, "bantool v.%s - the solanum database tool.\n", BT_VERSION);
+	fprintf(stderr, "bantool v.%s - the ircd-ratbox database tool.\n", BT_VERSION);
 	fprintf(stderr, "Copyright (C) 2008 Daniel J Reidy <dubkat@gmail.com>\n");
 	fprintf(stderr, "$Id: bantool.c 26164 2008-10-26 19:52:43Z androsyn $\n\n");
 	fprintf(stderr, "This program is distributed in the hope that it will be useful,\n"
 		"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
 		"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the\n"
@ -880,17 +887,18 @@ print_help(int i_exit)
 	fprintf(stderr, "       -s : Reclaim empty slack space the database may be taking up.\n");
 	fprintf(stderr, "       -u : Update the database tables to support any new features.\n");
 	fprintf(stderr,
-		"            This is automatically done if you are importing or exporting\n");
+		"            This is automaticlly done if you are importing or exporting\n");
 	fprintf(stderr, "            but should be run whenever you upgrade the ircd.\n");
 	fprintf(stderr,
 		"       -p : pretend, checks for the configs, and parses them, then tells you some data...\n");
 	fprintf(stderr, "            but does not touch your database.\n");
 	fprintf(stderr,
 		"       -v : Be verbose... and it *is* very verbose! (intended for debugging)\n");
-	fprintf(stderr, "       -d : Enable checking for redundant entries.\n");
+	fprintf(stderr, "       -d : Enable checking for redunant entries.\n");
-	fprintf(stderr, "       -w : Completely wipe your database clean. May be used with -i \n");
+	fprintf(stderr, "       -w : Completly wipe your database clean. May be used with -i \n");
 	fprintf(stderr,
 		"     path : An optional directory containing old ratbox configs for import, or export.\n");
 	fprintf(stderr, "            If not specified, it looks in PREFIX/etc.\n");
 	exit(i_exit);
 }
--- a/bandb/rsdb.h
+++ b/bandb/rsdb.h
@ -1,3 +1,4 @@
 /* $Id: rsdb.h 26164 2008-10-26 19:52:43Z androsyn $ */
 #ifndef INCLUDED_rsdb_h
 #define INCLUDED_rsdb_h
--- a/bandb/rsdb_snprintf.c
+++ b/bandb/rsdb_snprintf.c
@ -5,6 +5,8 @@
 * Should you choose to use and/or modify this source code, please
 * do so under the terms of the GNU General Public License under which
 * this library is distributed.
 *
 * $Id: rsdb_snprintf.c 26094 2008-09-19 15:33:46Z androsyn $
 */
 #include "stdinc.h"
 #include "rsdb.h"
--- a/bandb/rsdb_sqlite3.c
+++ b/bandb/rsdb_sqlite3.c
@ -27,6 +27,8 @@
 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * $Id: rsdb_sqlite3.c 26182 2008-11-11 02:52:41Z androsyn $
 */
 #include "stdinc.h"
 #include "rsdb.h"
@ -45,7 +47,7 @@ mlog(const char *errstr, ...)
 		char buf[256];
 		va_list ap;
 		va_start(ap, errstr);
-		vsnprintf(buf, sizeof(buf), errstr, ap);
+		rb_vsnprintf(buf, sizeof(buf), errstr, ap);
 		va_end(ap);
 		error_cb(buf);
 	}
@ -71,14 +73,14 @@ rsdb_init(rsdb_error_cb * ecb)
 	if(sqlite3_open(dbpath, &rb_bandb) != SQLITE_OK)
 	{
-		snprintf(errbuf, sizeof(errbuf), "Unable to open sqlite database: %s",
+		rb_snprintf(errbuf, sizeof(errbuf), "Unable to open sqlite database: %s",
 			    sqlite3_errmsg(rb_bandb));
 		mlog(errbuf);
 		return -1;
 	}
 	if(access(dbpath, W_OK))
 	{
-		snprintf(errbuf, sizeof(errbuf),  "Unable to open sqlite database for write: %s", strerror(errno));
+		rb_snprintf(errbuf, sizeof(errbuf),  "Unable to open sqlite database for write: %s", strerror(errno));
 		mlog(errbuf);
 		return -1;
 	}
--- a/bandb/sqlite3.c
+++ b/bandb/sqlite3.c
--- a/bandb/sqlite3.h
+++ b/bandb/sqlite3.h
--- a/11453
+++ b/11453
--- a/configure.ac
+++ b/configure.ac
--- a/default.nix
+++ b/default.nix
@ -0,0 +1,26 @@
 { stdenv, bash
 , flex, bison
 , openssl, gnutls, zlib }:
 stdenv.mkDerivation {
  pname = "charybdis";
  version = "3.5.7";
  src = ./.;
  patches = [
    ./patches/bandb-remove-setenv.patch
  ];
  configureFlags = [
    "--enable-epoll"
    "--enable-ipv6"
    "--with-zlib-path=${zlib.dev}/lib"
    "--enable-openssl=${openssl.dev}"
    "--with-program-prefix=charybdis-"
    "--sysconfdir=/etc/charybdis"
  ];
  nativeBuildInputs = [ bison flex ];
  buildInputs = [ openssl gnutls zlib ];
 }
--- a/doc/CIDR.txt
+++ b/doc/CIDR.txt
@ -0,0 +1,316 @@
 $Id: CIDR.txt 6 2005-09-10 01:02:21Z nenolod $
 CIDR Information
 ----------------
  Presently, we all use IPv4.  The format of IPv4 is the following:
 A.B.C.D
  Where letters 'A' through 'D' are 8-bit values.  In English, this
  means each digit can have a value of 0 to 255.  Example:
 129.56.4.234
  Digits are called octets.  Oct meaning 8, hence 8-bit values.  An
  octet cannot be greater than 255, and cannot be less than 0 (eg. a
  negative number).
  CIDR stands for "classless inter domain routing", details covered
  in RFC's 1518 and 1519. It was introduced mainly due to waste within
  A and B classes space. The goal was to make it possible to use
  smaller nets than it would seem from (above) IP classes, for instance
  by dividing one B class into 256 "C like" classes. The other goal was
  to allow aggregation of routing information, so that routers could use
  one aggregated route (like 194.145.96.0/20) instead of
  advertising 16 C classes.
  Class A are all these addresses which first bit is "0",
  bitmap: 0nnnnnnn.hhhhhhhh.hhhhhhhh.hhhhhhhh (n=net, h=host)
  IP range is 0.0.0.0 - 127.255.255.255
  Class B are all these addresses which first two bits are "10",
  bitmap: 10nnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh (n=net, h=host)
  IP range is 128.0.0.0 - 191.255.255.255
  Class C are all these addresses which first three bits are "110",
  bitmap: 110nnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh (n=net, h=host)
  IP range is 192.0.0.0 - 223.255.255.255
  Class D are all these addresses which first four bits are "1110",
  this is multicast class and net/host bitmap doesn't apply here
  IP range is 224.0.0.0 - 239.255.255.255
  I bet they will never IRC, unless someone creates multicast IRC :)
  Class E are all these addresses which first five bits are "11110",
  this class is reserved for future use
  IP range is 240.0.0.0 - 247.255.255.255
  So, here is how CIDR notation comes into play.
  For those of you who have real basic exposure to how networks are
  set up, you should be aware of the term "netmask."  Basically, this
  is a IPv4 value which specifies the "size" of a network.  You can
  assume the word "size" means "range" if you want.
  A chart describing the different classes in CIDR format and their
  wildcard equivalents would probably help at this point:
 CIDR version	dot notation (netmask)	Wildcard equivalent
 -----------------------------------------------------------------
 A.0.0.0/8	A.0.0.0/255.0.0.0	A.*.*.*  or  A.*
 A.B.0.0/16	A.B.0.0/255.255.0.0	A.B.*.*  or  A.B.*
 A.B.C.0/24	A.B.C.0/255.255.255.0	A.B.C.*  or  A.B.C.*
 A.B.C.D/32	A.B.C.D/255.255.255.255	A.B.C.D
  The question on any newbies mind at this point is "So what do all
  of those values & numbers actually mean?"
  Everything relating to computers is based on binary values (1s and
  zeros).  Binary plays a *tremendous* role in CIDR notation.  Let's
  break it down to the following table:
          A            B            C            D
       --------     --------     --------     --------
 /8  == 11111111  .  00000000  .  00000000  .  00000000  == 255.0.0.0
 /16 == 11111111  .  11111111  .  00000000  .  00000000  == 255.255.0.0
 /24 == 11111111  .  11111111  .  11111111  .  00000000  == 255.255.255.0
 /32 == 11111111  .  11111111  .  11111111  .  11111111  == 255.255.255.255
  The above is basically a binary table for the most common netblock
  sizes.  The "1"s you see above are the 8-bit values for each octet.
  If you split an 8-bit value into each of it's bits, you find the
  following:
 00000000
 ^^^^^^^^_ 1sts place  (1)
 |||||||__ 2nds place  (2)
 ||||||___ 3rds place  (4)
 |||||____ 4ths place  (8)
 ||||_____ 5ths place  (16)
 |||______ 6ths place  (32)
 ||_______ 7ths place  (64)
 |________ 8ths place  (128)
  Now, since computers consider zero a number, you pretty much have
  to subtract one (so-to-speak; this is not really how its done, but
  just assume it's -1 :-) ) from all the values possible.  Some
  examples of decimal values in binary:
 15  == 00001111  (from left to right: 8+4+2+1)
 16  == 00010000  (from left to right: 16)
 53  == 00110101  (from left to right: 32+16+4+1)
 79  == 01001111  (from left to right: 64+8+4+1)
 254 == 11111110  (from left to right: 128+64+32+16+8+4+2)
  So, with 8 bits, the range (as I said before) is zero to 255.
  If none of this is making sense to you at this point, you should
  back up and re-read all of the above.  I realize it's a lot, but
  it'll do you some good to re-read it until you understand :-).
  So, let's modify the original table a bit by providing CIDR info
  for /1 through /8:
          A            B            C            D
       --------     --------     --------     --------
 /1  == 10000000  .  00000000  .  00000000  .  00000000  == 128.0.0.0
 /2  == 11000000  .  00000000  .  00000000  .  00000000  == 192.0.0.0
 /3  == 11100000  .  00000000  .  00000000  .  00000000  == 224.0.0.0
 /4  == 11110000  .  00000000  .  00000000  .  00000000  == 240.0.0.0
 /5  == 11111000  .  00000000  .  00000000  .  00000000  == 248.0.0.0
 /6  == 11111100  .  00000000  .  00000000  .  00000000  == 252.0.0.0
 /7  == 11111110  .  00000000  .  00000000  .  00000000  == 254.0.0.0
 /8  == 11111111  .  00000000  .  00000000  .  00000000  == 255.0.0.0
  At this point, all of this should making a lot of sense, and you
  should be able to see the precision that you can get by using CIDR
  at this point.  If not, well, I guess the best way to put it would
  be that wildcards always assume /8, /16, or /24 (yes hello Piotr,
  we can argue this later: I am referring to IPs *ONLY*, not domains
  or FQDNs :-) ).
  This table will provide a reference to all of the IPv4 CIDR values
 cidr|netmask (dot notation)
 ----+---------------------
 /1  | 128.0.0.0
 /2  | 192.0.0.0
 /3  | 224.0.0.0
 /4  | 240.0.0.0
 /5  | 248.0.0.0
 /6  | 252.0.0.0
 /7  | 254.0.0.0
 /8  | 255.0.0.0
 /9  | 255.128.0.0
 /10 | 255.192.0.0
 /11 | 255.224.0.0
 /12 | 255.240.0.0
 /13 | 255.248.0.0
 /14 | 255.252.0.0
 /15 | 255.254.0.0
 /16 | 255.255.0.0
 /17 | 255.255.128.0
 /18 | 255.255.192.0
 /19 | 255.255.224.0
 /20 | 255.255.240.0
 /21 | 255.255.248.0
 /22 | 255.255.252.0
 /23 | 255.255.254.0
 /24 | 255.255.255.0
 /25 | 255.255.255.128
 /26 | 255.255.255.192
 /27 | 255.255.255.224
 /28 | 255.255.255.240
 /29 | 255.255.255.248
 /30 | 255.255.255.252
 /31 | 255.255.255.254
 /32 | 255.255.255.255
  So, let's take all of the information above, and apply it to a
  present-day situation on IRC.
  Let's say you have a set of flooding clients who all show up from
  the following hosts.  For lack-of a better example, I'll use a
  subnet here at Best:
 nick1  (xyz@shell9.ba.best.com)  [206.184.139.140]
 nick2  (abc@shell8.ba.best.com)  [206.184.139.139]
 nick3  (foo@shell12.ba.best.com) [206.184.139.143]
  Most people will assume the  they were all in the same class C
  (206.184.139.0/24  or  206.184.139.*).
  This, as a matter of fact, is not true.  Now, the reason *I* know
  this is solely because I work on the network here; those IPs are
  not delegated to a class C, but two portions of a class C (128 IPs
  each).  That means the class C is actually split into these two
  portions:
 Netblock               IP range
 --------               --------
 206.184.139.0/25       206.184.139.0   to 206.184.139.127
 206.184.139.128/25     206.184.139.128 to 206.184.139.255
  For the record, 206.184.139.0 and 206.184.139.128 are both known as
  "network addresses" (not to be confused with "netblocks" or "Ethernet
  hardware addresses" or "MAC addresses").  Network addresses are
  *ALWAYS EVEN*.
  206.184.139.127 and 206.184.139.255 are what are known as broadcast
  addresses.  Broadcast addresses are *ALWAYS ODD*.
  Now, the aforementioned list of clients are in the 2nd subnet shown
  above, not the first.  The reason for this should be obvious.
  The remaining question is, "Well that's nice, you know what the netblock
  is for Best.  What about us?  We don't know that!"
  Believe it or not, you can find out the network block size by using
  whois -h WHOIS.ARIN.NET on the IP in question.  ARIN keeps a list of
  all network blocks and who owns them -- quite useful, trust me.  I
  think I use ARIN 5 or 6 times a day, especially when dealing with
  D-lines.  Example:
 $ whois -h whois.arin.net 206.184.139.140
 Best Internet Communications, Inc. (NETBLK-NBN-206-184-BEST)
 345 East Middlefield Road
 Mountain View, CA 94043
 Netname: NBN-206-184-BEST
 Netblock: 206.184.0.0 - 206.184.255.255
 Maintainer: BEST
  Does this mean you should D-line 206.184.0.0/16?  Probably not.
  That's an entire class B-sized block, while you're only trying
  to deny access to a subnetted class C.
  So then how do you get the *real* info?  Well, truth is, you don't.
  You have to pretty much take a guess at what it is, if ARIN reports
  something that's overly vague.  Best, for example, was assigned the
  above class B-sized block.  We can subnet it however we want without
  reporting back to ARIN how we have it subnetted.  We own the block,
  and that's all that matters (to ARIN).
  Not all subnets are like this, however.  Smaller subnets you may
  find partitioned and listed on ARIN; I've seen /29 blocks for DSL
  customers show up in ARIN before.
  So, use ARIN any chance you get.  The more precision the better!
  Now, there is a small issue I want to address regarding use of CIDR
  notation.  Let's say you D-line the following in CIDR format (hi
  sion ;-) ):
 205.100.132.18/24
  Entries like this really makes my blood boil, solely because it adds
  excessive confusion and is just basically pointless.  If you
  examine the above, you'll see the /24 is specifying an entire
  class C -- so then what's the purpose of using .18 versus .0?
  There IS no purpose.  The netmask itself will mask out the .18 and
  continue to successfully use 205.100.132.0/24.
  Doing things this way just adds confusion, especially on non-octet-
  aligned subnets (such as /8, /16, /24, or /32).  Seeing that on a
  /27 or a /19 might make people go "wtf?"
  I know for a fact this doc lacks a lot of necessary information,
  like how the actual netmask/CIDR value play a role in "masking out"
  the correct size, and what to do is WHOIS.ARIN.NET returns no
  netblock information but instead a few different company names with
  NIC handles.  I'm sure you can figure this stuff out on your own,
  or just ask an administrator friend of yours who DOES know.  A lot
  of us admins are BOFH types, but if you ask us the right questions,
  you'll benefit from the answer quite thoroughly.
  Oh, I almost forgot.  Most Linux systems use a different version of
  "whois" than FreeBSD does.  The syntax for whois on Linux is
  "whois <INFO>@whois.arin.net", while under FreeBSD it is
  "whois -h whois.arin.net <INFO>"  Debian uses yet another version
  of whois that is incompatible with the above syntax options.
  Note that the FreeBSD whois client has shortcuts for the most commonly
  used whois servers.  "whois -a <INFO>" is the shortcut for ARIN.
  Also note that ARIN is not authoritative for all IP blocks on the 
  Internet.  Take for example 212.158.123.66.  A whois query to ARIN
  will return the following information:
 $ whois -h whois.arin.net 212.158.123.66
 European Regional Internet Registry/RIPE NCC (NET-RIPE-NCC-)
   These addresses have been further assigned to European users.
   Contact information can be found in the RIPE database, via the
   WHOIS and TELNET servers at whois.ripe.net, and at
   http://www.ripe.net/db/whois.html
   Netname: RIPE-NCC-212
   Netblock: 212.0.0.0 - 212.255.255.255
   Maintainer: RIPE
  This query tells us that it is a European IP block, and is further
  handled by RIPE's whois server.  We must then query whois.ripe.net
  to get more information.
 $ whois -h whois.ripe.net 212.158.123.66
 % Rights restricted by copyright. See
  http://www.ripe.net/ripencc/pub-services/db/copyright.html
 inetnum:     212.158.120.0 - 212.158.123.255
 netname:     INSNET-P2P
 descr:       Point to Point Links for for London Nodes
 country:     GB
 --snip--
  This tells us the actual IP block that the query was a part of.
  Other whois servers that you may see blocks referred to are: 
  whois.ripn.net for Russia, whois.apnic.net for Asia, Australia, and
  the Pacific, and whois.6bone.net for IPv6 blocks.
 Contributed by Jeremy Chadwick <jdc@best.net>
 Piotr Kucharski <chopin@sgh.waw.pl> 
 W. Campbell <wcampbel@botbay.net> and
 Ariel Biener <ariel@fireball.tau.ac.il>
--- a/doc/Hybrid-team
+++ b/doc/Hybrid-team
@ -0,0 +1,61 @@
 $Id: Hybrid-team 54 2005-09-10 05:12:55Z nenolod $
 The hybrid team is a group of ircd coders who were frustrated
 with the instability and all-out "dirtiness" of the EFnet ircd's
 available. "hybrid" is the name for the collective efforts of a group
 of people, all of us.
 Anyone is welcome to contribute to this effort. You are encouraged
 to participate in the Hybrid mailing list. To subscribe to the
 Hybrid List, use this link:
  https://lists.ircd-hybrid.org/mailman/listinfo/hybrid
 The core team as, of this major release:
 adx, Piotr Nizynski <adx@irc7.pl>
 billy-jon, William Bierman III <bill@mu.org>
 cryogen, Stuart Walsh <stu@ipng.org.uk>
 Dianora, Diane Bruce <db@db.net>
 joshk, Joshua Kwan <joshk@triplehelix.org>
 kire, Erik Small <smalle@hawaii.edu>
 knight, Alan LeVee <alan.levee@prometheus-designs.net>
 metalrock, Jack Low <jclow@csupomona.edu>
 Michael, Michael Wobst <michael.wobst@gmail.com>
 Rodder, Jon Lusky <lusky@blown.net>
 Wohali, Joan Touzet <joant@ieee.org>
 The following people have contributed blood, sweat, and/or code to
 recent releases of Hybrid, in nick alphabetical order:
 A1kmm, Andrew Miller <a1kmm@mware.virtualave.net>
 AndroSyn, Aaron Sethman <androsyn@ratbox.org>
 bane, Dragan Dosen <bane@idolnet.org>
 bysin, Ben Kittridge <bkittridge@cfl.rr.com>
 cosine, Patrick Alken <wnder@uwns.underworld.net>
 David-T, David Taylor <davidt@yadt.co.uk>
 fl, Lee Hardy <lee@leeh.co.uk>
 Garion, Joost Vunderink <garion@efnet.nl>
 Habeeb, David Supuran <habeeb@cfl.rr.com>
 Hwy101, W. Campbell <wcampbel@botbay.net>
 jmallett, Juli Mallett <jmallett@FreeBSD.org>
 jv, Jakub Vlasek <jv@pilsedu.cz>
 k9, Jeremy Chadwick <ircd@jdc.parodius.com>
 kre, Dinko Korunic <kreator@fly.srk.fer.hr>
 madmax, Paul Lomax <madmax@efnet.org>
 nenolod, William Pitcock <nenolod@nenolod.net>
 Riedel, Dennis Vink, <riedel@chaotic.nl>
 scuzzy, David Todd <scuzzy@aniverse.net>
 spookey, David Colburn <spookey@spookey.org>
 TimeMr14C, Yusuf Iskenderoglu <uhc0@stud.uni-karlsruhe.de>
 toot, Toby Verrall <to7@antipope.fsnet.co.uk>
 vx0, Mark Miller <mark@oc768.net>
 wiz, Jason Dambrosio <jason@wiz.cx>
 Xride, Søren Straarup <xride@x12.dk>
 zb^3, Alfred Perlstein <alfred@freebsd.org>
 Others are welcome. Always. And if we left anyone off the above list,
 be sure to let us know that too. Many others have contributed to
 previous versions of this ircd and its ancestors, too many to list
 here.
 Send bug fixes/complaints/rotten tomatoes to bugs@ircd-hybrid.org.
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@ -1,36 +0,0 @@
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
 exec_suffix	= @exec_suffix@
 bindir		= @bindir@
 libexecdir	= @libexecdir@
 sysconfdir		= @sysconfdir@
 localstatedir	= @localstatedir@
 # Local to the etc Makefile
 CONFS		= ircd.conf.example reference.conf
 install-mkdirs:
 	-@if test ! -d $(DESTDIR)$(sysconfdir); then \
 		echo "mkdir -p $(sysconfdir)"; \
 		mkdir -p $(DESTDIR)$(sysconfdir); \
 	fi
 install: install-mkdirs
 	@echo "ircd: installing example config files ($(CONFS))"
 	@for i in $(CONFS); do \
 		if test -f $(DESTDIR)$(sysconfdir)/$$i; then \
 			$(MV) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$i.old; \
 		fi; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \
 	done
 	-@if test ! -f $(DESTDIR)$(sysconfdir)/ircd.motd; then \
 		echo "ircd: installing motd file (ircd.motd)"; \
 		$(INSTALL_DATA) ircd.motd $(DESTDIR)$(sysconfdir); \
 	fi
 	-@if test -f $(DESTDIR)$(sysconfdir)/links.txt; then \
 		$(RM) $(DESTDIR)$(sysconfdir)/links.txt; \
 	fi
--- a/doc/Makefile.in
+++ b/doc/Makefile.in
@ -0,0 +1,92 @@
 # $Id: Makefile.in 3376 2007-04-03 11:37:39Z nenolod $
 CC		= @CC@
 INSTALL		= @INSTALL@
 INSTALL_BIN	= @INSTALL_PROGRAM@
 INSTALL_DATA	= @INSTALL_DATA@
 INSTALL_SUID	= @INSTALL_PROGRAM@ -o root -m 4755
 RM		= @RM@
 LEX		= @LEX@
 LEXLIB		= @LEXLIB@
 CFLAGS		= @IRC_CFLAGS@ -DIRCD_PREFIX=\"@prefix@\"
 LDFLAGS		= @LDFLAGS@
 MKDEP		= ${CC} -MM
 MV		= @MV@
 RM		= @RM@
 CP		= @CP@
 TOUCH		= @TOUCH@
 PROGRAM_PREFIX  = @PROGRAM_PREFIX@
 prefix		= @prefix@
 exec_prefix	= @exec_prefix@
 exec_suffix	= @exec_suffix@
 bindir		= @bindir@
 libexecdir	= @libexecdir@
 sysconfdir		= @sysconfdir@
 localstatedir	= @localstatedir@
 # Change this later! -- adrian
 moduledir	= @moduledir@
 automoduledir	= @moduledir@/autoload
 # Local to the etc Makefile
 mandir          = @mandir@/man8
 MANPAGES        = ircd.8
 CONFS		= ircd.conf.example reference.conf
 SSL_LIBS	= @SSL_LIBS@
 SSL_INCLUDES	= @SSL_INCLUDES@
 IRCDLIBS	= @LIBS@ $(SSL_LIBS)
 INCLUDES	= -I../include $(SSL_INCLUDES)
 CPPFLAGS	= ${INCLUDES} @CPPFLAGS@
 all: build
 install-mkdirs:
 	-@if test ! -d $(DESTDIR)$(sysconfdir); then \
 		echo "mkdir -p $(sysconfdir)"; \
 		mkdir -p $(DESTDIR)$(sysconfdir); \
 	fi
 	-@if test ! -d $(DESTDIR)$(mandir); then \
 		echo "mkdir -p $(mandir)"; \
 		mkdir -p $(DESTDIR)$(mandir); \
 	fi
 install: install-mkdirs build
 	@echo "ircd: installing example config files ($(CONFS))"
 	@for i in $(CONFS); do \
 		if test -f $(DESTDIR)$(sysconfdir)/$$i; then \
 			$(MV) $(DESTDIR)$(sysconfdir)/$$i $(DESTDIR)$(sysconfdir)/$$i.old; \
 		fi; \
 		$(INSTALL_DATA) $$i $(DESTDIR)$(sysconfdir); \
 	done
 	-@if test ! -f $(DESTDIR)$(sysconfdir)/ircd.motd; then \
 		echo "ircd: installing motd file (ircd.motd)"; \
 		$(INSTALL_DATA) ircd.motd $(DESTDIR)$(sysconfdir); \
 	fi
 	-@if test -f $(DESTDIR)$(sysconfdir)/links.txt; then \
 		$(RM) $(DESTDIR)$(sysconfdir)/links.txt; \
 	fi
 	@echo "ircd: installing manpage"
 	@for i in $(MANPAGES); do \
 		if test ! -f $(DESTDIR)$(mandir)/$(PROGRAM_PREFIX)$$i; then \
 			$(INSTALL_DATA) $$i $(DESTDIR)$(mandir)/$(PROGRAM_PREFIX)$$i; \
 		fi; \
 	done
 build:
 clean:
 depend:
 lint:
 distclean:
 	${RM} -f Makefile
--- a/doc/README.cidr_bans
+++ b/doc/README.cidr_bans
@ -0,0 +1,17 @@
 $Id: README.cidr_bans 6 2005-09-10 01:02:21Z nenolod $ 
 Basically what this patch does is allow for users to use cidr masks when
 setting bans, exceptions, and invite invex(modes beI respectively).  This
 works for both IPv4 and IPv6 addresses.  
 I won't go into details of how cidr works here, but to use them, you could
 do something like:
 /mode #foo +b *!*@10.0.0.0/8 
 /mode #foo +e *!*@10.0.10.0/24
 Aaron Sethman <androsyn@ratbox.org>
 August 06, 2002
--- a/doc/Ratbox-team
+++ b/doc/Ratbox-team
@ -0,0 +1,18 @@
 $Id: Ratbox-team 1640 2006-06-05 00:02:19Z jilles $
 ircd-ratbox is an evolution where ircd-hybrid left off around version 7-rc1.  
 Currently the ircd-ratbox team consists of the following developers:
 AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
 anfl, Lee Hardy <lee -at- leeh.co.uk>
 Special thanks for support, code and ideas to:
 Hwy, W. Campbell <wcampbel -at- botbay.net>
 jilles, Jilles Tjoelker <jilles -at- stack.nl>
 larne, Edward Brocklesby <ejb -at- sdf.lonestar.org>
 Of course our work is based on the work of many, many others over the past
 10 or so years since irc has existed, including the work done by the Hybrid
 team, our thanks goes to them.
--- a/doc/Tao-of-IRC.940110
+++ b/doc/Tao-of-IRC.940110
@ -0,0 +1,272 @@
 The Tao of Internet Relay Chat
 Copyright (C) Ove Ruben R Olsen 1994
 Version of 940110
 Contributing masters: Master ScottM
 -----
 Something is formed by the electrons, born in the silent cable. Shaping
 and growing and ungrowing. It is there yet not there. It is the source of
 Internet Relay Chat. I do not know the name, thus I will call it the Tao
 of Internet Relay Chat.
 If the Tao is great, then the IRC is running ceaselessly. If the IRC is 
 great then the server is running without ever stoping. If the server is 
 great then the client will always be the server. The luser is then pleased 
 and there is Chat in the world.
 The Tao of IRC squits far away and connects on returning.
 -----
 The genetic potential of birth, a lot to know, yet unknown.
 In the begining there was nothing. 
 Out of nothing the Tao gave birth to tolsun.oulu.fi. tolsun gave birth to
 OuluBox. 
 OuluBox gave birth to rmsg.
 rmsg was not Tao, so MUT gave birth to IRC.
 No one knows when IRC came into existance, the mighty master WiZ have it 
 to be at the end of the eight month in the year of the Dragon.
 -----
 Each channel has its purpose, however humble. Each channel is the Yin and
 Yang of IRC. Each channels has it's place within the IRC.
 In the beginning there was only channel 0, thus channel 0 is the soil of
 IRC. 
 Channel 1 to channel 10 then was open as the sea. Channel 11 to 999 was the 
 trees and forests of IRC. Channels above 999 should not be mentioned, and
 channels below 0 were unborn and contained many secrets.
 This was not the right Tao, so IRC gave birth to +channels. 
 +channels had the yin and yang. Mode does not.
 This was not the right Tao still, so IRC gave birth to #channels. 
 #channels have the yin and yang.
 Only channel 0 is the right path to Tao, but avoid speaking on channel 0.
 -----
 There was a great dispute among the Broom-Walkers of the Relay. Some of them
 wanted neither yin nor yang. Out of this Eris came into existance. Some of the
 Broom-Walkers then created Eris Free-net. 
 This was the right Tao.
 Kind Gentle and Boring Net was another wrong path to the Tao of Internet Relay 
 Chat.
 Some time later there was a quantity of some lusers who wanted to be 
 Broom-Walkers also. The Eris Free Broom-Walkers did not agree with them, 
 thus a new IRC was born. This IRC is called the Undernet. 
 But this is not the right Tao, either.
 -----
 There will always be disputes among the Broom-Walkers of Internet Relay Chat.
 This is the very nature of the IRC.
 -----
 Lusers that do not understand the Tao is always using the yang of Mode on 
 their channels. Lusers that do understand the Tao are always using Ignore
 on their channels.
 How could this not be so ?
 -----
 The wise sage luser is told about the Chat and uses it. The luser is told 
 about the IRC and is looking for it. The flock are told about the Tao and
 make a fool of the IRC.
 If there was no laughter, there would be no Tao.
 -----
 The master says:
 "Without the Tao of Internet Relay Chat, life becomes meaningless."
 The Relay of the old time was mysterious and sacred. We can neither imagine 
 its thoughts nor path; we are left but to describe.
 -----
 The sage luser must be aware like a frog crossing the highway.
 -----
 The great master Wumpus once dreamed that he was an automaton. When he awoke
 he exclaimed:
 	"I don't know whether I am Wumpus dreaming that I am a client,
 	 or a client dreaming that I am Wumpus!"
 So was the first Automata born. 
 The master Nap then said:
 	"Any automata should not speak unless spoken to.
 	 Any automata shall only whisper when spoken to."
 Thus replied the master Gnarfer:
 	"The lusers shall keep in mind that a automata can be either good or
 	 bad. Create good automata, and the IRC will hail you and you will 
 	 gain fame and fortune. Create bad automata and people will start to 
 	 hate you, and finaly you will be /KILLed to ethernal damnation"
 Many lusers have fallen into the clutches of ethernal damnation. They where 
 not following the Tao.
 -----
 There once was a luser who went to #BotSex. Each day he saw the automatons. 
 The luser decided that he also would have such a automata.
 He asked another luser for his automata. The other luser gave his automata
 away.
 The luser was not within the Tao, so he just started the automata. The automata
 had only Yang inside so all the lusers files where deleted.
 Some moons laither the same luser then had become a sage luser, and did create
 his automata from the very grounds with materials found inside the IRC.
 The luser was now within the Tao and his automata lived happily ever after.
 -----
 There once was a master who wrote automatons without the help of master Phone.
 A novice luser, seeking to imitate him, began with the help of master Phone.
 When the novice luser asked the master to evaluate his automata the master
 replied: "What is a working automata for the master is not for the luser.
 You must must BE the IRC before automating."
 -----
 Master BigCheese gave birth to master Troy; his duty clear. Master Troy gave 
 birth to master Phone, for the Tao of Irc must be eternal and must flow as the 
 ceaseless river of Time itself.
 -----
 Master Phone once said about the ircII client:
 	"public_msg is for a message from someone NOT on the channel
 	 public_other is for a message on a channel that doesn't belong to
 	 a window. public is for a message on a channel that belongs to a 
 	 window!"
 Out of this raised the mighty chaos.
 -----
 The sage luser came to the master who wrote automata without the help of 
 master Phone. The sage luser asked the master who wrote automata: "Which is 
 easiest to make. A automata with the help of master Phone or an automata 
 made with the help of a language ?"
 The master who wrote automata then replied:
 	"With the help of a language."
 The sage luser was disapointed and exclaimed: "But, with master Phone you
 do not need to know anything about the soil of IRC. Is not that the easiet
 way ?"
 "Not really" said the master who wrote automata, "when using master Phone
 you are closed inside a box. For sure, it is a great box for the lusers,
 but the master will need more power, thus a language is the only path to go.
 With the language the master will never have to limit himself. When using
 such a language the master will seek the best between the need and the
 availibility."
 "I see", said the sage luser.
 This is the essence of Tao of IRC automatas.
 -----
 A client should be light and be used for communication. The spirit of a good
 client is that it should be very convinient for the luser to use, but hard
 for the luser who want to create automata.
 There should never ever be too many functions or too few functions. 
 There should always be a ignore.
 Without ignore the client is not within the Tao of Chating.
 The client should always respond the luser with messages that will not 
 astnonish him too much. The server likewise. If the server does not, then it
 is the clients job to explain what the server says.
 A client which fails this, will be useless and cause confusion for the lusers.
 The only way to correct this is to use another client or to write a new one.
 -----
 A luser asked the masters on #IrcHelp: "My client does not work".
 The masters replied: "Upgrade your client".
 The luser then wondered why the master knew. The master then told him about
 the Protocol.
 "Your client does not work beaucse it does not understand the server. Why
 should it always work ? Only a fool would expect such. But, clients are made
 by humans, and humans are not perfect. Only Tao is.
 The IRC is solid. The IRC is floating, and will always be dynamic. Live with 
 that or /quit."
 -----
 The luser came to the masters of #IrcHelp, asking about the Tao of IRC within
 the client.
 The masters then said that the Tao of IRC always lies inside the client
 regardless of how the client connects to the server.
 "Is the Tao in irc ?" asked the luser.
 "It so is" replied the masters of #IrcHelp.
 "Is the Tao in the ircII, Kiwi, rxirc, vms, rockers and msa ?" asked the 
 luser.
 "In all of them and in the TPC, irchat, zenirc, zircon X11-irc and even the 
 dos irc has the Tao" said the master quietly.
 "Is the Tao in a telnet connection directly to the server ?" 
 The master then was quiet for a long time and said. "Please leave, such 
 questions are not within the Tao of IRC".
 -----
 The master says: "Without the Protocol of TCP the messages will not travel.
                  Without the client, the server is useless."
 -----
 There once was a luser who used the ircII client. "ircII can do anything I 
 ever need for using IRC" said the emacs client user, "I have /ON's, I have 
 assignments, I have aliasing. Why don't you use this instead of the huge 
 emacs client, which also has a messy screen?"
 The emacs client user then replied by saying that "it is better to have a
 scripting language that is the client instead of have a client that has
 a scripting language." Upon hearing this, the ircII client luser fell silent.
 -----
 The master Wumpus said: "Time for you to leave. I did, now I'm happy."
 The master Gnarfer replied: "Use, but never overuse IRC, then you will also 
 be happy within IRC"
 -----
 A luser came unto the masters of #EU-Opers and asked, "How can I be, yet not 
 be, a user@host within the IRC?"
 The masters of #EU-Opers replied: "To be Tao is to be ones true self. To hide
 ones self is not Tao, and is not IRC, you have much to learn before you shall 
 be at rest within the Flow of Irc.  Please leave"
--- a/doc/features/account-notify.txt
+++ b/doc/features/account-notify.txt
@ -1,7 +1,7 @@
 account-notify client capability specification
 ----------------------------------------------
-Copyright (c) 2010 Ariadne Conill <ariadne@dereferenced.org>.
+Copyright (c) 2010 William Pitcock <nenolod@atheme.org>.
 Unlimited redistribution and modification of this document is allowed
 provided that the above copyright notice and this permission notice
--- a/doc/features/away-notify.txt
+++ b/doc/features/away-notify.txt
--- a/doc/features/challenge.txt
+++ b/doc/features/challenge.txt
@ -51,6 +51,9 @@ If aes256 is not available, the following is used instead:
 - Building ratbox-respond -
 ---------------------------
 If you are using the unix based ratbox-respond this must be built.  For the
 windows version, ratbox-winrespond, please see http://respond.ircd-ratbox.org
 ratbox-respond takes the challenge from the server, and together with your 
 private key file generates a response to be sent back.  ratbox-respond
 requires the openssl headers (ie, development files) and openssl libraries
@ -79,3 +82,5 @@ ratbox-respond/README for more information.
 A number of scripts for clients have already been written to automate this
 process, see client-scripts/README for more information.
 -- 
 $Id: challenge.txt 678 2006-02-03 20:25:01Z jilles $
--- a/doc/features/collision_fnc.txt
+++ b/doc/features/collision_fnc.txt
@ -43,3 +43,5 @@ the same on all servers for each nick-user pair, also if a user with a UID
 nick changes their nick but is collided again (the server detecting the
 collision will not propagate the nick change further).
 -- 
 $Id: collision_fnc.txt 3422 2007-04-22 14:35:28Z jilles $
--- a/doc/connecting-servers.rst
+++ b/doc/connecting-servers.rst
@ -1,129 +0,0 @@
 Connecting servers
 ==================
 Servers can be connected together to improve redundancy, distribute bandwidth,
 lower latency, and connect network services.
 This document is an introduction to connecting servers. It assumes you are
 already somewhat familiar with Solanum's configuration (if not, read
 :file:`ircd.conf.example`, and set up your own server by editing it
 and running Solanum).
 Solanum uses the TS6 protocol, and can only be connected with other servers
 using this protocol. We recommend you only connect Solanum with other Solanum
 instances.
 Unlike some other IRCd implementations, all connections are reciprocal in
 Solanum, which means a single configuration block is used for both incoming
 and outgoing connections.
 Additionally, the same ports are used for server and client connections.
 Creating servers
 ----------------
 If you already have a server running, copy its configuration to a new machine,
 and edit ``serverinfo`` for the new server. In particular, you must change the
 ``name`` and ``sid``, but keep the same ``network_name``.
 We recommend you keep both configurations in sync using some external
 configuration management systems, so server configurations do not drift apart
 over time, as you change them.
 For each of the two servers, you must create a ``connect`` block to represent
 the connection with the other server. For example, if you have servers A and B
 respectively at a.example.org and b.example.org, use respectively::
   serverinfo {
           name = "a.example.org";
           // ...
   };
   connect "b.example.org" {
           host = "203.0.113.2";
           port = 6666;
           send_password = "password";
           accept_password = "anotherpassword";
           flags = topicburst, autoconn;
           class = "server";
   };
 and::
   serverinfo {
           name = "b.example.org";
           // ...
   };
   connect "a.example.org" {
           host = "203.0.113.1";
           port = 6666;
           send_password = "anotherpassword";
           accept_password = "password";
           flags = topicburst, autoconn;
           class = "server";
   };
 Note the reversed passwords.
 The ports should be any of the ports defined in a ``listen {}`` block of the
 other server.
 The ``autoconn`` flag indicates a server should automatically connect using
 this ``connect {}`` block. At least one of the two servers should have it,
 or the servers won't try to connect.
 If you are connecting servers over an unencrypted link, you should use SSL/TLS
 for the connection; see :file:`reference.conf`.
 Connecting services
 -------------------
 In addition to regular servers, you can also connect service packages such
 as atheme-services.
 These services typically do not accept incoming connections, and connect to
 one of the existing servers of the network.
 To allow connections from such a service server, you should create
 a new ``connect {}`` block for this package, on the server the services
 will connect to::
   connect "services.example.org" {
           host = "localhost";
           port = 6666;
           send_password = "password";
           accept_password = "anotherpassword";
           flags = topicburst;  // No autoconn, services don't accept incoming connections
           class = "server";
   };
 And create the appropriate config in your services' configuration so that
 they connect to your server on the configured port, and from the configured
 hostname.
 For example, with atheme::
   loadmodule "modules/protocol/solanum";
   uplink "a.example.org" {
           host = "localhost";
           port = 6666;
           send_password = "anotherpassword";
           receive_password = "password"
   };
 Finally, you must configure all servers in your network to recognize the
 services server::
   service {
           name = "services.example.org";
   };
--- a/doc/credits-past.txt
+++ b/doc/credits-past.txt
@ -1,276 +0,0 @@
 ===============================================================================
 IRCD 2.8 CREDITS
 ===============================================================================
 /************************************************************************
 *   IRC - Internet Relay Chat, doc/AUTHORS
 *   Copyright (C) 1990
 *
 * AUTHORS FILE:
 *   This file attempts to remember all contributors to the IRC
 *   developement. Names can be only added this file, no name
 *   should never be removed. This file must be included into all
 *   distributions of IRC and derived works.
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 1, or (at your option)
 *   any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 IRC was conceived of and written by Jarkko Oikarinen <jto@tolsun.oulu.fi>.
 IRC was originally written in University of Oulu, Computing Center.
 Jan 1991 - IRC 2.6  jto@tolsun.oulu.fi
 	- Multiple Channels and protocol changes
 Contributions were made by a cast of dozens, including the following:
 Markku Jarvinen <mta@tut.fi>: Emacs-like editing facility for the client
 Kimmo Suominen <kim@kannel.lut.fi>: HP-UX port
 Jeff Trim <jtrim@orion.cair.du.edu>: enhancements and advice
 Vijay Subramaniam <vijay@lll-winken.llnl.gov>: advice and ruthless publicity
 Karl Kleinpaste <karl@cis.ohio-state.edu>: user's manual
 Greg Lindahl <gl8f@virginia.edu>: AUTOMATON code, the Wumpus GM automaton,
 myriad bug fixes
 Bill Wisner <wisner@hayes.fai.alaska.edu>: numerous bug fixes and code
 enhancements
 Tom Davis <conslt16@zeus.unl.edu> and Tim Russell <russell@zeus.unl.edu>:
 VMS modifications
 Markku Savela <msa@tel4.tel.vtt.fi>: advice, support, and being the
 incentive to do some of our *own* coding. :)
 Tom Hopkins <hoppie@buengf.bu.edu>: bug fixes, quarantine lines,
 consolidation of various patches.
 Christopher Davis <ckd@cs.bu.edu>: EFnet/Anet gateway coding,
 many automata ;), documentation fixing.
 Helen Rose <hrose@cs.bu.edu>: documentation updating, and fixing.
 Tom Hinds <rocker@bucsf.bu.edu>: emacs client updating.
 Tim Miller <cerebus@bu-pub.bu.edu>: various server and client-breaking
 features.
 Darren Reed <avalon@coombs.anu.edu.au>: various bug fixes and enhancements.
 Introduced nickname and channelname hash tables into the server.
 The version 2.2 release was coordinated by Mike Bolotski
 <mikeb@salmon.ee.ubc.ca>.
 The version 2.4 release was coordinated by Markku Savela and
 Chelsea Ashley Dyerman
 The version 2.5.2 release was coordinated by Christopher Davis, Helen Rose,
 and Tom Hopkins.
 The versions 2.6.2, 2.7 and 2.8 releases were coordinated by Darren Reed.
 Contributions for the 2.8 release from the following people:
 Matthew Green <phone@coombs.anu.edu.au>
 Chuck Kane <ckane@ece.uiuc.edu>
 Matt Lyle <matt@oc.com>
 Vesa Ruokonen <ruokonen@lut.fi>
 Markku Savela <Markku.Savela@vtt.fi> / April 1990
 Fixed various bugs in 2.2PL1 release server (2.2msa.4) and changed
 sockets to use non-blocking mode (2.2msa.9). [I have absolutely
 nothing to do with clients :-]
 Chelsea Ashley Dyerman <chelsea@earth.cchem.berkeley.edu> / April 1990
 Rewrote the Makefiles, restructuring of source tree. Added libIrcd.a to
 the Makefile macros, numerous reformatting of server text messages, and
 added mkversion.sh to keep track of compilation statistics. Numerous
 bug fixes and enhancements, and co-coordinator of the 2.4 release.
 jarlek@ifi.uio.no added mail functions to irc.
 Armin Gruner <gruner@informatik.tu-muenchen.de> / May, June 1990:
 * Patched KILL-line feature for ircd.conf, works now.
  Enhancement:  Time intervals can be specified in passwd-field.
  Result: KILL-Line is only active during these intervals
 * Patched PRIVMSG handling, now OPER can specify masks for sending
  private messages, advantage: msg to all at a specified server or host.
 * Little tests on irc 2.5 alpha, fixed some little typos in client code.
  Change: common/debug.c has been moved to ircd/s_debug.c, and a
  irc/c_debug.c has been created, for the benefit that wrong server msg
  are displayed if client does not recognize them. (strange, if a server
  sends an 'unknown command', isn't it?)
 Tom Hopkins <hoppie@buengf.bu.edu> / September, October 1990:
 * Patched msa's K lines for servers (Q lines).
 * Consolidated several patches, including Stealth's logging patch.
 * Fixed several minor bugs.
 * Has done lots of other stuff that I can't seem to remember, but he
  always works on code, so he has to have done alot more than three
  lines worth. :)
 Thanks go to those persons not mentioned here who have added their advice,
 opinions, and code to IRC.
 Various modifications, bugreports, cleanups and testing by:
 Hugo Calendar <hugo@ucscb.ucsc.edu>
 Bo Adler <adler@csvax.cs.caltech.edu>
 Michael Sandrof <ms5n+@andrew.cmu.edu>
 Jon Solomon <jsol@cs.bu.edu>
 Jan Peterson <jlp@hamblin.math.byu.edu>
 Nathan Glasser <nathan@brokaw.lcs.mit.edu>
 Helen Rose <hrose@eff.org>
 Mike Pelletier <stealth@caen.engin.umich.edu>
 Basalat Ali Raja <gwydion@tavi.rice.edu>
 Eric P. Scott <eps@toaster.sfsu.edu>
 Dan Goodwin <fornax@wpi.wpi.edu>
 Noah Friedman <friedman@ai.mit.edu>
 ===============================================================================
 IRCD-HYBRID CREDITS
 ===============================================================================
 The hybrid team is a group of ircd coders who were frustrated
 with the instability and all-out "dirtiness" of the EFnet ircd's
 available. "hybrid" is the name for the collective efforts of a group
 of people, all of us.
 Anyone is welcome to contribute to this effort. You are encouraged
 to participate in the Hybrid mailing list. To subscribe to the
 Hybrid List, use this link:
  https://lists.ircd-hybrid.org/mailman/listinfo/hybrid
 The core team as, of this major release:
 adx, Piotr Nizynski <adx@irc7.pl>
 billy-jon, William Bierman III <bill@mu.org>
 cryogen, Stuart Walsh <stu@ipng.org.uk>
 Dianora, Diane Bruce <db@db.net>
 joshk, Joshua Kwan <joshk@triplehelix.org>
 kire, Erik Small <smalle@hawaii.edu>
 knight, Alan LeVee <alan.levee@prometheus-designs.net>
 metalrock, Jack Low <jclow@csupomona.edu>
 Michael, Michael Wobst <michael.wobst@gmail.com>
 Rodder, Jon Lusky <lusky@blown.net>
 Wohali, Joan Touzet <joant@ieee.org>
 The following people have contributed blood, sweat, and/or code to
 recent releases of Hybrid, in nick alphabetical order:
 A1kmm, Andrew Miller <a1kmm@mware.virtualave.net>
 AndroSyn, Aaron Sethman <androsyn@ratbox.org>
 Ariadne, Ariadne Conill <ariadne@dereferenced.org>
 bane, Dragan Dosen <bane@idolnet.org>
 bysin, Ben Kittridge <bkittridge@cfl.rr.com>
 cosine, Patrick Alken <wnder@uwns.underworld.net>
 David-T, David Taylor <davidt@yadt.co.uk>
 fl, Lee Hardy <lee@leeh.co.uk>
 Garion, Joost Vunderink <garion@efnet.nl>
 Habeeb, David Supuran <habeeb@cfl.rr.com>
 Hwy101, W. Campbell <wcampbel@botbay.net>
 jmallett, Juli Mallett <jmallett@FreeBSD.org>
 jv, Jakub Vlasek <jv@pilsedu.cz>
 k9, Jeremy Chadwick <ircd@jdc.parodius.com>
 kre, Dinko Korunic <kreator@fly.srk.fer.hr>
 madmax, Paul Lomax <madmax@efnet.org>
 Riedel, Dennis Vink, <riedel@chaotic.nl>
 scuzzy, David Todd <scuzzy@aniverse.net>
 spookey, David Colburn <spookey@spookey.org>
 TimeMr14C, Yusuf Iskenderoglu <uhc0@stud.uni-karlsruhe.de>
 toot, Toby Verrall <to7@antipope.fsnet.co.uk>
 vx0, Mark Miller <mark@oc768.net>
 wiz, Jason Dambrosio <jason@wiz.cx>
 Xride, Søren Straarup <xride@x12.dk>
 zb^3, Alfred Perlstein <alfred@freebsd.org>
 Others are welcome. Always. And if we left anyone off the above list,
 be sure to let us know that too. Many others have contributed to
 previous versions of this ircd and its ancestors, too many to list
 here.
 Send bug fixes/complaints/rotten tomatoes to bugs@ircd-hybrid.org.
 ===============================================================================
 IRCD-RATBOX CREDITS
 ===============================================================================
 ircd-ratbox is an evolution where ircd-hybrid left off around version 7-rc1.
 Currently the ircd-ratbox team consists of the following developers:
 AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
 anfl, Lee Hardy <lee -at- leeh.co.uk>
 Special thanks for support, code and ideas to:
 Hwy, W. Campbell <wcampbel -at- botbay.net>
 jilles, Jilles Tjoelker <jilles -at- stack.nl>
 larne, Edward Brocklesby <ejb -at- sdf.lonestar.org>
 Of course our work is based on the work of many, many others over the past
 10 or so years since irc has existed, including the work done by the Hybrid
 team, our thanks goes to them.
 ===============================================================================
 CHARYBDIS CREDITS
 ===============================================================================
 Charybdis started as an evolution from ircd-ratbox. Its development
 is led by a team of dedicated developers who have put a lot of time
 into the project and it has seen use on a variety of different
 network configurations.
 The Charybdis core team, listed in nick-alphabetical order:
 amdj, Aaron Jones <aaronmdjones -at- gmail.com>
 Ariadne, Ariadne Conill <ariadne -at- dereferenced.org>
 Elizafox, Elizabeth Myers <elizabeth -at- interlinked.me>
 jilles, Jilles Tjoelker <jilles -at- stack.nl>
 mr_flea, Keith Buck <mr_flea -at- esper.net>
 The following people are also project members, listed in nick-alphabetical
 order:
 jdhore, JD Horelick <jdhore1 -at- gmail.com>
 viatsko, Valerii Iatsko <dwr -at- codingbox.io>
 The following people have made contributions to the Charybdis releases,
 in nick-alphabetical order:
 AndroSyn, Aaron Sethman <androsyn -at- ratbox.org>
 anfl, Lee Hardy <lee -at- leeh.co.uk>
 beu, Elfyn McBratney <elfyn.mcbratney -at- gmail.com>
 BlindSight, Matt Ullman <matt -at- airraidsirens.com>
 Entrope, Michael Poole <mdpoole -at- trolius.org>
 grawity, Mantas Mikulėnas <grawity -at- gmail.com>
 gxti, Michael Tharp <gxti -at- partiallystapled.com>
 mniip <mniip -at- mniip.com>
 Simon, Simon Arlott
 spb, Stephen Bennett <spb -at- attenuate.org>
 Taros, Brett Greenham <taros -at- shadowircd.net>
 ThaPrince, Jon Christopherson <jon -at- vile.com>
 twincest, River Tarnell <river -at- attenuate.org>
 w00t, Robin Burchell <surreal.w00t -at- gmail.com>
 For a list of contributors to ircd-ratbox, ircd-hybrid, and ircd2.8 (the
 predecessors to Charybdis), see the doc/credits-past.txt file in the Charybdis
 distribution.
 Visit the Charybdis website at: http://www.charybdis.io/
 Visit us on IRC at: irc.charybdis.io #charybdis
--- a/doc/features/extban.txt
+++ b/doc/features/extban.txt
@ -42,10 +42,6 @@ exists and is not +s or +p. (The ops of the channel the ban is on cannot
 necessarily see whether the user is in the target channel, so it should not
 influence whether they can join either.)
 extb_canjoin.so
 	$j:<channel>
 matches users who are or are not banned from a specified channel
 extb_oper.so
 	$o
 matches opers (most useful with +I)
@ -60,14 +56,6 @@ extb_server.so
 matches users connected to a server matching the mask (* and ? wildcards);
 this can only be used with +b and +q
 extb_extgecos.so
 	$x:<mask>
 bans all users with matching nick!user@host#gecos
 extb_ssl.so
 	$z
 matches all SSL users
 Comparisons:
 +b $~a is similar to +r but also prevents not logged in users talking or
@ -100,3 +88,5 @@ The function is called whenever a (local) client needs to be checked against
 a +bqeI entry of the given extban type, and whenever a local client tries to
 add such an entry. (Clients are allowed to add bans matching themselves.)
 -- 
 $Id: extban.txt 1639 2006-06-04 23:26:47Z jilles $
--- a/doc/features/extended-join.txt
+++ b/doc/features/extended-join.txt
--- a/doc/features/filter.txt
+++ b/doc/features/filter.txt
@ -1,59 +0,0 @@
 extensions/filter module documentation
 --------------------------------------
 The filter extension implements message content filtering using 
 solanum's hook framework and Intel's Hyperscan regular expression
 matching library.
 It requires an x86_64 processor with SSSE3 extensions.
 To operate, the filter requires a database of regular expessions
 that have been compiled using the Hyperscan library's 
 hs_compile_multi() or hs_compile_ext_multi() functions. 
 The command SETFILTER is used to manage operation of the filter and to
 load compiled Hyperscan databases.
 General documenation of SETFILTER is available using the 'HELP SETFILTER'
 command.
 For each expression in the database, the three least significant bits 
 of the expression ID are used to indicate which action the ircd should
 take in the event of a match:
 001 (1) DROP   - The message will be dropped and the client will be sent
                 an ERR_CANNOTSENDTOCHAN message.
 010 (2) KILL   - The connection from which the message was recevied will
                 be closed.
 100 (4) ALARM  - A Server Notice will be generated indicating that an
                 expression was matched. The nick, user, hostname and
                 IP address will be reported. For privacy, the expression
                 that has been matched will not be disclosed.
 Messages are passed to the filter module in a format similar to an
 IRC messages:
 0:nick!user@host#1 PRIVMSG #help :hello!
 The number at the start of the line indicates the scanning pass:
 Messages are scanned twice, once as they were received (0), and once
 with any formatting or unprintable characters stripped (1).
 By default, 'nick', 'user' and 'host' will contain *. This behaviour
 can be changed at build time if filtering on these fields is required.
 The number after the # will be 0 or 1 depending on whether the sending
 client was identified to a NickServ account.
 The process for loading filters is as follows:
 1. The Hyperscan database is serialized using hs_serialize_database().
 2. A 'SETFILTER NEW' command is sent.
 3. The serialized data is split into chunks and base64 encoded. 
   The chunk size needs to be chosen to ensure that the resuliting
   strings are short enough to fit into a 510 byte IRC line, taking 
   into account space needed for the 'SETFILTER +' command, check field, 
   server mask, and base64 overhead.
 4. The encoded chunks are sent using 'SETFILTER +' commands
 5. Once the entire database has been sent, a 'SETFILTER APPLY' command
   is sent to commit it.
--- a/doc/features/index.txt
+++ b/doc/features/index.txt
@ -1,15 +0,0 @@
 Here is an overview of the docs in the doc/features directory.
 account-notify.txt	- Description of the account-notify system
 away-notify.txt		- Description of the away-notify system
 challenge.txt		- Overview of the challenge/response system for
                          obtaining operator status
 collision_fnc.txt	- Overview of the SAVE nick collision method
 extban.txt		- Description of extended bans
 extended-join.txt	- Description of the extended-join system
 modeg.txt		- Description of UMODE +g, the caller ID system
 monitor.txt		- Description of the MONITOR system
 sasl.txt		- Description of the SASL services authentication
 			  system
 services.txt		- Overview of features added by services
 tgchange.txt		- Overview of the target change system
--- a/doc/technical/hooks.txt
+++ b/doc/technical/hooks.txt
@ -114,23 +114,6 @@ The following hooks are called during various events related to clients.
 			  oldsnomask = new snomask field
 Channel Hooks
 -------------
 "can_invite"             - Called before deciding whether to allow the
                            /invite command
                            hdata->chptr = channel being invited to
                            hdata->msptr = membership of inviter
                            hdata->client = inviter
                            hdata->target = invite target
                            hdata->approved = zero to allow
                            hdata->error = NULL, or error message
                              if non-null, `approved` is the numeric
 "invite"                 - Called just before effecting an invite on the
                            target's server
                            hdata = as above
 The following are for debugging and take struct hook_io_data for arguments. 
 These can be used for a variety of purposes, but are aimed at the developer
 community.
@ -138,3 +121,4 @@ community.
 "iorecv"
 "iorecvctrl"
 $Id: hooks.txt 3414 2007-04-15 16:54:50Z jilles $
--- a/doc/index.txt
+++ b/doc/index.txt
@ -0,0 +1,29 @@
 # $Id: index.txt 6 2005-09-10 01:02:21Z nenolod $
 Here is the overview of the documents in the doc/ directory.
 CIDR.txt		- Description of CIDR in IPv4
 Tao-of-IRC.940110       - No comment...
 challenge.txt           - Overview of the challenge/response system for
                          obtaining operator status
 ircd.conf.example       - An example ircd.conf file describing most of the
                          user settable options
 guidelines.txt		- Documentation guidelines
 hooks.txt		- Overview of the hooks available
 index.txt		- This file
 ircd.8                  - The new revised manpage, read with the following
                          commands in the prefix directory:
                          man -M . ircd
 ircd.motd               - A default ircd.motd used by make install
 logfiles.txt		- Description of formatting of some logfiles
 modeg.txt               - An in depth description of the server side silence
                          user mode (+g)
 modes.txt               - A list of all user and channel modes
 operguide.txt           - EFnet operator's guide
 opermyth.txt            - Oper myth's, describes what opers can and cannot do
 server-version-info     - Overview of the flags shown in /version
 whats-new.txt		- What new features are available
 Also in the contrib/ directory you will find:
 example_module.c - An example module, detailing what the code in a module
 		   does.  Useful for building your own modules.
--- a/doc/ircd.8
+++ b/doc/ircd.8
@ -0,0 +1,120 @@
 .\" @(#)ircd.8 2.0 22 April 2004
 .\" $Id: ircd.8 6 2005-09-10 01:02:21Z nenolod $
 .TH IRCD 8 "ircd-ratbox" 22 April 2004
 .SH NAME
 ircd \- The Internet Relay Chat Program Server 
 .SH SYNOPSIS
 .hy 0
 .IP \fBircd\fP
 [-dlinefile filename] [-configfile filename] [-klinefile filename]
 [-logfile filename] [-pidfile filename] [-resvfile filename]
 [-xlinefile filename] [-conftest] [-foreground] [-version]
 .SH DESCRIPTION
 .LP
 \fIircd\fP is the server (daemon) program for the Internet Relay Chat
 Program.  The \fIircd\fP is a server in that its function is to "serve"
 the client program \fIirc(1)\fP with messages and commands.  All commands
 and user messages are passed directly to the \fIircd\fP for processing
 and relaying to other ircd sites.
 .SH OPTIONS
 .TP
 .B \-dlinefile filename
 Specifies the D-line file to be used.  This file is used for both reading
 D-lines at startup, and writing to while \fIircd\fP is running.
 .TP
 .B \-configfile filename
 Specifies the ircd.conf file to be used for this ircdaemon. The option
 is used to override the default ircd.conf given at compile time.
 .TP
 .B \-klinefile filename
 Specifies the K-line file to be used.  This file is used for both reading
 K-lines at startup, and writing to while \fIircd\fP is running.
 .TP
 .B \-logfile filename
 Specifies an alternative logfile to be used than that specified in config.h
 .TP
 .B \-pidfile filename
 Specifies the ircd.pid used. The option is used to override the default
 ircd.pid given at compile time.
 .TP
 .B \-resvfile filename
 Specifies the resv.conf file to be used for this ircdaemon. The option
 is used to override the default resv.conf given at compile time.
 .TP
 .B \-xlinefile filename
 Specifies the xline.conf file to be used for this ircdaemon. The option
 is used to override the default xline.conf given at compile time.
 .TP
 .B \-conftest
 Makes \fIircd\fP check the ircd.conf for errors
 .TP
 .B \-foreground
 Makes \fIircd\fP run in the foreground
 .TP
 .B \-version
 Makes \fIircd\fP print its version, and exit.
 .SH USAGE
 If you plan to connect your \fIircd\fP server to an existing Irc-Network,
 you will need to alter your local IRC configuration file (typically named
 "ircd.conf") so that it will accept and make connections to other \fIircd\fP
 servers.  This file contains the hostnames, Network Addresses, and sometimes
 passwords for connections to other ircds around the world.  Because 
 description of the actual file format of the "ircd.conf" file is beyond the
 scope of this document, please refer to the file INSTALL in the IRC source
 files documentation directory.
 .LP
 .SH BOOTING THE SERVER
 The \fIircd\fP server can be started as part of the
 Unix boot procedure or just by placing the server into Unix Background.
 Keep in mind that if it is \fBnot\fP part of your Unix's boot-up procedure 
 then you will have to manually start the \fIircd\fP server each time your
 Unix is rebooted.  This means if your Unix is prone to crashing
 or going for for repairs a lot it would make sense to start the \fIircd\fP
 server as part of your UNIX bootup procedure.  
 .SH EXAMPLE
 .RS
 .nf
 tolsun% \fBbin/ircd\fP
 .fi
 .RE
 .LP
 Places \fIircd\fP into Unix background and starts up the server for use.
 Note:  You do not have to add the "&" to this command, the program will
 automatically detach itself from tty.
 .RS
 .nf
 leguin% \fBbin/ircd -foreground\fP
 .fi
 .RE
 .LP
 Runs ircd in the foreground.
 .RS
 .nf
 .SH COPYRIGHT
 (c) 1988,1989 University of Oulu, Computing Center, Finland,
 .LP
 (c) 1988,1989 Department of Information Processing Science,
 University of Oulu, Finland
 .LP
 (c) 1988,1989,1990,1991 Jarkko Oikarinen
 .LP
 (c) 1997,1998,1999,2000,2001 The IRCD-Hybrid project.
 .LP
 For full COPYRIGHT see LICENSE file with IRC package.
 .LP
 .RE
 .SH FILES
 "ircd.conf"
 .SH BUGS
 None... ;-) if somebody finds one, please inform author
 .SH AUTHOR
 irc2.8 and earlier: Jarkko Oikarinen, currently jto@tolsun.oulu.fi.
 .LP
 ircd-hybrid-7: IRCD-Hybrid Project, ircd-hybrid@the-project.org.
 .LP
 manual page written by Jeff Trim, jtrim@orion.cair.du.edu,
 later modified by jto@tolsun.oulu.fi.
 .LP
 modified for ircd-hybrid-7 by Edward Brocklesby, ejb@klamath.uucp.leguin.org.uk.
 .LP
 updated by W. Campbell, wcampbel@botbay.net
--- a/doc/ircd.conf.example
+++ b/doc/ircd.conf.example
@ -4,51 +4,54 @@
 * Copyright (C) 2002-2005 ircd-ratbox development team
 * Copyright (C) 2005-2006 charybdis development team
 *
 * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
 *
 * See reference.conf for more information.
 */
 /* Extensions */
-#loadmodule "extensions/chm_nonotice";
+#loadmodule "extensions/chm_operonly_compat.so";
-#loadmodule "extensions/chm_operpeace";
+#loadmodule "extensions/chm_quietunreg_compat.so";
-#loadmodule "extensions/createauthonly";
+#loadmodule "extensions/chm_sslonly_compat.so";
-#loadmodule "extensions/extb_account";
+#loadmodule "extensions/createauthonly.so";
-#loadmodule "extensions/extb_canjoin";
+#loadmodule "extensions/extb_account.so";
-#loadmodule "extensions/extb_channel";
+#loadmodule "extensions/extb_canjoin.so";
-#loadmodule "extensions/extb_combi";
+#loadmodule "extensions/extb_channel.so";
-#loadmodule "extensions/extb_extgecos";
+#loadmodule "extensions/extb_combi.so";
-#loadmodule "extensions/extb_hostmask";
+#loadmodule "extensions/extb_extgecos.so";
-#loadmodule "extensions/extb_oper";
+#loadmodule "extensions/extb_hostmask.so";
-#loadmodule "extensions/extb_realname";
+#loadmodule "extensions/extb_oper.so";
-#loadmodule "extensions/extb_server";
+#loadmodule "extensions/extb_realname.so";
-#loadmodule "extensions/extb_ssl";
+#loadmodule "extensions/extb_server.so";
-#loadmodule "extensions/extb_usermode";
+#loadmodule "extensions/extb_ssl.so";
-#loadmodule "extensions/hurt";
+#loadmodule "extensions/extb_usermode.so";
-#loadmodule "extensions/m_extendchans";
+#loadmodule "extensions/hurt.so";
-#loadmodule "extensions/m_findforwards";
+#loadmodule "extensions/m_findforwards.so";
-#loadmodule "extensions/m_identify";
+#loadmodule "extensions/m_identify.so";
-#loadmodule "extensions/m_locops";
+#loadmodule "extensions/no_oper_invis.so";
-#loadmodule "extensions/no_oper_invis";
+#loadmodule "extensions/sno_farconnect.so";
-#loadmodule "extensions/sno_farconnect";
+#loadmodule "extensions/sno_globalkline.so";
-#loadmodule "extensions/sno_globalnickchange";
+#loadmodule "extensions/sno_globaloper.so";
-#loadmodule "extensions/sno_globaloper";
+#loadmodule "extensions/sno_whois.so";
-#loadmodule "extensions/override";
+#loadmodule "extensions/override.so";
-#loadmodule "extensions/no_kill_services";
+#loadmodule "extensions/no_kill_services.so";
 /*
 * IP cloaking extensions: use ip_cloaking_4.0
 * if you're linking 3.2 and later, otherwise use
- * ip_cloaking, for compatibility with older 3.x
+ * ip_cloaking.so, for compatibility with older 3.x
 * releases.
 */
-#loadmodule "extensions/ip_cloaking_4.0";
+#loadmodule "extensions/ip_cloaking_4.0.so";
-#loadmodule "extensions/ip_cloaking";
+#loadmodule "extensions/ip_cloaking.so";
 serverinfo {
 	name = "hades.arpa";
 	sid = "42X";
-	description = "solanum test server";
+	description = "charybdis test server";
 	network_name = "StaticBox";
 	hub = yes;
 	/* On multi-homed hosts you may need the following. These define
 	 * the addresses we connect from to other servers. */
@ -57,20 +60,18 @@ serverinfo {
 	/* for IPv6 */
 	#vhost6 = "2001:db8:2::6";
-	/* ssl_cert: certificate (and optionally key) for our ssl server */
+	/* ssl_private_key: our ssl private key */
-	ssl_cert = "etc/ssl.pem";
+	ssl_private_key = "etc/ssl.key";
-	/* ssl_private_key: our ssl private key (if not contained in ssl_cert file) */
+	/* ssl_cert: certificate for our ssl server */
-	#ssl_private_key = "etc/ssl.key";
+	ssl_cert = "etc/ssl.pem";
 	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 2048
 	 * In general, the DH parameters size should be the same as your key's size.
 	 * However it has been reported that some clients have broken TLS implementations which may
 	 * choke on keysizes larger than 2048-bit, so we would recommend using 2048-bit DH parameters
 	 * for now if your keys are larger than 2048-bit.
-	 *
+	 */
 	 * If you do not provide parameters, some TLS backends will fail on DHE- ciphers,
 	 * and some will succeed but use weak, common DH groups! */
 	ssl_dh_params = "etc/dh.pem";
 	/* ssld_count: number of ssld processes you want to start, if you
@ -159,13 +160,7 @@ listen {
 	/* Listen on IPv6 (if you used host= above). */
 	#host = "2001:db8:2::6";
 	#port = 5000, 6665 .. 6669;
-	#sslport = 6697;
+	#sslport = 9999;
 	/* wsock: listeners defined with this option enabled will be websocket listeners,
 	 * and will not accept normal clients.
 	 */
 	wsock = yes;
 	sslport = 9999;
 };
 /* auth {}: allow users to connect to the ircd (OLD I:)
@ -200,9 +195,7 @@ auth {
 	 * encrypted                  | password is encrypted with mkpasswd
 	 * spoof_notice               | give a notice when spoofing hosts
 	 * exceed_limit (old > flag)  | allow user to exceed class user limits
-	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
+	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines&dnsbls
 	 *                            | dnsbls, and proxies
 	 * proxy_exempt               | exempt this user from proxies
 	 * dnsbl_exempt		      | exempt this user from dnsbls
 	 * spambot_exempt	      | exempt this user from spambot checks
 	 * shide_exempt		      | exempt this user from serverhiding
@ -231,8 +224,7 @@ auth {
 * means they must be defined before operator {}.
 */
 privset "local_op" {
-	privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
+	privs = oper:local_kill, oper:operwall;
 		usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
 };
 privset "server_bot" {
@ -242,14 +234,13 @@ privset "server_bot" {
 privset "global_op" {
 	extends = "local_op";
-	privs = oper:routing, oper:kline, oper:unkline, oper:xline,
+	privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
-		oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
+		oper:resv, oper:mass_notice, oper:remoteban;
 		oper:remoteban;
 };
 privset "admin" {
 	extends = "global_op";
-	privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
+	privs = oper:admin, oper:die, oper:rehash, oper:spy;
 };
 operator "god" {
@ -306,17 +297,20 @@ operator "god" {
 	privset = "admin";
 };
 /* See connecting-servers.rst for an introduction to using these files. */
 connect "irc.uplink.com" {
 	host = "203.0.113.3";
 	send_password = "password";
 	accept_password = "anotherpassword";
 	port = 6666;
 	hub_mask = "*";
 	class = "server";
-	flags = topicburst;
+	flags = compressed, topicburst;
 	#fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
 	/* If the connection is IPv6, uncomment below.
 	 * Use 0::1, not ::1, for IPv6 localhost. */
 	#aftype = ipv6;
 };
 connect "ssl.uplink.com" {
@ -324,6 +318,7 @@ connect "ssl.uplink.com" {
 	send_password = "password";
 	accept_password = "anotherpassword";
 	port = 9999;
 	hub_mask = "*";
 	class = "server";
 	flags = ssl, topicburst;
 };
@ -337,8 +332,9 @@ cluster {
 	flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
 };
-secure {
+shared {
-	ip = "127.0.0.1";
+	oper = "*@*", "*";
 	flags = all, rehash;
 };
 /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
@ -354,7 +350,6 @@ channel {
 	knock_delay = 5 minutes;
 	knock_delay_channel = 1 minute;
 	max_chans_per_user = 15;
 	max_chans_per_user_large = 60;
 	max_bans = 100;
 	max_bans_large = 500;
 	default_split_user_count = 0;
@ -369,9 +364,6 @@ channel {
 	disable_local_channels = no;
 	autochanmodes = "+nt";
 	displayed_usercount = 3;
 	strip_topic_colors = no;
 	opmod_send_statusmsg = no;
 	invite_notify_notice = yes;
 };
 serverhide {
@ -381,14 +373,15 @@ serverhide {
 	disable_hidden = no;
 };
-/* These are the DNSBL settings.
+/* These are the blacklist settings.
 * You can have multiple combinations of host and rejection reasons.
 * They are used in pairs of one host/rejection reason.
 *
- * The default settings should be adequate for most networks.
+ * These settings should be adequate for most networks, and are (presently)
 * required for use on StaticBox.
 *
- * It is not recommended to use DNSBL services designed for e-mail spam
+ * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
- * prevention, such as SPEWS for blocking IRC connections.
+ * connections.
 *
 * As of charybdis 2.2, you can do some keyword substitution on the rejection
 * reason. The available keyword substitutions are:
@ -408,13 +401,13 @@ serverhide {
 * is considered a match. If included, a comma-separated list of *quoted* 
 * strings is allowed to match queries. They may be of the format "0" to "255"
 * to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match
- * an A record. The DNSBL match is only applied if it matches anything in the
+ * an A record. The blacklist is only applied if it matches anything in the 
 * list. You may freely mix full IP's and final octets.
 *
- * Consult your DNSBL provider for the meaning of these parameters; they
+ * Consult your blacklist provider for the meaning of these parameters; they
- * are usually used to denote different block reasons.
+ * are usually used to denote different ban types.
 */
-dnsbl {
+blacklist {
 	host = "rbl.efnetrbl.org";
 	type = ipv4;
 	reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
@ -426,78 +419,6 @@ dnsbl {
 #	reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
 };
 /* These are the OPM settings.
 * This is similar to the functionality provided by BOPM. It will scan incoming
 * connections for open proxies by connecting to clients and attempting several
 * different open proxy handshakes. If they connect back to us (via a dedicated
 * listening port), and send back the data we send them, they are considered
 * an open proxy. For politeness reasons (users may be confused by the incoming
 * connection attempts if they are logging incoming connections), the user is
 * notified upon connect if they are being scanned.
 *
 * WARNING:
 * These settings are considered experimental. Only the most common proxy types
 * are checked for (Charybdis is immune from POST and GET proxies). If you are
 * not comfortable with experimental code, do not use this feature.
 */
 #opm {
 	/* IPv4 address to listen on. This must be a publicly facing IP address
 	 * to be effective.
 	 * If omitted, it defaults to serverinfo::vhost.
 	 */
 	#listen_ipv4 = "127.0.0.1";
 	/* IPv4 port to listen on.
 	 * This should not be the same as any existing listeners.
 	 */
 	#port_v4 = 32000;
 	/* IPv6 address to listen on. This must be a publicly facing IP address
 	 * to be effective.
 	 * If omitted, it defaults to serverinfo::vhost6.
 	 */
 	#listen_ipv6 = "::1";
 	/* IPv6 port to listen on.
 	 * This should not be the same as any existing listeners.
 	 */
 	#port_v6 = 32000;
 	/* You can also set the listen_port directive which will set both the
 	 * IPv4 and IPv6 ports at once.
 	 */
 	#listen_port = 32000;
 	/* This sets the timeout in seconds before ending open proxy scans.
 	 * Values less than 1 or greater than 60 are ignored.
 	 * It is advisable to keep it as short as feasible, so clients do not
 	 * get held up by excessively long scan times.
 	 */
 	#timeout = 5;
 	/* These are the ports to scan for SOCKS4 proxies on. They may overlap
 	 * with other scan types. Sensible defaults are given below.
 	 */
 	#socks4_ports = 1080, 10800, 443, 80, 8080, 8000;
 	/* These are the ports to scan for SOCKS5 proxies on. They may overlap
 	 * with other scan types. Sensible defaults are given below.
 	 */
 	#socks5_ports = 1080, 10800, 443, 80, 8080, 8000;
 	/* These are the ports to scan for HTTP connect proxies on (plaintext).
 	 * They may overlap with other scan types. Sensible defaults are given
 	 * below.
 	 */
 	#httpconnect_ports = 80, 8080, 8000;
 	/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
 	 * They may overlap with other scan types. Sensible defaults are given
 	 * below.
 	 */
 	#httpsconnect_ports = 443, 4443;
 #};
 alias "NickServ" {
 	target = "NickServ";
 };
@ -530,6 +451,14 @@ alias "MS" {
 	target = "MemoServ";
 };
 /*
 fakechannel "#honeypot" {
 	topic = "Come in";
 	users_min = 50;
 	users_max = 300;
 };
 */
 general {
 	hide_error_messages = opers;
 	hide_spoof_ips = yes;
@ -577,18 +506,9 @@ general {
 	resv_fnc = yes;
 	global_snotices = yes;
 	dline_with_reason = yes;
 	kline_delay = 0 seconds;
 	kline_with_reason = yes;
 	hide_tkdline_duration = no;
 	kline_reason = "K-Lined";
 	sasl_only_client_message = "You need to identify via SASL to use this server.";
 	identd_only_client_message = "You need to install identd to use this server.";
 	sctp_forbidden_client_message = "You are not allowed to use SCTP on this server.";
 	ssltls_only_client_message = "You need to use SSL/TLS to use this server.";
 	not_authorised_client_message = "You are not authorised to access this server.";
 	illegal_hostname_client_message = "You have an illegal character in your hostname.";
 	server_full_client_message = "Sorry, server is full - try later";
 	illegal_name_long_client_message = "Your username is invalid. Please make sure that your username contains only alphanumeric characters.";
 	illegal_name_short_client_message = "Invalid username";
 	identify_service = "NickServ@services.int";
 	identify_command = "IDENTIFY";
 	non_redundant_klines = yes;
@ -596,6 +516,7 @@ general {
 	use_propagated_bans = yes;
 	stats_e_disabled = no;
 	stats_c_oper_only=no;
 	stats_h_oper_only=no;
 	stats_y_oper_only=no;
 	stats_o_oper_only=yes;
 	stats_P_oper_only=no;
@ -607,6 +528,7 @@ general {
 	caller_id_wait = 1 minute;
 	pace_wait_simple = 1 second;
 	pace_wait = 10 seconds;
 	listfake_wait = 180 seconds;
 	short_motd = no;
 	ping_cookie = no;
 	connect_timeout = 30 seconds;
@ -615,7 +537,6 @@ general {
 	no_oper_flood = yes;
 	max_targets = 4;
 	client_flood_max_lines = 20;
 	post_registration_delay = 0 seconds;
 	use_whois_actually = no;
 	oper_only_umodes = operwall, locops, servnotice;
 	oper_umodes = locops, servnotice, operwall, wallop;
@ -629,12 +550,24 @@ general {
 	throttle_count = 4;
 	max_ratelimit_tokens = 30;
 	away_interval = 30;
-	certfp_method = spki_sha256;
+	certfp_method = sha1;
 	hide_opers_in_whois = no;
 	tls_ciphers_oper_only = no;
 };
 modules {
 	path = "modules";
 	path = "modules/autoload";
 };
 /*
 vhost "selfsigned.hades.arpa" {
 	ssl_private_key = "etc/selfssl.key";
 	ssl_cert = "etc/selfssl.pem";
 };
 vhost "oldca.hades.arpa" {
 	ssl_private_key = "etc/oldssl.key";
 	ssl_cert = "etc/oldssl2.pem";
  ssl_dh_params = "etc/olddh.pem";
  ssl_cipher_list = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL";;
 };
 */
--- a/doc/ircd.motd
+++ b/doc/ircd.motd
@ -1,2 +1,2 @@
-This is solanum MOTD you might replace it, but if not your friends will
+This is charybdis MOTD you might replace it, but if not your friends will
 laugh at you.
--- a/doc/logfiles.txt
+++ b/doc/logfiles.txt
@ -1,4 +1,5 @@
-Charybdis logfiles - Lee H <lee -at- leeh.co.uk>
+ircd-ratbox logfiles - Lee H <lee -at- leeh.co.uk>
 $Id: logfiles.txt 6 2005-09-10 01:02:21Z nenolod $
 ---------------------------
 fname_killlog
--- a/doc/features/modeg.txt
+++ b/doc/features/modeg.txt
@ -78,7 +78,7 @@ Note that some clients may have to use /quote ACCEPT instead of /accept.
 --
 Client Hwy101:  /msg Hwy-LL hi
-Hwy101 will see:  -!- Hwy-LL is in +g mode and must manually allow you to message them.
+Hwy101 will see:  -!- Hwy-LL is in +g mode (server-side ignore.)
                  -!- Hwy-LL has been informed that you messaged them.
 Hwy-LL will see:  -!- Hwy101 wcampbel@admin.irc.monkie.org is messaging you, and you have umode +g.
@ -86,7 +86,7 @@ Hwy-LL will see:  -!- Hwy101 wcampbel@admin.irc.monkie.org is messaging you, and
 --
 If Hwy101 sends another message to Hwy-LL (before the minute expires), he will
-see:  -!- Hwy-LL is in +g mode and must manually allow you to message them.
+see:  -!- Hwy-LL is in +g mode (server-side ignore.)
 and will not receive the second notice
 Hwy-LL will NOT see any notice. This also applies if the second message comes
@ -189,7 +189,7 @@ their accept list.
 716 - ERR_TARGUMODEG
 --------------------
-:<server> 716 <nick> <target> :is in +g mode and must manually allow you to message them.
+:<server> 716 <nick> <target> :is in +g mode (server-side ignore.)
 This numeric is used to indicate that a message (PRIVMSG) the client sent
 could not be delivered because of CallerID restrictions. The <target>
@ -215,3 +215,4 @@ which is ambiguous if the user may contain a [ and in the author's opinion ugly.
 --
 W. Campbell
 updated by J. Tjoelker
 $Id: modeg.txt 3556 2007-08-18 14:45:10Z jilles $
--- a/doc/modes.txt
+++ b/doc/modes.txt
@ -4,6 +4,7 @@ Standard channel modes are listed in help/opers/cmode
 The sgml docs have more detailed descriptions.
-User mode +x (hide hostname) is provided by contrib/ip_cloaking.so
+User mode +h (hide hostname) is provided by contrib/ip_cloaking.so
 Server notice mask +F (far connects) is provided by contrib/sno_farconnect.so
-Information on the caller ID system can be found in doc/features/modeg.txt
+
 # $Id: modes.txt 996 2006-03-09 01:14:34Z jilles $
--- a/doc/features/monitor.txt
+++ b/doc/features/monitor.txt
@ -1,5 +1,6 @@
 MONITOR - Protocol for notification of when clients become online/offline
             Lee Hardy <lee -at- leeh.co.uk>
 $Id: monitor.txt 3520 2007-06-30 22:15:35Z jilles $
 -------------------------------------------------------------------------
 Currently, ISON requests by clients use a large amount of bandwidth.  It is
--- a/doc/old/Authors
+++ b/doc/old/Authors
@ -0,0 +1,137 @@
 /************************************************************************
 *   IRC - Internet Relay Chat, doc/AUTHORS
 *   Copyright (C) 1990
 *
 * AUTHORS FILE:
 *   This file attempts to remember all contributors to the IRC
 *   developement. Names can be only added this file, no name
 *   should never be removed. This file must be included into all
 *   distributions of IRC and derived works.
 *
 *   This program is free software; you can redistribute it and/or modify
 *   it under the terms of the GNU General Public License as published by
 *   the Free Software Foundation; either version 1, or (at your option)
 *   any later version.
 *
 *   This program is distributed in the hope that it will be useful,
 *   but WITHOUT ANY WARRANTY; without even the implied warranty of
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *   GNU General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, write to the Free Software
 *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 IRC was conceived of and written by Jarkko Oikarinen <jto@tolsun.oulu.fi>.
 IRC was originally written in University of Oulu, Computing Center.
 Jan 1991 - IRC 2.6  jto@tolsun.oulu.fi
 	- Multiple Channels and protocol changes
 Contributions were made by a cast of dozens, including the following:
 Markku Jarvinen <mta@tut.fi>: Emacs-like editing facility for the client
 Kimmo Suominen <kim@kannel.lut.fi>: HP-UX port
 Jeff Trim <jtrim@orion.cair.du.edu>: enhancements and advice
 Vijay Subramaniam <vijay@lll-winken.llnl.gov>: advice and ruthless publicity
 Karl Kleinpaste <karl@cis.ohio-state.edu>: user's manual
 Greg Lindahl <gl8f@virginia.edu>: AUTOMATON code, the Wumpus GM automaton,
 myriad bug fixes
 Bill Wisner <wisner@hayes.fai.alaska.edu>: numerous bug fixes and code
 enhancements
 Tom Davis <conslt16@zeus.unl.edu> and Tim Russell <russell@zeus.unl.edu>:
 VMS modifications
 Markku Savela <msa@tel4.tel.vtt.fi>: advice, support, and being the
 incentive to do some of our *own* coding. :)
 Tom Hopkins <hoppie@buengf.bu.edu>: bug fixes, quarantine lines,
 consolidation of various patches.
 Christopher Davis <ckd@cs.bu.edu>: EFnet/Anet gateway coding,
 many automata ;), documentation fixing.
 Helen Rose <hrose@cs.bu.edu>: documentation updating, and fixing.
 Tom Hinds <rocker@bucsf.bu.edu>: emacs client updating.
 Tim Miller <cerebus@bu-pub.bu.edu>: various server and client-breaking
 features.
 Darren Reed <avalon@coombs.anu.edu.au>: various bug fixes and enhancements.
 Introduced nickname and channelname hash tables into the server.
 The version 2.2 release was coordinated by Mike Bolotski
 <mikeb@salmon.ee.ubc.ca>.
 The version 2.4 release was coordinated by Markku Savela and
 Chelsea Ashley Dyerman
 The version 2.5.2 release was coordinated by Christopher Davis, Helen Rose,
 and Tom Hopkins.
 The versions 2.6.2, 2.7 and 2.8 releases were coordinated by Darren Reed.
 Contributions for the 2.8 release from the following people:
 Matthew Green <phone@coombs.anu.edu.au>
 Chuck Kane <ckane@ece.uiuc.edu>
 Matt Lyle <matt@oc.com>
 Vesa Ruokonen <ruokonen@lut.fi>
 Markku Savela <Markku.Savela@vtt.fi> / April 1990
 Fixed various bugs in 2.2PL1 release server (2.2msa.4) and changed
 sockets to use non-blocking mode (2.2msa.9). [I have absolutely
 nothing to do with clients :-]
 Chelsea Ashley Dyerman <chelsea@earth.cchem.berkeley.edu> / April 1990
 Rewrote the Makefiles, restructuring of source tree. Added libIrcd.a to
 the Makefile macros, numerous reformatting of server text messages, and
 added mkversion.sh to keep track of compilation statistics. Numerous
 bug fixes and enhancements, and co-coordinator of the 2.4 release.
 jarlek@ifi.uio.no added mail functions to irc.
 Armin Gruner <gruner@informatik.tu-muenchen.de> / May, June 1990:
 * Patched KILL-line feature for ircd.conf, works now.
  Enhancement:  Time intervals can be specified in passwd-field.
  Result: KILL-Line is only active during these intervals
 * Patched PRIVMSG handling, now OPER can specify masks for sending
  private messages, advantage: msg to all at a specified server or host.
 * Little tests on irc 2.5 alpha, fixed some little typos in client code.
  Change: common/debug.c has been moved to ircd/s_debug.c, and a
  irc/c_debug.c has been created, for the benefit that wrong server msg
  are displayed if client does not recognize them. (strange, if a server
  sends an 'unknown command', isn't it?)
 Tom Hopkins <hoppie@buengf.bu.edu> / September, October 1990:
 * Patched msa's K lines for servers (Q lines).
 * Consolidated several patches, including Stealth's logging patch. 
 * Fixed several minor bugs. 
 * Has done lots of other stuff that I can't seem to remember, but he
  always works on code, so he has to have done alot more than three
  lines worth. :) 
 Thanks go to those persons not mentioned here who have added their advice,
 opinions, and code to IRC.
 Various modifications, bugreports, cleanups and testing by:
 Hugo Calendar <hugo@ucscb.ucsc.edu>
 Bo Adler <adler@csvax.cs.caltech.edu>
 Michael Sandrof <ms5n+@andrew.cmu.edu>
 Jon Solomon <jsol@cs.bu.edu>
 Jan Peterson <jlp@hamblin.math.byu.edu>
 Nathan Glasser <nathan@brokaw.lcs.mit.edu>
 Helen Rose <hrose@eff.org>
 Mike Pelletier <stealth@caen.engin.umich.edu>
 Basalat Ali Raja <gwydion@tavi.rice.edu>
 Eric P. Scott <eps@toaster.sfsu.edu>
 Dan Goodwin <fornax@wpi.wpi.edu>
 Noah Friedman <friedman@ai.mit.edu>
--- a/doc/oper-guide/config.rst
+++ b/doc/oper-guide/config.rst
@ -87,12 +87,12 @@ hub
    serving as a hub, i.e. have multiple servers connected to it.
 vhost
-    An optional text field which defines an IPv4 address from which
+    An optional text field which defines an IP from which to connect
-    to connect outward to other IRC servers.
+    outward to other IRC servers.
 vhost6
-    An optional text field which defines an IPv6 address from which
+    An optional text field which defines an IPv6 IP from which to
-    to connect outward to other IRC servers.
+    connect outward to other IRC servers.
 admin {} block
 --------------
@ -255,9 +255,6 @@ flags
 class
    A name of a class to put users matching this auth{} block into.
 umodes
    Additional umodes to apply to the default_umodes upon connect.
 auth {} flags
 ~~~~~~~~~~~~~
@ -449,6 +446,10 @@ host
              ``A`` or ``AAAA`` record (no ``CNAME``) and it must be
              the primary hostname for inbound connections to work.
          IPv6 addresses must be in ``::`` shortened form; addresses which
          then start with a colon must be prepended with a zero, for
          example ``0::1``.
 send\_password
    The password to send to the other server.
@ -477,8 +478,7 @@ flags
 aftype
    The protocol that should be used to connect with, either ipv4 or
-    ipv6. This defaults to neither, allowing connection using either
+    ipv6. This defaults to ipv4 unless host is a numeric IPv6 address.
    address family.
 **connect {} flags**
--- a/doc/operguide.txt
+++ b/doc/operguide.txt
@ -0,0 +1,368 @@
 EFnet Oper Guide
 Last update: 02-21-2002
 Written and maintained by Riedel
 E-Mail: dennisv@vuurwerk.nl
 1.  Commands you should know about
 2.  The client of your choice
 3.  Your primary responsibilities
 4.  Re-routing
 4.1 Re-routing other servers and remote connects
 5.  Kills and klines
 6.  Kill and K-Line requests
 7.  Happy birthday!
 8.  Security
 9.  Know who your friends are
 10.  The TCM bot
 11.  Services 
 12.  G-Lines
 1. Commands you should know about
  This is no longer covered here. IRCD-hybrid is changing too rapidly, so
  this section would be outdated in no time ;) For an up-to-date version,
  please download the latest hybrid at www.ircd-hybrid.org.
 2. The client of your choice
  There are many IRC clients around for a wide variety of operating systems.
  Being an IRC Operator doesn't *require* you to use a UNIX client, however
  I personally prefer UNIX-based clients. If you're familiar with UNIX and
  use UNIX for opering, I suggest ircII / epic. There are a lot of scripts
  available for those two clients, and it's not that hard to write scripts
  yourself to suite your needs. It is important that you know how to operate
  your client, and familiarize yourself with the options and features. For
  whatever client you chose this goes for any of them: You should be in
  control of your client, instead of the client being in control of you.
 Resources :
  www.mirc.co.uk	- mIRC (MS-Windows)
  www.irchelp.org	- a variety of clients and scripts
  ftp.blackened.com	- several UNIX based clients available
 3. Your primary responsibilities
  As an IRC Operator, you're responsible for maintaining the server on a
  real-time basis. You represent your server, and you represent the network.
  Irresponsible / rude / offensive / stupid behavior may discredit your server
  and the network. You should focus on the task you were chosen for...
  maintainance.  Sounds simple, no? It means getting rid of users that abuse
  the service, enforcing the server's policy and keeping the server linked.
  Users will ask you questions, and expect you to know all the answers.. after
  all, you're the oper!
  Be prepared for users trying to fool you, sweet talk you into things you
  don't want, lie and deceive. Most users are handling in good faith...
  however, the abusers have learned how to manipulate opers. They have studied
  the alien creature 'oper' for ages like biologists study animals. Be
  paranoid, be curious and be suspicious. I can't stress the importancy of that
  often enough.
  Second priority has the network. You were not chosen to maintain the network
  but you were chosen to maintain the server. However, you may want to be able
  to reroute servers. If you see something broken, don't be afraid to fix it.
  If you do, be sure you fix things and don't make it worse. Before you
  step into routing, be sure you've familiarized yourself with the network's
  topology, and be confident enough to perform such actions. (re)routing is
  covered in the next chapter.
  Opers on the network depend on a trusting relationship. You can usually take
  the word from an oper. Other opers are considered -trusted-, however, there
  are exceptions. Sometimes even opers lie to opers to get things done. Don't
  be afraid to ask for proof of a certain statement, such as logs.
  This doesn't mean you distrust the oper in question, but -you- and you alone
  are responsible for your actions. You call the shots on your server, unless
  your admin says otherwise.
 4. Re-routing
  Re-routing is not hard, and it's not scary but it is important that you do it
  right. The commands you'll use are SQUIT and CONNECT. First, a very simple
  example. Let's say your server, irc.yourserver.com is lagged to it's uplink,
  irc.uplink.com and you want to reroute your server. You have to think about
  where you want your server to be linked, and you have to time your reroute.
  An example topology :
 irc.yourserver.com ---- irc.uplink.com
                        |      |      \
                        B      C      D
                       / \
                      E   F
                         / \
                        G   H --- O
                      / | \ | \
                     I  J K L  M
                                \
                                 N
  In this case, you're uplinked by irc.uplink.com
  irc.uplink.com also hubs B, C and D. Server B functions as hub for E and F;
  F hubs G and H; H hubs L, M and O. G hubs I, J and K. M hubs N.
  Your server is allowed to connect to server B, F and G. So you consider the
  servers you're able to connect to. Is the lag caused by a server that uplinks
  irc.uplink.com ? Use /stats ? irc.uplink.com to determine lag to the other
  servers. If irc.uplink.com does not respond, the lag is to your uplink. If
  so, you cannot be sure about the state of the other uplinks, so you'd have to
  get on a remote server and determine lag by using /stats ? and /trace. For
  example, you could connect to server N, and /trace yournick. Yournick, being
  the nick on your server. You'll see which route it takes, and what the
  problem server is. Example /trace output :
 S:[SERVER-N       ] V:[2.8/hybrid] U:[SERVER-M            ]
 S:[SERVER-M       ] V:[2.8/hybrid] U:[SERVER-H            ]
 S:[SERVER-H       ] V:[2.8/hybrid] U:[SERVER-F            ]
 S:[SERVER-F       ] V:[2.8/hybrid] U:[SERVER-B            ]
 S:[SERVER-B       ] V:[2.8/hybrid] U:[irc.uplink.com      ]
 S:[irc.uplink.com ] V:[2.8/hybrid] U:[irc.yourserver.com  ]
  The trace doesn't complete... server-b announces irc.uplink.com, and
  irc.uplink.com announces your server. Your server should return something
  like :
 S:[irc.yourserver.] OPER [yournick!user@yourhost]
  If it doesn't, we know the lag is only between yourserver and uplink.
  Usually if there is lag between your server and your uplink, the send-queue
  rises. This is not always the case. Sometimes your server can write perfectly
  to your uplink, but not reverse. That is called one sided lag.
  We pick server B to link to. It means we have to SQUIT and CONNECT.
  To unlink from irc.uplink.com and connect to SERVER_B we'd type:
  /quote SQUIT irc.uplink.com :reroute
  /connect SERVER_B
  we *DON'T* SQUIT irc.yourserver.com... and I'll try to explain why:
  If we wanted to remove hub M from the network, and with it N, we'd issue
  a SQUIT M. An SQUIT follows a path, relays the SQUIT request to each server
  in that path. Finally it reaches server H, which is the hub for M. Server H
  sees the SQUIT and drops the link to M.
  Now a different situation, we want to separate yourserver, uplink, C and D
  from the rest of the network, in order to reroute. We'd have to SQUIT server
  B, since we want the -uplink- of server B (being irc.uplink.com) to drop the
  link to server B.
  If you'd SQUIT irc.yourserver.com, you ask yourserver.com to drop the link to
  itself, which is impossible. If you SQUIT irc.uplink.com, you ask yourserver
  to drop the link to uplink, which is what we want to do.
  After the SQUIT and CONNECT, the new situation looks like this :
                        irc.uplink.com
                        |      |      \
  irc.yourserver.com -- B      C      D
                       / \
                      E   F
                         / \
                        G   H --- O
                      / | \ | \
                     I  J K L  M
                                \
                                 N
  If yourserver is a Hub, it makes the situation more complex, since your
  actions have more impact.
 4.1 - Re-routing other servers and remote connects
 Example topology :
                        irc.uplink.com
                        |      |      \
  irc.yourserver.com -- B      C      D
                       / \
                      E   F
                         / \
                        G   H --- O
                      / | \ | \
                     I  J K L  M
                                \
                                 N
  Let's say, hub H is way lagged to F, but G to F is fine... we want to reroute
  H, and stick H to G.
  We'd do :
  /quote SQUIT serverh :re-routing you babe
  /connect serverh 6667 serverg
  A global wallops will be sent :
  !serverg! Remote CONNECT serverh 6667 from ItsMe
  When re-routing, always give the server some time to prevent nick collides.
  When there is lag, people will connect to another server. When you SQUIT and
  CONNECT to fast, a lot of those clients will be collided. Also, stick to your
  territory. How enthusiastic you may be, you cannot route the world. If you're
  an oper on the US side, stick to the US side when re-routing. Needless to
  say, if you're EU, keep it to EU ;)
 5. Kills and klines
  As an oper, you're given the incredible power *cough* of KILL and KLINE.
  /kill nick reason  disconnects a client from IRC with the specified reason.
  A /quote kline *evil@*.dude.org :reason here  bans the user from your server.
  Abusive kills and klines may draw attacks to your server, so always consider
  if a kline or kill is deserved. If the server gets attacked after a valid
  kill or kline, well.. tough luck. You should never be 'afraid' to kline
  anyone on your server. If it's a good reason, make it so. Even if you know
  it may cause the server to be attacked. Maybe good to think about is this:
  - if /ignore solves the problem rather than a kick, /ignore
  - kick if a ban is unneeded
  - ban if a /kill is unwarranted for
  - kill rather than kline if that solves the problem
  - kline when a server ban is really needed.
  You kline a user when you absolutely don't want this user to use the service
  your server is providing.
  Crosskills (killing users on another server) are another issue. Some admins
  don't care if users get /kill'ed off their server, for any reason or no
  reason at all... and other admins are very anal about it. A good way to go
  (IMO) is to issue a KILL if there is an absolute need for the target user to
  be disconnected. If there are active opers on that server, let them handle
  it.  They'll be upset if you /kill a user off their server, without
  contacting them.  /stats p irc.server.here shows the active opers on a
  particular server. Some opers have multiple o-lines and are not watching all
  sessions. If you can't find an active oper on a server, you can 
  /quote operwall a request for opers from that server.
  Ghost KILLs are another story, an often misunderstood one.
  When you see a /KILL from an oper with the reason 'ghosted' they usually
  KILL a client that's about to ping timeout. That is not what a ghost is!
  To quote Dianora: "a ghost happens because a client misses being killed when
  it should be. Its a race condition due to nick chasing". In other words,
  Server X thinks client A has been KILLed, while server Y missed the KILL
  for that client.
 6. Kill and K-Line requests
  As previously mentioned, if an oper from another server contacts you and
  requests a kill or a kline for a local client with a good reason, you can
  usually trust this request. Opers depend on a trusting relationship. However,
  since you're responsible for the kill or kline, it is not rude to ask for
  proof. It depends on the oper making the request how thats interpreted, but
  the way they respond to asking for proof tells more about them than about
  you.
  The more and longer you oper, how better you get to know the other opers.
  You know who is honest, you'll know who are lying and deceiving. Before
  you acquire this knowledge, you can merely rely on common sense and
  instincts.  You'll probably make mistakes occasionally, and thats nothing to
  be ashamed of.  Opers are - despite contrary believes - human.
  Users occasionally will ask you to kill or kline a user/bot too. Some
  requests are straight-forward and clear, others require you to be cautious. I
  recommend to always investigate such requests, and when you're confident the
  request is valid, issue the kill or kline.
 7. Happy birthday!
  It is a custom on EFnet to birthday /kill opers of whom it is his/her
  birthday.  Not all opers like this, but typically those opers don't let
  others know about their birthday. You'll notice that the KILLS say a lot
  about who likes who and who is friends with who.  Whether you want to
  participate, is entirely up to you.
 8. Security
  As with any privilege, you have to handle it cautiously and responsibly.
  Be sure that your o/O line doesn't get compromised! Oper only from secure
  hosts. You and only you should know your password. Don't share your oper
  account, and make your oper password a UNIQUE one. If your o/O line gets
  compromised, nasty things may/will happen. Imagine an oper with crosskill
  capabilities who's operline gets 'hacked'... the results are often
  disastrous and you will lose respect and trust from others. It can cause
  your oper privileges to be revoked, or even the server to be (temporarily)
  delinked.
 9. Know who your friends are
  As an oper you will get a lot of users that want to be 'friends' with you.
  Users offer you free* access to their *nix servers, ops in channels,
  unlimited leech access to the biggest and fastest warez sites *gasp* and
  more. They want favors in return. They say they don't but they truly want
  something in return. They -expect- something in return. You could either
  don't respond to such offers, or use them. The last option creates an even
  more distorted image of opers and doesn't do any good for the user <-> oper
  relationship.  Your *real* friends are usually the persons who were your
  friends _before_ you acquired the extra privileges.
 10. The TCM Bot
  A TCM bot can be a valuable tool for opers. It keeps record of all connected
  clients, flags clients with multiple connections and has all sorts of other
  useful commands. There are three different kind of TCM's in use on EFnet,
  being OOMon, TCM-Dianora and TCM-Hybrid. Every one of them requires you to
  log in to be able to access the privileged commands. On OOMon you DCC chat
  the TCM bot and do '.auth yournick yourpass' where yournick is your oper
  name in your o/O line. In TCM-Dianora and TCM-Hybrid you register with:
  '.register yourpass', where yourpass is your password ;)
  All TCM commands start with a period. If you forget the period, the text goes
  into the 'partyline', where it is echoed to all connected opers.
  Resources :	http://toast.blackened.com/oomon/help
 		http://www.db.net/~db/tcm.html
 11. Services
  A recent addition to EFNet is Channel Fixer, aka ChanFix. This is an
  automated service that re-ops clients on opless channels. There are a few
  restrictions.  First, the channel has to be of significant size for ChanFix
  to store it in its database. Second, it only logs static addresses.
  How does it work? Periodically it stores information about the channel state
  in its database, for every channel in there. On every 'run', a channel
  operator gets one point. These scores make a top-5 of 'most frequent opped
  clients'.  When a channel becomes opless, ChanFix will join and op the top-5
  opped clients CURRENTLY IN THE CHANNEL.
  Chanfix can be invoked manually by server administrators. /msg ChanFix
  chanfix #channel is the command to do it. ChanFix will join, and treat the
  channel as if it were opless. It lowers TS by one (resulting in a deop of
  the entire channel) and re-ops the top-5 clients currently in the channel.
  The Channel Fixer won't log or actively fix channels when there's a split of
  significant size.  Needless to say, the chanfix command must be used with
  caution.
 12. G-Lines
  Oh yes! A G-Line section. Currently, a part of EFNet (EU-EFnet) has G-Lines
  enabled. This was decided by the EU admin community and is now mandatory
  within EU-EFnet. In order for a G-Line to be activated, three opers from
  three different servers need to issue the _exact_ same G-Line. The reason
  is not counted.
  G-Lines work best when the EU side of EFNet is not fragmented. G-Lines
  will, however, propogate through a Hybrid 6 hub (but not a CSr hub) even
  if the hub server has G-Lines disabled. This propogation allows two halves
  of EU-EFnet to have concurrent G-Lines set even when split by US hub servers.
  Questions / Comments / Suggestions are welcome.
  You can e-mail me: dennisv@vuurwerk.nl
 Best regards,
 --
 Dennis "Riedel" Vink       ___~___  Email - dennisv@vuurwerk.nl
 Unix System Administrator  \  |  /  Phone - +31 23 5111111
 Vuurwerk Internet           '|.|'   PGP   - 0xD68A7AAB
 And on the seventh day, He exited from append mode.
 # $Id: operguide.txt 6 2005-09-10 01:02:21Z nenolod $
--- a/doc/opermyth.txt
+++ b/doc/opermyth.txt
@ -0,0 +1,137 @@
 Date: Thu, 30 Jul 1998 16:21:40-0700 (MST)
 To: operlist@the-project.org
 From: rayp@primenet.com (Ray Powers)
 Subject: The myths of opers....
 I've always wanted to write something like this.. Its half rant, half
 fact, so bear with it. Hopefully it will be worth reading.
 There's a lot of hate for opers for a lot of reasons. Some are directly
 oper related (i.e. 99% of us are colossal assholes), some are directly
 user related (i.e. 99% of you are raving lunatics), and some is just plain
 misconceptions. I'd like to take a minute to talk about part three in
 hopes of clearing a few things up. This will kind of be in a FAQ form,
 maybe you'll like it,  maybe not, but its worth a shot.
 Q: What can an oper on EFnet do.
 A: This is an EXACT list of what we can do:
        1) /squit a server, separating it from the rest of the net
        2) /die our server
        3) /kill a user, this disconnects them from the server they are on
        4) /kline a hostmask, this bans them from our server
        5) /dline an ip, this bans them from our server, regardless of 
           hostmask
        6) See all invisible users on our server
        7) Mass Msg/CTCP/notice a hostmask
        8) Mass Msg/CTCP/notice a server
        9) See and send Operwall/wallops notices
 That's it. We can see more server messages than you, but that's not the
 point.. The point to be shown here is very simple, *none* of these things
 have anything to do with channels. Which leads us to our next question.
 Q: What can opers *NOT* do, but keep being asked to anyways?
 A: We can *NOT*:
        1) Enter a channel that is +i or +k without being invited or 
           having the key
        2) See who is inside a +s channel  
        3) Op ourselves or op you on a channel (unless of course we are a 
           channel op for that channel)
        4) Tell you what XXXX's new nick is since they changed it to hide 
           from you.
        5) Deop someone for you on a channel (unless of course we are a 
           channel op for that channel)
 Notice a trend, with the exception of 4, all of these are 100% channel
 related. EFnet is made so that opers have *NO* power of channels, for
 better or worse. If we don't help you with these requests, its not because
 we won't, its because we are completely incapable doing so. On the other
 hand....
 Q: What can opers do, but won't?
 A: This will be a bit differently done, because I figure I should explain 
   why opers don't do these things, when they may normally make sense.
        1) Why won't they kill somebody who has stolen your nick.
              EFnet has gone on the basis of nicks not being owned, which is 
           why there is no nickserv on EFnet.  Of course we see opers kill 
           all the time for nicks, though, so it seems rather hypocrital, 
           doesn't it?  
              An oper who kills for his nick will tell you its because the 
           other person was a bot, was juping his nick, or was imitating an 
           oper.  It may be true, but it really comes down to the same 
           feeling you get when your nick is taken "Hey! that's my name! I 
           don't want that person using my name!" 
              I personally, do not kill for nicks. If someone takes my nick, 
           they can have it. Let them get my several hundred messages a day. 
           :P  But the problem with the oper is this: How does an oper know 
           that you are really the person that uses that nick, or are you 
           the guy that wants to nick jupe that nick out from the real guy? 
           Unless the oper knows you well, they don't.. And saying that 
           people generally tell the truth means you haven't been on EFnet 
           very long. 
              I would prefer to think I am one of the more well respected 
           people on the net and people still lie to me on a regular basis. 
           So, the oper is stuck refusing to help because he can't tell who 
           is who. Remember this line of reasoning, its going to be coming 
           up a lot. :P
        2) Why won't they kill that guy nuking/smurfing/ping -f'ing me?
              This one is simple.  There is no way to prove that somebody is 
           doing any of these things to you from an opers point of view. All 
           logs are fakeable, and the oper has no way to firsthand prove its 
           happening. Your best bet in this situation is to log what you can 
           and complain loud and long to their ISPs.
        3) Why won't they help me take my channel back?
              There's a bunch of answers to this. First, it is popular 
           opinion at EFnet that channels are not owned, and therefore, if 
           you lose a channel, you should go make another one.  Notice I 
           say popular instead of official, because EFnet has never had an 
           "official" policy on much of anything. 
              But more and more you see opers killing for takeovers, so why 
           are they helping their channels and not yours.  
              Well, first, let's say your channel was taken over, and is now 
           +smtinlk. How exactly is the oper supposed to find out who is 
           oped in the channel right now to mass kill them? Even if they do get 
           all the nicks, they have to somehow manage to kill them all in 
           one hit, or they'll all just op each other again and it will be 
           fruitless. Or worse, they could have it all set up, and some 
           other oper could kill them halfway through because they don't 
           like mass-kills and it would be all ruined. 
              Or, let's say the mass-kill goes off, then the channel is 
           opless and generally speaking, chaos begins. People start 
           mass-nuking or flooding the channel to clear it out, or just to 
           be annoying. And there's still a 50/50 chance that takeover
           people will get the channel back on a split and we'll have to try 
           to do it all over again.  
              If you're about to ask why they don't split their server,
           the answer is very simple: We are not about to screw up roughly 
           30,000 peoples chatting for your channel. Its rude. This of 
           course is all based on the fact that we can prove its taken over, 
           as per the conversation about nicks, we often can't.
        4) But.. its obvious they took it from me! The topic says 
           "Ha ha, we took your channel Rick!" for Pete's sake! And 
           there's only One op, so you can kill him and get the channel 
           back immediately!
              This one is a bit more complex, but its really a personal 
           call. That one op could be a rampant smurfpup with a penis so 
           tiny he has no choice but to rampantly smurf and synflood anyone 
           that gets in his way.  This is popularly known on irc as SPS, or 
           Small Penis Syndrome.  In this case, if the oper does help you 
           out, they could end up with their server being downed for a day 
           or two, and it really isn't worth it for your channel, no 
           offense.
 Keep in mind that this is all spoken from the perspective of someone who
 *DOES* help with channels when possible, but understands greatly the
 reasons not to, and judges each situation very carefully.
 That's the gist of the information I was trying to get across.  If you
 were cluefull enough to get on operlist, a lot of this may be common
 knowledge to you, but sometimes its good to step back and see why opers do
 what they do a lot of the time. 
 Hoping this is of value to SOMEONE....
 Ray Powers
 Monkster/MimePunk/PrimeMonk/PacMonk/MtgMonk/Ihavefartoomanynickstonickjupe
--- a/doc/readme.txt
+++ b/doc/readme.txt
@ -1,23 +0,0 @@
 Here is the overview of the documents in the doc/ directory.
 Subdirectories:
 features/               - Documents about features and standards
 technical/              - Technical documents about ircd internals and
                          protocol information
 sgml/                   - SGML documentation
 Files:
 ircd.conf.example       - An example ircd.conf file describing most of the
                          user settable options
 ircd.motd               - A default ircd.motd used by make install
 reference.conf          - A complete example showing all possible config
                          options
 credits-past.txt        - Credits for the predecessors to Charybdis
 logfiles.txt            - Description of formatting of some logfiles
 server-version-info.txt - Overview of the flags shown in /version
 Also in the contrib/ directory you will find:
 example_module.c - An example module, detailing what the code in a module
 		   does.  Useful for building your own modules.
--- a/doc/reference.conf
+++ b/doc/reference.conf
@ -1,4 +1,4 @@
-/* doc/reference.conf - solanum example configuration file
+/* doc/reference.conf - charybdis Example configuration file
 *
 * Copyright (C) 2000-2002 Hybrid Development Team
 * Copyright (C) 2002-2005 ircd-ratbox development team
@ -6,6 +6,7 @@
 *
 * Written by ejb, wcampbel, db, leeh and others
 *
 * $Id: reference.conf 3582 2007-11-17 21:55:48Z jilles $
 */
 /* IMPORTANT NOTES:
@ -26,10 +27,6 @@
 *        .include "filename"
 *        .include <filename>
 *
 * Flags variables are comma-separated sets of predefined values,
 * specific to each block. For example in operator {} blocks:
 *        flags = encrypted, encrypted;
 *
 * Times/durations are written as:
 *        12 hours 30 minutes 1 second
 *        
@ -47,71 +44,67 @@
 * Charybdis contains several extensions that are not enabled by default.
 * To use them, uncomment the lines below.
 *
- * Channel mode +-A (admin only)                     -- chm_adminonly
+ * Channel mode +-A (admin only)                     -- chm_adminonly.so
- * Channel mode +-T (blocks notices)                 -- chm_nonotice
+ * Channel mode +-O (oper only)                      -- chm_operonly.so
- * Channel mode +-O (oper only)                      -- chm_operonly
+ * Channel mode +-S (ssl only)                       -- chm_sslonly.so
- * Channel mode +-S (ssl only)                       -- chm_sslonly
+ * Emulates channel mode +-O (oper only) (+-iI $o)   -- chm_operonly_compat.so
- * Channel mode +-M (disallow KICK on IRC ops)       -- chm_operpeace
+ * Emulates channel mode +-R (quiet unreg) (+-q $~a) -- chm_quietunreg_compat.so
- * Restrict channel creation to logged in users      -- createauthonly
+ * Emulates channel mode +-S (ssl only) (+-b $~z)    -- chm_sslonly_compat.so
- * Account bans (+b $a[:mask])                       -- extb_account
+ * Restrict channel creation to logged in users      -- createauthonly.so
- * Banned from another channel (+b $j:mask)          -- extb_canjoin
+ * Account bans (+b $a[:mask])                       -- extb_account.so
- * Other-channel bans (+b $c:mask)                   -- extb_channel
+ * Banned from another channel (+b $j:mask)          -- extb_canjoin.so
- * Combination extbans                               -- extb_combi
+ * Other-channel bans (+b $c:mask)                   -- extb_channel.so
- * Extended ban (+b $x:mask)                         -- extb_extgecos
+ * Combination extbans                               -- extb_combi.so
- * Hostmask bans (for combination extbans)           -- extb_hostmask
+ * Extended ban (+b $x:mask)                         -- extb_extgecos.so
- * Oper bans (+b $o)                                 -- extb_oper
+ * Hostmask bans (for combination extbans)           -- extb_hostmask.so
- * Realname (gecos) bans (+b $r:mask)                -- extb_realname
+ * Oper bans (+b $o)                                 -- extb_oper.so
- * Server bans (+b $s:mask)                          -- extb_server
+ * Realname (gecos) bans (+b $r:mask)                -- extb_realname.so
- * SSL bans (+b $z)                                  -- extb_ssl
+ * Server bans (+b $s:mask)                          -- extb_server.so
- * User mode bans (+b $u:modes)                      -- extb_usermode
+ * SSL bans (+b $z)                                  -- extb_ssl.so
- * Helpops system (umode +h)                         -- helpops
+ * User mode bans (+b $u:modes)                      -- extb_usermode.so
- * HURT system                                       -- hurt
+ * HURT system                                       -- hurt.so
- * New host mangling (umode +x)                      -- ip_cloaking_4.0
+ * New host mangling (umode +x)                      -- ip_cloaking_4.0.so
- * Old host mangling (umode +h)                      -- ip_cloaking
+ * Old host mangling (umode +h)                      -- ip_cloaking.so
- * Dynamically extend channel limits                 -- m_extendchans
+ * Find channel forwards                             -- m_findforwards.so
- * Find channel forwards                             -- m_findforwards
+ * /identify support                                 -- m_identify.so
- * /identify support                                 -- m_identify
+ * Opers cannot be invisible (umode +i)              -- no_oper_invis.so
- * /locops support                                   -- m_locops
+ * Far connection notices (snomask +F)               -- sno_farconnect.so
- * Opers cannot be invisible (umode +i)              -- no_oper_invis
+ * Remote k/d/x line active notices                  -- sno_globalkline.so
- * Far connection notices (snomask +F)               -- sno_farconnect
+ * Remote oper up notices                            -- sno_globaloper.so
- * Remote oper up notices                            -- sno_globaloper
+ * /whois notifications (snomask +W)                 -- sno_whois.so
- * Global nick-change notices                        -- sno_globalnickchange
+ * Oper-override (modehacking only)                  -- override.so
- * Oper-override (modehacking only)                  -- override
+ * Stop services kills                               -- no_kill_services.so
 * Stop services kills                               -- no_kill_services
 * Allows you to hide your idle time (umode +I)      -- umode_hide_idle_time
 */
-#loadmodule "extensions/chm_adminonly";
+#loadmodule "extensions/chm_adminonly.so";
-#loadmodule "extensions/chm_nonotice";
+#loadmodule "extensions/chm_operonly.so";
-#loadmodule "extensions/chm_operonly";
+#loadmodule "extensions/chm_sslonly.so";
-#loadmodule "extensions/chm_sslonly";
+#loadmodule "extensions/chm_operonly_compat.so";
-#loadmodule "extensions/chm_operpeace";
+#loadmodule "extensions/chm_quietunreg_compat.so";
-#loadmodule "extensions/createauthonly";
+#loadmodule "extensions/chm_sslonly_compat.so";
-#loadmodule "extensions/extb_account";
+#loadmodule "extensions/createauthonly.so";
-#loadmodule "extensions/extb_canjoin";
+#loadmodule "extensions/extb_account.so";
-#loadmodule "extensions/extb_channel";
+#loadmodule "extensions/extb_canjoin.so";
-#loadmodule "extensions/extb_combi";
+#loadmodule "extensions/extb_channel.so";
-#loadmodule "extensions/extb_extgecos";
+#loadmodule "extensions/extb_combi.so";
-#loadmodule "extensions/extb_hostmask";
+#loadmodule "extensions/extb_extgecos.so";
-#loadmodule "extensions/extb_oper";
+#loadmodule "extensions/extb_hostmask.so";
-#loadmodule "extensions/extb_realname";
+#loadmodule "extensions/extb_oper.so";
-#loadmodule "extensions/extb_server";
+#loadmodule "extensions/extb_realname.so";
-#loadmodule "extensions/extb_ssl";
+#loadmodule "extensions/extb_server.so";
-#loadmodule "extensions/extb_usermode";
+#loadmodule "extensions/extb_ssl.so";
-#loadmodule "extensions/helpops";
+#loadmodule "extensions/extb_usermode.so";
-#loadmodule "extensions/hurt";
+#loadmodule "extensions/hurt.so";
-#loadmodule "extensions/ip_cloaking_4.0";
+#loadmodule "extensions/ip_cloaking_4.0.so";
-#loadmodule "extensions/ip_cloaking";
+#loadmodule "extensions/ip_cloaking.so";
-#loadmodule "extensions/m_extendchans";
+#loadmodule "extensions/m_findforwards.so";
-#loadmodule "extensions/m_findforwards";
+#loadmodule "extensions/m_identify.so";
-#loadmodule "extensions/m_identify";
+#loadmodule "extensions/no_oper_invis.so";
-#loadmodule "extensions/m_locops";
+#loadmodule "extensions/sno_farconnect.so";
-#loadmodule "extensions/no_oper_invis";
+#loadmodule "extensions/sno_globalkline.so";
-#loadmodule "extensions/sno_farconnect";
+#loadmodule "extensions/sno_globaloper.so";
-#loadmodule "extensions/sno_globalnickchange";
+#loadmodule "extensions/sno_whois.so";
-#loadmodule "extensions/sno_globaloper";
+#loadmodule "extensions/override.so";
-#loadmodule "extensions/override";
+#loadmodule "extensions/no_kill_services.so";
 #loadmodule "extensions/no_kill_services";
 #loadmodule "extensions/umode_hide_idle_time";
 /* serverinfo {}:  Contains information about the server. (OLD M:) */
 serverinfo {
@ -136,6 +129,11 @@ serverinfo {
 	 */
 	network_name = "MyNet";
 	/* hub: allow this server to act as a hub and have multiple servers
 	 * connected to it.  
 	 */
 	hub = no;
 	/* vhost: the IP to bind to when we connect outward to ipv4 servers.
 	 * This should be an ipv4 IP only.
 	 */
@ -146,19 +144,17 @@ serverinfo {
 	 */
 	#vhost6 = "2001:db8:2::6";
-	/* ssl_cert: certificate (and optionally key) for our ssl server */
+	/* ssl_private_key: our ssl private key */
 	ssl_private_key = "etc/ssl.key";
 	/* ssl_cert: certificate for our ssl server */
 	ssl_cert = "etc/ssl.pem";
-	/* ssl_private_key: our ssl private key (if not contained in ssl_cert file) */
+	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
 	#ssl_private_key = "etc/ssl.key";
 	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 2048 */
 	/* If you do not provide parameters, some TLS backends will fail on DHE- ciphers,
 	   and some will succeed but use weak, common DH groups! */
 	ssl_dh_params = "etc/dh.pem";
 	/* ssl_cipher_list: A list of ciphers, dependent on your TLS backend */
-	#ssl_cipher_list = "TLS_CHACHA20_POLY1305_SHA256:EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
+	#ssl_cipher_list = "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL";
 	/* ssld_count: number of ssld processes you want to start, if you
 	 * have a really busy server, using N-1 where N is the number of
@ -286,17 +282,14 @@ class "server" {
 	 */
 	connectfreq = 5 minutes;
-	/* max_autoconn: the amount of servers to autoconnect to.  if the number
+	/* max number: the amount of servers to autoconnect to.  if the number
 	 * of servers in the class is or exceeds this, no more servers in the
 	 * class are autoconnected.  oper initiated connects are unaffected.
 	 * this should usually be set to either 0 or 1.  (autoconnecting from
 	 * hubs to leaves may cause leaves to function as hubs by having
 	 * multiple servers connected to them.)
 	 */
-	max_autoconn = 1;
+	max_number = 1;
 	/* max_number: the maximum number of servers allowed in this class */
 	max_number = 100;
 	/* sendq: servers need a higher sendq as they are sent more data */
 	sendq=2 megabytes;
@ -323,8 +316,8 @@ listen {
 	/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
 	port = 5000, 6665 .. 6669;
-	/* sslport: listen for ssl connections on all available IPs, port 6697 */
+	/* sslport: listen for ssl connections on all available IPs, port 9999 */
-	sslport = 6697;
+	sslport = 9999;
 	/* host: set a specific IP/host the ports after the line will listen 
 	 * on.  This may be ipv4 or ipv6.
@ -336,21 +329,10 @@ listen {
 	host = "2001:db8:2::6";
 	port = 7002;
 	sslport = 9002;
 	/* wsock: listeners defined with this option enabled will be websocket listeners,
 	 * and will not accept normal clients.
 	 */
 	wsock = yes;
 	sslport = 9999;
 };
 /* auth {}: allow users to connect to the ircd (OLD I:) */
 auth {
 	/* description: descriptive text to help recognize this auth block in
 	 * stats i output.
 	 */
 	description = "example oper";
 	/* user: the user@host allowed to connect.  Multiple IPv4/IPv6 user
 	 * lines are permitted per auth block.  This is matched against the
 	 * hostname and IP address (using :: shortening for IPv6 and
@ -360,11 +342,6 @@ auth {
 	user = "*@198.51.100.0/24";
 	user = "*test@2001:db8:1:*";
 	/* umodes; the user mode character string to apply to users
 	 * when they get placed into this auth block.
 	 */
 	#umodes = "+w";
 	/* auth_user: This allows specifying a username:password instead of
 	 * just a password in PASS, so that a fixed user@host is not
 	 * necessary for a specific auth{} block.
@ -388,10 +365,8 @@ auth {
 	 * encrypted                  | password is encrypted with mkpasswd
 	 * spoof_notice               | give a notice when spoofing hosts
 	 * exceed_limit (old > flag)  | allow user to exceed class user limits
-	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
+	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines&dnsbls
 	 *                            | dnsbls, and proxies
 	 * dnsbl_exempt		      | exempt this user from dnsbls
 	 * proxy_exempt               | exempt this user from proxies
 	 * spambot_exempt	      | exempt this user from spambot checks
 	 * shide_exempt		      | exempt this user from serverhiding
 	 * jupe_exempt                | exempt this user from generating
@ -403,9 +378,6 @@ auth {
 	 * need_ident   (old + flag)  | require ident for user in this class
 	 * need_ssl                   | require SSL/TLS for user in this class
 	 * need_sasl                  | require SASL id for user in this class
 	 * extend_chans               | allow this user to join more channels than normal
 	 * kline_spoof_ip             | if this block has a spoof host, klines match only
 	 *                            | the spoof and not the underlying IP
 	 */
 	flags = kline_exempt, exceed_limit;
@ -439,15 +411,8 @@ privset "local_op" {
 	 *
 	 * Available options:
 	 *
-	 * oper:general:         enable most general oper privileges that came
+	 * oper:local_kill:      allows local users to be /KILL'd
-	 *                       with +o in older releases
+	 * oper:global_kill:     allows local and remote users to be /KILL'd
 	 * auspex:oper:          allows the oper to see through oper hiding
 	 * auspex:umodes:        allows viewing other users' modes
 	 * auspex:cmodes:        shows privileged cmodes
 	 * auspex:hostname:      shows hidden hostnames/ips
 	 * oper:privs:           allows /stats o/O and seeing privset in /whois
 	 * oper:testline:        allows /testline and /testgecos
 	 * oper:kill:            allows local and remote users to be /KILL'd
 	 * oper:routing:         allows remote SQUIT and CONNECT
 	 * oper:kline:           allows KLINE and DLINE
 	 * oper:unkline:         allows UNKLINE and UNDLINE
@ -461,33 +426,15 @@ privset "local_op" {
 	 *		         will not have the admin lines in
 	 *		         whois.
 	 * oper:xline:	         allows use of /quote xline/unxline
-	 * oper:resv:            allows /quote resv/unresv
+	 * oper:resv:	         allows /quote resv/unresv and cmode +LP
 	 * oper:cmodes:          allows cmode +LP
 	 * oper:operwall:        allows the oper to send/receive operwalls
 	 * oper:spy:	         allows 'operspy' features to see through +s
 	 * 		         channels etc. see /quote help operspy
 	 * oper:hidden:          hides the oper from /stats p
 	 * oper:remoteban:       allows remote kline etc
-	 * oper:mass_notice:     allows sending mass notices
+	 * oper:mass_notice:     allows sending wallops and mass notices
 	 * oper:wallops:         allows sending wallops messages
 	 * oper:grant:           allows using the GRANT command
 	 * usermode:servnotice:  allows setting +s
 	 * oper:message:         allows opers to bypass CALLERID (usermode +g)
 	 * oper:free_target:     messages to the oper bypass flood controls
 	 *
 	 * Privileges provided by extensions include:
 	 *
 	 * oper:dehelper:        allows the DEHELPER command (from extensions/helpops)
 	 * oper:override:        enables oper override via umode +p (from extensions/override)
 	 * oper:receive_immunity:
 	 *   confers the benefits of chmode +M (operpeace) (from extensions/chm_operpeace)
 	 * usermode:helpops      allows setting +h (from extensions/helpops)
 	 * auspex:usertimes:
 	 *   allows viewing user idle/connect times even when +I is set (from extensions/umode_hide_idle_time)
 	 * oper:shedding:	allows the SHEDDING command (from extensions/m_shedding)
 	 */
-	privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
+	privs = oper:local_kill, oper:operwall;
 		usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
 };
 privset "server_bot" {
@ -498,14 +445,13 @@ privset "server_bot" {
 privset "global_op" {
 	extends = "local_op";
-	privs = oper:routing, oper:kline, oper:unkline, oper:xline,
+	privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
-		oper:resv, oper:cmodes, oper:mass_notice, oper:wallops,
+		oper:resv, oper:mass_notice, oper:remoteban;
 		oper:remoteban;
 };
 privset "admin" {
 	extends = "global_op";
-	privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:grant;
+	privs = oper:admin, oper:die, oper:rehash, oper:spy;
 };
 /* operator {}: defines ircd operators. (OLD O:) */
@ -564,21 +510,12 @@ operator "god" {
 	privset = "admin";
 };
-/* connect {}: controls servers we connect with (OLD C:, N:, H:, L:).
+/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */
 *
 * This configuration is used whether connections are incoming or
 * outgoing.
 */
 connect "irc.uplink.com" {
-	/* the name of the other server must go above. It should match the
+	/* the name must go above */
 	 * other server's name in its serverinfo {} block, and does not
 	 * need to be an actual hostname.
 	 */
-	/* host: the host or IP to connect to.
+	/* host: the host or IP to connect to.  If a hostname is used it
-	 *
+	 * must match the reverse dns of the server.
 	 * It is also used to validate incoming connections. If a hostname
 	 * is used, it must match the reverse dns of the server.
 	 */
 	host = "203.0.113.3";
@ -602,44 +539,65 @@ connect "irc.uplink.com" {
 	/* port: the port to connect to this server on */
 	port = 6666;
 	/* hub mask: the mask of servers that this server may hub. Multiple
 	 * entries are permitted
 	 */
 	hub_mask = "*";
 	/* leaf mask: the mask of servers this server may not hub.  Multiple
 	 * entries are permitted.  Useful for forbidding EU -> US -> EU routes.
 	 */
 	#leaf_mask = "*.uk";
 	/* class: the class this server is in */
 	class = "server";
 	/* flags: controls special options for this server
 	 * encrypted	- marks the accept_password as being crypt()'d
 	 * autoconn	- automatically connect to this server
 	 * compressed	- compress traffic via ziplinks
 	 * topicburst	- burst topics between servers
 	 * ssl		- ssl/tls encrypted server connections
 	 * sctp         - use SCTP instead of TCP to connect to the server
 	 * no-export    - marks the link as a no-export link (not exported to other links)
 	 */
-	flags = topicburst;
+	flags = compressed, topicburst;
 };
-connect "ipv6.lame.server" {
+connect "ipv6.some.server" {
-	host = "192.0.2.1";
+	/* Hosts that are IPv6 addresses must be in :: shortened form
 	 * if applicable.  Addresses starting with a colon get an extra
 	 * zero prepended, for example: 0::1
 	 */
 	host = "2001:db8:3::8";
 	send_password = "password";
 	accept_password = "password";
 	port = 6666;
-	/* aftype: controls whether the outgoing connection uses "ipv4" or "ipv6".
+	/* aftype: controls whether the connection uses "ipv4" or "ipv6".
-	 * Default is to try either at random.
+	 * Default is ipv4.
 	 */
 	aftype = ipv6;
 	class = "server";
 };
 connect "ssl.uplink.com" {
 	/* Example of ssl server-to-server connection, ssl flag doesn't need
 	 * compressed flag, 'cause it uses own compression
 	 */
 	host = "203.0.113.129";
 	send_password = "password";
 	accept_password = "anotherpassword";
 	port = 9999;
 	hub_mask = "*";
 	class = "server";
 	flags = ssl, topicburst;
 };
-/* cluster {}; servers that we propagate things to automatically. */
+/* cluster {}; servers that we propagate things to automatically.
 * NOTE: This does NOT grant them privileges to apply anything locally,
 *       you must add a seperate shared block for that.  Clustering will
 *       only be done for actions by LOCAL opers, that arent directed
 *       remotely.
 */
 cluster {
 	/* name: the server to share with, this can be a wildcard and may be
 	 * stacked.
@ -672,7 +630,8 @@ cluster {
 /* service{}: privileged servers (services). These servers have extra
 * privileges such as setting login names on users and introducing clients
- * with umode +S (unkickable, hide channels, etc).
+ * with umode +S (unkickable, hide channels, etc). This does not allow them
 * to set bans, you need a separate shared{} for that.
 * Do not place normal servers here.
 * There may be only one service{} block.
 */
@ -681,6 +640,56 @@ service {
 	name = "services.int";
 };
 /* shared {}: users that are allowed to place remote bans on our server.
 * NOTE: These are ordered top down.  The first one the user@host and server
 *       matches will be used.  Their access will then be decided on that
 *       block and will not fall back to another block that matches.
 */
 shared {
 	/* oper: the user@host and server the user must be on to set klines.
 	 * The first field must be a user@host, the second field is an
 	 * optional server.  These may be stacked.
 	 */
 	/* flags: list of what to allow them to place, all the oper lines
 	 * above this (up until another flags entry) will receive these
 	 * flags.  This *must* be present.
 	 *
 	 *    kline   - allow setting perm/temp klines
 	 *    tkline  - allow setting temp klines
 	 *    unkline - allow removing klines
 	 *    xline   - allow setting perm/temp xlines
 	 *    txline  - allow setting temp xlines
 	 *    unxline - allow removing xlines
 	 *    resv    - allow setting perm/temp resvs
 	 *    tresv   - allow setting temp resvs
 	 *    unresv  - allow removing xlines
 	 *    all     - allow oper/server to do all of above.
 	 *    locops  - allow locops - only used for servers who cluster
 	 *    rehash  - allow rehashing
 	 *    dline   - allow setting perm/temp dlines
 	 *    tdline  - allow setting temp dlines
 	 *    undline - allow removing dlines
 	 *    none    - disallow everything
 	 */
 	/* allow flame@*.leeh.co.uk on server irc.ircd-ratbox.org and
 	 * allow leeh@*.leeh.co.uk on server ircd.ircd-ratbox.org to kline
 	 */
 	oper = "flame@*.leeh.co.uk", "irc.ircd-ratbox.org";
 	oper = "leeh@*.leeh.co.uk", "ircd.ircd-ratbox.org";
 	flags = kline;
 	/* you may forbid certain opers/servers from doing anything */
 	oper = "irc@vanity.oper", "*";
 	oper = "*@*", "irc.vanity.server";
 	oper = "irc@another.vanity.oper", "bigger.vanity.server";
 	flags = none;
 	/* or allow everyone to place temp klines */
 	oper = "*@*";
 	flags = tkline;
 };
 /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
 exempt {
 	ip = "192.0.2.0/24";
@ -689,12 +698,6 @@ exempt {
 	ip = "127.0.0.1";
 };
 /* secure {}: IPs that are considered to be secure networks, and get
 * +Z without using TLS */
 secure {
 	ip = "127.0.0.1";
 };
 /* The channel block contains options pertaining to channels */
 channel {
 	/* invex: Enable/disable channel mode +I, a n!u@h list of masks
@ -732,9 +735,6 @@ channel {
 	/* max chans: The maximum number of channels a user can join/be on. */
 	max_chans_per_user = 15;
 	/* max chans (large): The extended maximum number of channels a user can join. */
 	max_chans_per_user_large = 60;
 	/* max bans: maximum number of +b/e/I/q modes in a channel */
 	max_bans = 100;
@ -810,22 +810,6 @@ channel {
 	 * such as LIST >0.
 	 */
 	displayed_usercount = 3;
 	/* strip_topic_colors: whether or not color codes in TOPIC should be stripped. */
 	strip_topic_colors = no;
 	/* opmod_send_statusmsg: format messages sent to ops due to +z
 	 * as PRIVMSG @#channel when sent to clients.
 	 */
 	opmod_send_statusmsg = no;
 	/* ip_bans_through_vhost: should channel IP bans see through dynamic spoofed hosts? */
 	ip_bans_through_vhost = yes;
 	/* invite_notify_notice: when using extensions/invite_notify, should
 	 * we send a NOTICE to clients that don't support IRCv3 invite-notify
 	 */
 	invite_notify_notice = yes;
 };
@ -857,7 +841,8 @@ serverhide {
 * You can have multiple combinations of host and rejection reasons.
 * They are used in pairs of one host/rejection reason.
 *
- * These settings should be adequate for most networks.
+ * These settings should be adequate for most networks, and are (presently)
 * required for use on StaticBox.
 *
 * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
 * connections.
@ -898,78 +883,6 @@ blacklist {
 #	reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
 };
 /* These are the OPM settings.
 * This is similar to the functionality provided by BOPM. It will scan incoming
 * connections for open proxies by connecting to clients and attempting several
 * different open proxy handshakes. If they connect back to us (via a dedicated
 * listening port), and send back the data we send them, they are considered
 * an open proxy. For politeness reasons (users may be confused by the incoming
 * connection attempts if they are logging incoming connections), the user is
 * notified upon connect if they are being scanned.
 *
 * WARNING:
 * These settings are considered experimental. Only the most common proxy types
 * are checked for (Charybdis is immune from POST and GET proxies). If you are
 * not comfortable with experimental code, do not use this feature.
 */
 #opm {
 	/* IPv4 address to listen on. This must be a publicly facing IP address
 	 * to be effective.
 	 * If omitted, it defaults to serverinfo::vhost.
 	 */
 	#listen_ipv4 = "127.0.0.1";
 	/* IPv4 port to listen on.
 	 * This should not be the same as any existing listeners.
 	 */
 	#port_v4 = 32000;
 	/* IPv6 address to listen on. This must be a publicly facing IP address
 	 * to be effective.
 	 * If omitted, it defaults to serverinfo::vhost6.
 	 */
 	#listen_ipv6 = "::1";
 	/* IPv6 port to listen on.
 	 * This should not be the same as any existing listeners.
 	 */
 	#port_v6 = 32000;
 	/* You can also set the listen_port directive which will set both the
 	 * IPv4 and IPv6 ports at once.
 	 */
 	#listen_port = 32000;
 	/* This sets the timeout in seconds before ending open proxy scans.
 	 * Values less than 1 or greater than 60 are ignored.
 	 * It is advisable to keep it as short as feasible, so clients do not
 	 * get held up by excessively long scan times.
 	 */
 	#timeout = 5;
 	/* These are the ports to scan for SOCKS4 proxies on. They may overlap
 	 * with other scan types. Sensible defaults are given below.
 	 */
 	#socks4_ports = 80, 443, 1080, 8000, 8080, 10800;
 	/* These are the ports to scan for SOCKS5 proxies on. They may overlap
 	 * with other scan types. Sensible defaults are given below.
 	 */
 	#socks5_ports = 80, 443, 1080, 8000, 8080, 10800;
 	/* These are the ports to scan for HTTP CONNECT proxies on (plaintext).
 	 * They may overlap with other scan types. Sensible defaults are given
 	 * below.
 	 */
 	#httpconnect_ports = 80, 8080, 8000;
 	/* These are the ports to scan for HTTPS CONNECT proxies on (SSL).
 	 * They may overlap with other scan types. Sensible defaults are given
 	 * below.
 	 */
 	#httpsconnect_ports = 443, 4443;
 #};
 /*
 * Alias blocks allow you to define custom commands. (Old m_sshortcut.c)
 * They send PRIVMSG to the given target. A real command takes
@ -1014,6 +927,14 @@ alias "MS" {
 	target = "MemoServ";
 };
 /*
 fakechannel "#honeypot" {
 	topic = "Come in";
 	users_min = 50;
 	users_max = 300;
 };
 */
 /* The general block contains many of the options that were once compiled
 * in options in config.h.  The general block is read at start time.
 */
@ -1164,66 +1085,22 @@ general {
 	 */
 	dline_with_reason = yes;
 	/* kline delay: delay the checking of klines until a specified time.
 	 * Useful if large kline lists are applied often to prevent the
 	 * server eating CPU.
 	 */
 	kline_delay = 0 seconds;
 	/* kline reason: show the user the reason why they are k/dlined 
 	 * on exit.  may give away who set k/dline when set via tcm.
 	 */
 	kline_with_reason = yes;
 	/* tkline duration: when showing users their k/dline reason (see
 	 * kline_with_reason), don't add "Temporary K-line 123 min."
 	 */
 	hide_tkdline_duration = no;
 	/* kline reason: make the users quit message on channels this
 	 * reason instead of the oper's reason.
 	 */
 	kline_reason = "Connection closed";
 	/* SASL access only client message: give users a message that
 	 * informs them
 	 */
 	sasl_only_client_message = "You need to identify via SASL to use this server.";
 	/* Identd access only client message: give users a message that
 	 * informs them
 	 */
 	identd_only_client_message = "You need to install identd to use this server.";
 	/* SCTP forbidden client message: give users a message that
 	 * informs them
 	 */
 	sctp_forbidden_client_message = "You are not allowed to use SCTP on this server.";
 	/* SSL/TLS access only client message: give users a message that
 	 * informs them
 	 */
 	ssltls_only_client_message = "You need to use SSL/TLS to use this server.";
 	/* Not authorised client message: tell users that they are not
 	 * authorised
 	 */
 	not_authorised_client_message = "You are not authorised to access this server.";
 	/* Illegal hostname client message: tell users that they have illegal
 	 * chars in their hostname
 	 */
 	illegal_hostname_client_message = "You have an illegal character in your hostname.";
 	/* Server full client message: tell users that the server they're connecting
 	 * to is full
 	 */
 	server_full_client_message = "Sorry, server is full - try later";
 	/* illegal name long client message: long-form explanation that their username
 	 * contains illegal characters
 	 */
 	illegal_name_long_client_message = "Your username is invalid. Please make sure that your username contains only alphanumeric characters.";
 	/* illegal name short client message: short-form notification that their username
 	 * contains illegal characters; will be followed by ": their_username"
 	 */
 	illegal_name_short_client_message = "Invalid username";
 	/* identify to services via server password
 	 * if auth{} block had no password but the user specified a
 	 * server password anyway, send a PRIVMSG to <identify_service>
@ -1256,6 +1133,9 @@ general {
 	/* stats c oper only: make stats c (connect {}) oper only */
 	stats_c_oper_only=no;
 	/* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */
 	stats_h_oper_only=no;
 	/* stats y oper only: make stats y (class {}) oper only */
 	stats_y_oper_only=no;
@ -1282,13 +1162,6 @@ general {
 	 */
 	stats_k_oper_only=masked;
 	/* stats l/L oper only:
 	 *     yes:  non-opers can't use this at all
 	 *     self: non-opers see only themselves
 	 *     no:   show targeted users or non-hidden opers to everyone
 	 */
 	stats_l_oper_only = self;
 	/* map oper only: make /map oper only */
 	map_oper_only = no;
@ -1316,6 +1189,9 @@ general {
 	 */
 	pace_wait = 10 seconds;
 	/* listfake_wait: time until real list command can be used */
 	listfake_wait = 180 seconds;
 	/* short motd: send clients a notice telling them to read the motd
 	 * instead of forcing a motd to clients who may simply ignore it.
 	 */
@ -1326,13 +1202,6 @@ general {
 	 */
 	ping_cookie = no;
 	/* ping warn time: how long to wait after pinging a server before starting
 	 * to complain it is unresponsive. Note that the ping check interval is 30 
 	 * seconds, so the first complaint will come at the next check after this 
 	 * time has passed.
 	 */
 	ping_warn_time = 15 seconds;
 	/* connect timeout: sets how long we should wait for a connection
 	 * request to succeed
 	 */
@ -1357,12 +1226,6 @@ general {
 	 */
 	max_targets = 4;
 	/* post-registration delay: wait this long before processing commands from a newly
 	 * registered user. Used to allow network utility bots to perform any actions
 	 * (such as host changes or proxy scanning) before the user can join channels.
 	 */
 	post_registration_delay = 2 seconds;
 	/* use_whois_actually: send clients requesting a whois a numeric
 	 * giving the real IP of non-spoofed clients to prevent DNS abuse.
 	 */
@ -1370,7 +1233,7 @@ general {
 	/* usermodes configurable: a list of usermodes for the options below
 	 *
-	 * +g - callerid   - Server-side private message allow list
+	 * +g - callerid   - Server Side Ignore
 	 * +D - deaf       - Don't see channel messages
 	 * +i - invisible  - Not shown in NAMES or WHO unless you share a 
 	 *                   a channel
@ -1392,6 +1255,14 @@ general {
 	 * provided they have umode +s set */
 	oper_snomask = "+s";
 	/* compression level: level of compression for compressed links between
 	 * servers.  
 	 *
 	 * values are between: 1 (least compression, fastest)
 	 *                and: 9 (most compression, slowest).
 	 */
 	#compression_level = 6;
 	/* burst_away: This enables bursting away messages to servers.
 	 * With this disabled, we will only propogate AWAY messages
 	 * as users send them, but never burst them.  Be warned though
@ -1465,31 +1336,18 @@ general {
 	 * "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type.  These fingerprints
 	 * are not supported on servers running charybdis 3.5.3 or earlier.
 	 *
-	 * To generate a fingerprint from a certificate file, please use the mkfingerprint utility
+	 * To generate a fingerprint from a certificate file, run the following:
-	 * program located in the bin/ subdirectory of your IRCd installation. Running it with no
+	 * $ openssl x509 -outform DER -in your.crt | sha1sum     (or sha256sum, or sha512sum)
-	 * arguments will give you a brief usage message; it takes method and filename arguments.
+	 *
 	 * To generate a SPKI SHA-256 fingerprint, run the following:
 	 * $ openssl x509 -pubkey -noout -in your.crt | openssl pkey -pubin -outform DER | \
 	 *   sha256sum | sed -r -e 's/^/SPKI:SHA2-256:/'
 	 *
 	 * To generate a SPKI SHA-512 fingerprint, run the following:
 	 * $ openssl x509 -pubkey -noout -in your.crt | openssl pkey -pubin -outform DER | \
 	 *   sha512sum | sed -r -e 's/^/SPKI:SHA2-512:/'
 	 */
-	certfp_method = spki_sha256;
+	certfp_method = sha256;
 	/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
 	hide_opers_in_whois = no;
 	/* hide_opers: Hide all opers from unprivileged users */
 	hide_opers = no;
 	/* tls_ciphers_oper_only: show the TLS cipher string in /WHOIS only to opers and self */
 	tls_ciphers_oper_only = no;
 	/* hidden_caps: client capabilities we'll pretend we don't support until they're requested */
 	#hidden_caps = "userhost-in-names";
 	/* oper_secure_only: require TLS on any connection trying to oper up */
 	oper_secure_only = no;
 	/* drain_reason: Message shown to users when they are rejected from a draining server.
 	 * requires extensions/drain to be loaded.
 	 */
 	drain_reason = "This server is not accepting connections.";
 };
 modules {
@ -1500,5 +1358,19 @@ modules {
 	path = "/usr/local/ircd/modules/autoload";
 	/* module: the name of a module to load on startup/rehash */
-	#module = "some_module";
+	#module = "some_module.so";
 };
 /*
 vhost "selfsigned.hades.arpa" {
 	ssl_private_key = "etc/selfssl.key";
 	ssl_cert = "etc/selfssl.pem";
 };
 vhost "oldca.hades.arpa" {
 	ssl_private_key = "etc/oldssl.key";
 	ssl_cert = "etc/oldssl2.pem";
  ssl_dh_params = "etc/olddh.pem";
  ssl_cipher_list = "kEECDH+HIGH:kEDH+HIGH:HIGH:!RC4:!aNULL";
 };
 */
--- a/doc/features/sasl.txt
+++ b/doc/features/sasl.txt
@ -127,3 +127,4 @@ Kucharski (IRCnet), IRC Client Capabilities Extension. March 2005.
 This internet-draft has expired; it can still be found on
 http://www.leeh.co.uk/draft-mitchell-irc-capabilities-02.html
 $Id: sasl.txt 3169 2007-01-28 22:13:18Z jilles $
--- a/doc/server-version-info.txt
+++ b/doc/server-version-info.txt
@ -1,15 +1,15 @@
                              Server VERSION Info
   $Id: server-version-info 1851 2006-08-24 17:16:53Z jilles $
   Copyright (c) 2001 by ircd-hybrid team
   Copyright (c) 2002 ircd-ratbox development team
   Copyright (c) 2016 Charybdis development team
     ----------------------------------------------------------------------
   When you type /version, you will often see something like this:
- charybdis-3.5.0-rc1(20151011-d09bde1). joestar.interlinked.me :eIKMpSZ6 TS6ow 1US
+ ircd-ratbox-1.0rc7(20021120_0). embers.lan egGHIKMpZ6 TS5ow
   Ever wondered what those funny chars mean after the version number? Well
   here they are:
@ -17,6 +17,12 @@
   +----------------------------+
   | 'e'  | USE_EXCEPT          |
   |------+---------------------|
   | 'g'  | NO_FAKE_GLINES      |
   |------+---------------------|
   | 'G'  | GLINES              |
   |------+---------------------|
   | 'H'  | HUB                 |
   |------+---------------------|
   | 'I'  | USE_INVEX           |
   |------+---------------------|
   | 'K'  | USE_KNOCK           |
@ -27,6 +33,8 @@
   |------+---------------------|
   | 'S'  | OPERS_SEE_ALL_USERS |
   |------+---------------------|
   | 'T'  | IGNORE_BOGUS_TS     |
   |------+---------------------|
   | 'Z'  | ZIPLINKS            |
   |------+---------------------|
   | '6'  | IPv6                |
@ -35,7 +43,7 @@
   |------+---------------------|
   | 'TS' | Supports TS         |
   |------+---------------------|
-   | '6'  | TS Version 6        |
+   | '5'  | TS Version 5        |
   |------+---------------------|
   | 'o'  | TS Only             |
   |------+---------------------|
--- a/doc/features/services.txt
+++ b/doc/features/services.txt
@ -1,12 +1,9 @@
-Services compatibility documentation
+ratbox-services compatibility documentation - Lee H <lee -at- leeh.co.uk>
------------------------------------
+-------------------------------------------------------------------------
-Originally written by Lee Hardy for ircd-ratbox. Minor changes by Elizabeth
+Compatibility with ratbox-services is always enabled.  Note that some or
-Myers for modern services.
+all of this is also used by atheme-services and anope.  It will add the
-
+following features to ircd:
 Compatibility with services is always enabled.  Supported services include
 atheme and anope. They add the following features to Charybdis:
 1. Channel mode +r
@ -20,8 +17,8 @@ atheme and anope. They add the following features to Charybdis:
   Ability to specify the names of services servers in ircd.conf:
   service {
-       name = "services.charybdis.io";
+       name = "services.ircd-ratbox.org";
-       name = "backup-services.charybdis.io";
+       name = "backup-services.ircd-ratbox.org";
   };
   These must be specified for certain features to work.  You may specify as
@ -63,3 +60,4 @@ atheme and anope. They add the following features to Charybdis:
   Gives numeric 486 to users sending a PRIVMSG who are not logged in:
   :<server> 486 <nick> <targetnick> :You must log in with services to message this user
 # $Id: services.txt 6 2005-09-10 01:02:21Z nenolod $
--- a/doc/technical/README.TSora
+++ b/doc/technical/README.TSora
@ -0,0 +1,330 @@
                       Protocol changes for +TSora
                       ---------------------------
 Note: 
 The protocols described here implement TimeStamps on IRC channels and 
 nicks. The idea of IRC TimeStamps was started on Undernet, and first 
 implemented by Run <carlo@runaway.xs4all.nl>. The protocols used here 
 are not exactly the same as the ones used on Undernet; the nick-kill 
 handling is very similar and must be credited to Run, while the 
 "TimeStamped channel description" protocol is quite different.
 TSora servers keep track of which version of the TS protocol (if any) 
 their neighboring servers are using, and take it into account when 
 sending messages to them. This allows for seamless integration of TS 
 servers into a non-TS net, and for upgrades of the protocol.
 Each server knows which is the lowest and the highest version of the
 TS protocol it can interact with; currently both of these are set to 1:
 #define TS_CURRENT 1		/* the highest TS ver we can do */
 #define TS_MIN 1		/* the lowest TS ver we can do  */
 Timings and TS versions:
 ========================
 . Keep a 'delta' value to be added to the result of all calls to time(),
  initially 0.
 . Send a second argument to the PASS command, ending in the 'TS' string.
 . Send a
  SVINFO <TS_CURRENT> <TS_MIN> <STANDALONE> :<UTC-TIME>
  just after "SERVER", where <STANDALONE> is 1 if we're connected to 
  more TSora servers, and 0 if not, and <UTC-TIME> is our idea of the 
  current UTC time, fixed with the delta.
 . When we receive a "SVINFO <x> <y> <z> :<t>" line from a connecting 
  server, we ignore it if TS_CURRENT<y or x<TS_MIN, otherwise we
  set a flag remembering that that server is TS-aware, remember the TS 
  version to use with it (min(TS_CURRENT, x)). Additionally, if this is 
  our first connected TS server, we set our delta to t-<OUR_UTC> if
  z==0, and to (t-<OUR_UTC>)/2 if z!=0. The SVINFO data is kept around
  until the server has effectively registered with SERVER, and used
  *after* sending our own SVINFO to that server.
 Explanations:
  Servers will always know which of their directly-linked servers can do 
  TS, and will use the TS protocol only with servers that do understand 
  it. This makes it possible to switch to full TS in just one 
  code-replacement step, without incompatibilities.
  As long as not all servers are TS-aware, the net will be divided into 
  "zones" of linked TS-aware servers. Channel modes will be kept 
  synchronized at least within the zone in which the channel was 
  created, and nick collisions between servers in the same zone will 
  result in only one client being killed.
  Time synchronization ensures that servers have the same idea of the 
  current time, and achieves this purpose as long as TS servers are 
  introduced one by one within the same 'zone'. The merging of two zones 
  cannot synchronize them completely, but it is to be expected that 
  within each zone the effective time will be very close to the real 
  time. 
  By sending TSINFO after SERVER rather than before, we avoid the extra 
  lag created by the identd check on the server. To be able to send 
  immediately a connect burst of either type (TS or not), we need to 
  know before that if the server does TS or not, so we send that 
  information with PASS as an extra argument. And to avoid being 
  incompatible with 2.9 servers, which check that this second argument 
  begins with "2.9", we check that it *ends* with "TS".
  The current time is only used when setting a TS on a new channel or 
  nick, and once such a TS is set, it is never modified because of 
  synchronization, as it is much more important that the TS for a 
  channel or nick stays the same across all servers than that it is 
  accurate to the second.
  Note that Undernet's 2.8.x servers have no time synchronization at 
  all, and have had no problems because of it - all of this is more to 
  catch the occasional server with a way-off clock than anything.
 NICK handling patches (anti-nick-collide + shorter connect burst):
 ==================================================================
 . For each nick, store a TS value = the TS value received if any, or our 
  UTC+delta at the time we first heard of the nick. TS's are propagated 
  to TS-aware servers whenever sending a NICK command.
 . Nick changes reset the TS to the current time.
 . When sending a connect burst to another TS server, replace the 
  NICK/USER pair with only one NICK command containing the nick, the 
  hopcount, the TS, the umode, and all the USER information.
  The format for a full NICK line is:
  NICK <nick> <hops> <TS> <umode> <user> <host> <server> :<ircname>
  The umode is a + followed by any applying usermodes.
  The format for a nick-change NICK line is:
  :<oldnick> NICK <newnick> :<TS>
 . When a NICK is received from a TS server, that conflicts with an 
  existing nick:
  + if the userhosts differ or one is not known:
    * if the timestamps are equal, kill ours and the old one if it
      was a nick change
    * if the incoming timestamp is older than ours, kill ours and 
      propagate the new one
    * if the incoming timestamp is younger, ignore the line, but kill 
      the old nick if it was a nick change
  + if the userhosts are the same:
    * if the timestamps are equal, kill ours and the old one if it
      was a nick change
    * if the incoming timestamp is younger, kill ours and propagate
      the new one
    * if the incoming timestamp is older, ignore the line but kill
      the old nick if it was a nick change
 . When a NICK is received from a non-TS server that conflicts with
  an existing nick, kill both.
 . Do not send "Fake Prefix" kills in response to lines coming from TS 
  servers; the sanitization works anyway, and this allows the "newer
  nick overruled" case to work.
 Explanations:
  The modified nick-introduction syntax allows for a slightly shorter 
  connect-burst, and most importantly lets the server compare 
  user@host's when determining which nick to kill:  if the user@host
  is the same, then the older nick must be killed rather than the
  newer.
  When talking to a non-TS server, we need to behave exactly like one
  because it expects us to. When talkign to a TS server, we don't kill
  the nicks it's introducing, as we know it'll be smart enough to do it
  itself when seeing our own introduced nick.
  When we see a nick arriving from a non-TS server, it won't have a TS, 
  but it's safe enough to give it the current time rather than keeping 
  it 0; such TS's won't be the same all across the network (as long as 
  there is more than one TS zone), and when there's a collision, the TS 
  used will be the one in the zone the collision occurs in.
  Also, it is important to note that by the time a server sees (and 
  chooses to ignore) a nick introduction, the introducing server has 
  also had the time to put umode changes for that nick on its queue, so 
  we must ignore them too... so we need to ignore fake-prefix lines 
  rather than sending kills for them. This is safe enough, as the rest 
  of the protocol ensures that they'll get killed anyway (and the 
  Undernet does it too, so it's been more than enough tested). Just for 
  an extra bit of compatibility, we still kill fake prefixes coming from 
  non-TS servers.
  This part of the TS protocol is almost exactly the same as the 
  Undernet's .anc (anti-nick-collide) patches, except that Undernet 
  servers don't add usermodes to the NICK line.
 TimeStamped channel descriptions (avoiding hacked ops and desynchs):
 ====================================================================
 . For each channel, keep a timestamp, set to the current time when the
  channel is created by a client on the local server, or to the received 
  value if the channel has been propagated from a TS server, or to 0 
  otherwise. This value will have the semantics of "the time of creation 
  of the current ops on the channel", and 0 will mean that the channel 
  is in non-TS mode.
  A new server protocol command is introduced, SJOIN, which introduces 
  a full channel description: a timestamp, all the modes (except bans),
  and the list of channel members with their ops and voices. This 
  command will be used instead of JOIN and of (most) MODEs both in 
  connect bursts and when propagating channel creations among TS 
  servers. SJOIN will never be accepted from or sent to users.
  The syntax for the command is:
  SJOIN <TS> #<channel> <modes> :[@][+]<nick_1> ...  [@][+]<nick_n>
  The fields have the following meanings:
  * <TS> is the timestamp for the channel
  * <modes> is the list of global channel modes, starting with a +
    and a letter for each of the active modes (spmntkil), followed
    by an argument for +l if there is a limit, and an argument for
    +k if there's a key (in the same order they were mentioned in
    the string of letters).
    A channel with no modes will have a "+" in that field.
    A special value of "0" means that the server does not specify the 
    modes, and will be used when more than one SJOIN line is needed
    to completely describe a channel, or when propagating a SJOIN
    the modes of which were rejected.
  * Each nick is preceded by a "@" if the user has ops, and a "+" if
    the user has a voice. For mode +ov, both flags are used.
  SJOINs will be propagated (when appropriate) to neighboring TS 
  servers, and converted to JOINs and MODEs for neighboring non-TS 
  servers.
  To propagate channels for which not all users fit in one 
  SJOIN line, several SJOINs will be sent consecutively, only the first
  one including actual information in the <mode> field.
  An extra ad-hoc restriction is imposed on SJOIN messages, to simplify 
  processing: if a channel has ops, then the first <nick> of the first 
  SJOIN sent to propagate that channel must be one of the ops.
  Servers will never attempt to reconstruct a SJOIN from JOIN/MODE 
  information being received at the moment from other servers.
 . For each user on a channel, keep an extra flag (like ops and voice)
  that is set when the user has received channel ops from another 
  server (in a SJOIN channel description), which we rejected (ignored). 
  Mode changes (but NOT kicks) coming from a TS server and from someone 
  with this flag set will be ignored. The flag will be reset when the 
  user gets ops from another user or server.
 . On deops done by non-local users, coming from TS servers, on channels 
  with a non-zero TS, do not check that the user has ops but check that 
  their 'deopped' flag is not set. For kicks coming from a TS server, do 
  not check either. This will avoid desynchs, and 'bad' modechanges are 
  avoided anyway. Other mode changes will still only be taken into 
  account and propagated when done by users that are seen as having ops.
 . When a MODE change that ops someone is received from a server for a 
  channel, that channel's TS is set to 0, and the mode change is 
  propagated. 
 . When a SJOIN is received for a channel, deal with it in this way:
  * received-TS = 0: 
    + if we have ops or the SJOIN doesn't op anyone, SJOIN propagated
      with our own TS.
    + otherwise, TS set to 0 and SJOIN propagated with 0.
  * received-TS > 0, own-TS = 0: 
    + if the SJOIN ops someone or we don't have ops, set our TS to the
      received TS and propagate.
    + otherwise, propagate with TS = 0.
  * received-TS = own-TS: propagate.
  * received-TS < own-TS: 
    + if the SJOIN ops someone, remove *all* modes (except bans) from 
      the channel and propagate these mode changes to all neighboring
      non-TS servers, and copy the received TS and propagate the SJOIN.
    + if the SJOIN does not op anyone and we have ops, propagate
      with our own TS.
    + otherwise, copy the received TS and propagate the SJOIN.
  * received-TS > own-TS: 
    + if the SJOIN does not introduce any ops, process and propagate
      with our own TS.
    + if we have ops: for each person the mode change would op, set the 
      'deopped' flag; process all the JOINs ignoring the '@' and '+' 
      flags; propagate without the flags and with our TS.
    + if we don't have ops: set our TS to the received one, propagate
      with the flags.
 Explanations:
  This part of the protocol is the one that is most different (and 
  incompatible) with the Undernet's: we never timestamp MODE changes, 
  but instead we introduce the concept of time-stamped channel 
  descriptions. This way each server can determine, based on its state 
  and the received description, what the correct modes for a channel 
  are, and deop its own users if necessary. With this protocol, there is 
  *never* the need to reverse and bounce back a mode change. This is
  both faster and more bandwith-effective.
  The end goal is to have a protocol will eventually protect channels 
  against hacked ops, while minimizing the impact on a mixed-server net. 
  In order to do this, whenever there is a conflict between a TS server 
  and a non-TS one, the non-TS one's idea of the whole situation 
  prevails. This means that channels will only have a TS when they have 
  been created on a TS-aware server, and will lose it whenever a server 
  op comes from a non-TS server. Also, at most one 'zone' will have a TS 
  for any given channel at any given time, ensuring that there won't be 
  any deops when zones are merged. However, when TS zones are merged, if 
  the side that has a TS also has ops, then the TS is kept across the 
  whole new zone. Effective protection will only be ensured once all 
  servers run TS patches and channels have been re-created, as there is 
  no way servers can assign a TS to a channel they are not creating 
  (like they do with nicks) without having unwanted deops later.
  The visible effects of this timestamped channel-description protocol 
  are that when a split rejoins, and one side has hacked ops, the other 
  side doesn't see any server mode changes (just like with Undernet's
  TS), but the side that has hacked ops sees:
  * first the first server on the other side deopping and devoicing 
    everyone, and fixing the +spmntkli modes
  * then other users joining, and getting server ops and voices
  The less obvious part of this protocol is its behavior in the case 
  that the younger side of a rejoin has servers that are lagged with 
  each other. In such a situation, a SJOIN that clears all modes and 
  sets the legitimate ones is being propagated from one server, and 
  lagged illegitimate mode changes and kicks are being propagated in the 
  opposite direction. In this case, a kick done by someone who is being 
  deopped by the SJOIN must be taken into account to keep the name list 
  in sync (and since it can only be kicking someone who also was on the 
  younger side), while a deop does not matter (and will be ignored by 
  the first server on the other side), and an opping *needs* to be 
  discareded to avoid hacked ops.
  The main property of timestamped channel descriptions that makes them 
  a very stable protocol even with lag and splits, is that they leave a 
  server in the same final state, independently of the order in which 
  channel descriptions coming from different servers are received. Even 
  when SJOINs and MODEs for the same channel are being propagated in 
  different direction because of several splits rejoining, the final 
  state will be the same, independently of the exact order in which each 
  server received the SJOINs, and will be the same across all the 
  servers in the same zone.
--- a/doc/technical/capab.txt
+++ b/doc/technical/capab.txt
@ -1,5 +1,5 @@
 Server capabilities
-Ariadne Conill <ariadne -at- dereferenced.org>
+William Pitcock <nenolod -at- nenolod.net>
 -------------------
 Not all TSora IRCd's support these.
--- a/doc/technical/cluster.txt
+++ b/doc/technical/cluster.txt
@ -1,3 +1,5 @@
 $Id: cluster.txt 6 2005-09-10 01:02:21Z nenolod $
 Short description of how remote kline and friends are propagated under
 the old hyb7 style (CAP_KLN etc) and under the new style over ENCAP.
--- a/doc/technical/euid.txt
+++ b/doc/technical/euid.txt
@ -1,3 +1,5 @@
 $Id: euid.txt 1863 2006-08-27 13:40:37Z jilles $
 Extended UID command proposal
 Jilles Tjoelker <jilles@stack.nl>
--- a/doc/technical/event.txt
+++ b/doc/technical/event.txt
@ -1,6 +1,8 @@
 Overview of the event subsystem
 Adrian Chadd <adrian@creative.net.au>
 $Id: event.txt 6 2005-09-10 01:02:21Z nenolod $
 One of the things that immediately struck me whilst first looking at the
 code was that the ircd periodically scheduled things in io_loop() but
--- a/doc/technical/fd-management.txt
+++ b/doc/technical/fd-management.txt
@ -0,0 +1,47 @@
 Overview of the filedescriptor subsystem
 Adrian Chadd <adrian@creative.net.au>
 $Id: fd-management.txt 6 2005-09-10 01:02:21Z nenolod $
 Filedescriptor lists
 --------------------
 The filedescriptor list is managed through the routines in fdlist.c .
 These include:
 fd_open() - tag an FD as "open" and active
 fd_close() - tag an FD as "closed" and close() the filedescriptor
 fd_note() - update the filedescriptor tag
 You can get the current list of open filedescriptors through /stats F as
 an oper.
 FD lists
 --------
 The FD list support is very alpha. There are a few lists defined:
 typedef enum fdlist_t {
    FDLIST_NONE,
    FDLIST_SERVICE,
    FDLIST_SERVER,
    FDLIST_IDLECLIENT,
    FDLIST_BUSYCLIENT,
    FDLIST_MAX
 } fdlist_t;
 FDLIST_NONE		Not on any list (ie close()d)
 FDLIST_SERVICE		A service - listen() sockets, resolver, etc
 FDLIST_SERVER		Server connections
 FDLIST_IDLECLIENT	An idle client
 FDLIST_BUSYCLIENT	A busy client
 FDLIST_MAX		Used for bounds checking
 The idea is that the SERVICE sockets need polling frequently, the SERVER
 sockets also need polling frequently, BUSYCLIENT is for busy clients
 which need frequent polling (eg we're trying to write to them), and
 IDLECLIENT is for clients which we don't need to poll frequently.
 THIS hasn't been decided upon yet.
--- a/doc/technical/hostmask.txt
+++ b/doc/technical/hostmask.txt
@ -1,5 +1,6 @@
 The hostmask/netmask system.
 Copyright(C) 2001 by Andrew Miller(A1kmm)<a1kmm@mware.virtualave.net>
 $Id: hostmask.txt 6 2005-09-10 01:02:21Z nenolod $
 Contents
 ========
--- a/doc/technical/index.txt
+++ b/doc/technical/index.txt
@ -1,10 +1,19 @@
-Technical Documentation for Charybdis
+Technical Documentation for ircd-hybrid-7
-capab.txt                 - Description of server capabilities
+Persistent_Clients.txt    - A global UID and Persistent client (with cookies)
-cluster.txt               - Technical description of the cluster system
+                            proposal
-euid.txt                  - Description of TS6 EUIDs
+README.TSora              - Description of the TS3 protocol
 README.openssl            - Information for users who have problems with
                            Hybrid, OpenSSL, and their operating system
 cryptlink.txt             - Outline of CRYPTLINK protocol
 event.txt                 - Outline of the event system
-hooks.txt                 - Internal IRC daemon hoks
+fd-management.txt         - Outline of the file descriptor management system
 file-management.txt       - Outline of the disk file management system
 hostmask.txt              - Outline of hostmask handling
 linebuf.txt               - Outline of the linebuf system (dbuf replacement)
-ts6-protocol.txt          - Description of the TS6 protocol
+network.txt               - Outline of the network traffic subsystem
 rfc1459.txt               - The IRC RFC
 send.txt                  - Document on all of the send_to functions
 whats-new-code.txt        - Whats changed in the code
 # $Id: index.txt 6 2005-09-10 01:02:21Z nenolod $
--- a/doc/technical/linebuf.txt
+++ b/doc/technical/linebuf.txt
@ -1,7 +1,10 @@
 linebuf - a dbuf replacement for the New World Order(tm)
 By Adrian Chadd <adrian@creative.net.au>
 $Id: linebuf.txt 6 2005-09-10 01:02:21Z nenolod $
 History
 -------
--- a/doc/technical/network.txt
+++ b/doc/technical/network.txt
@ -0,0 +1,105 @@
 Overview of the network subsystem
 Adrian Chadd <adrian@creative.net.au>
 $Id: network.txt 6 2005-09-10 01:02:21Z nenolod $
 This document is an overview of the new and hopefully improved network
 subsystem.
 The code is based loosely upon the network core found in the Squid web cache
 server, with some optimizations for ircd-specific IO patterns.
 Filedescriptor IO
 -----------------
 Filedescriptor IO is initiated using comm_setselect(). comm_setselect()
 registers interest in reading from or writing to a file descriptor.
 When a filedescriptor is ready for the required IO a callback is called
 from the IO loop.
 The comm_setselect() usage is:
 void
 comm_setselect(int fd, fdlist_t list, int type, PF *callback, void *cbdata,
    int timeout)
 where:
  fd 		filedescriptor
  list		Which list the FD should be put on
  type		IO type. Can currently include:
 			COMM_SELECT_READ  - register for read
 			COMM_SELECT_WRITE - register for write
  callback	Function to call when the FD is ready
  cbdata	Data to be passed to above function
  timeout	Update the timeout value. 0 is "don't update".
 A typical use is:
 ..
 /* Register interest in the FD for a read event */
 comm_setselect(fd, FDLIST_SERVICE, COMM_SELECT_READ, read_callback, read_data,
    0);
 ..
 (FD becomes ready for read in the IO loop)
 void
 read_callback(int fd, void *data)
 {
    /* called when the FD becomes ready for read */
    retval = read(fd, buf, len);
    ..
    /* Ok, we need to read some more when its ready */
    comm_setselect(fd, FDLIST_SERVICE, COMM_SELECT_READ, read_callback, data,
        0);
 }
 Socket timeouts
 ---------------
 A "socket timeout" is a callback registered to be called when a certain
 amount of time has elapsed. Think of it as an event, but against a FD.
 A good example of socket timeouts is in the comm_connect_tcp() code.
 When the connect() begins, comm_settimeout() is called to call
 comm_connect_timeout() if the timeout occurs. Once the connect() completes,
 comm_settimeout() is called with a timeout of 0 and callback of NULL 
 to deregister the timeout. If the timeout occurs, comm_connect_timeout()
 is called and the connection attempt is aborted.
 Functions
 ---------
 comm_open() - a socket() wrapper, enforcing fd limitations and tagging the
  file descriptor with a note
 comm_accept() - an accept() wrapper, enforcing fd limitations and tagging
  the file descriptor with a note
 comm_connect_tcp() - attempt an async connect(). Handles DNS lookups if
  required, and will call the given callback at completion or error
 comm_settimeout() - set a callback to be called after a given time period.
  This is good to implement things like PING checks and connect() timeouts.
 Notes:
 * All socket creation should go through comm_open() / comm_accept().
 * All socket closing should go through fd_close(). comm_close() isn't
  implemented yet.
 * comm_connect_tcp() is your best friend. :-)
 * *ALL* network sockets should be non-blocking. If your OS doesn't support
  non-blocking sockets, you shouldn't be here.
--- a/doc/technical/send.txt
+++ b/doc/technical/send.txt
@ -0,0 +1,253 @@
 send.c re-work
 PREFIXES
 ========
  Server prefixes are the ":%s" strings at the beginning of messages.
 They are used by servers to route the message properly and by servers to
 local clients to update their idea of who is whom.
 ":nick!user@host" is a prefix ":name" where name is either a nick
 or name of a server is another valid prefix.
 Typical prefix for a local client to a channel:
 ":Dianora!db@irc.db.net"
 for a prefix to a remote server:
 ":Dianora"
 e.g. as seen locally on a channel:
 ":Dianora!db@irc.db.net PRIVMSG #us-opers :ON TOP OF ...\r\n"
 e.g. as seen sent to a remote server:
 ":Dianora PRIVMSG #us-opers :ON TOP OF ...\r\n"
  It has been argued that full prefixes sent locally are a waste of bandwidth
 (Isomer from Undernet has argued this). i.e. instead of sending:
 ":nick!user@host" for a local prefix, one could just send ":nick"..
 Unfortunately, this breaks many clients badly. Personally I feel that
 until clients are updated to understand that a full prefix isn't always
 going to be sent, that this should be held off on.
  As much as possible, prefix generation is now moved "upstairs" as
 much as possible. i.e. if its known its a local client only, then the
 onus of the prefix generation, is the users, not hidden in send.c
 This allows somewhat faster code to be written, as the prefix doesn't
 have to be regenerated over and over again.
  Prefixes aren't sent in all cases, such as a new user using NICK
 A prefix is needed when it must be routed.
 i.e.
 NICK newnick
  There is obviously no prefix needed from a locally connected client.
 FUNCTIONS
 =========
 sendto_one()    - Should be used for _local_ clients only
                  it expects the prefix to be pre-built by user.
                  usage - sendto_one(struct Client *to, char *pattern, ...);
                  typical use:
                  sendto_one(acptr,":%s NOTICE %s :I'm tired", me.name,
 		             acptr->name);
                  Note: This was from a server "me" hence only one
                  name in prefix.
                  This would be an example of a client sptr, noticing
                  acptr IF acptr is known to be a local client:
                  sendto_one(acptr,":%s!%s@%s NOTICE %s :You there?",
                             sptr->name,
                             sptr->username,
                             sptr->host,
                             acptr->name);
 sendto_one_prefix()
                - Sends a message to a remote client, with proper
 		  prefix and target (name or UID).
                  usage - sendto_one_prefix(struct Client *target_p,
 		                            struct Client *source_p,
 		                            const char *command,
 					    const char *pattern, ...)
 		  typical use:
 		  sendto_one_prefix(target_p, source_p, "INVITE", ":%s",
 				    chptr->chname);
 sendto_one_notice()
                - Sends a notice from this server to target. Target may
 		  be a local or remote client.
 		  Prefix and target are chosen based on TS6 capability.
 		  typical use:
 		  sendto_one_notice(source_p, ":You suck. Yes, really.");
 sendto_one_numeric()
                - Sends a numeric from this server to target. Target may
 		  be a local or remote client.
 		  Prefix and target are chosen based on TS6 capability.
 		  typical use:
 		  sendto_one_numeric(source_p, RPL_STATSDEBUG,
 		                     "p :%u staff members", count);
 sendto_channel_flags()
                - This function sends a var args message to a channel globally,
                  except to the client specified as "one", the prefix
                  is built by this function on the fly as it has to
                  be sent both to local clients on this server and to
                  remote servers.
 		  For type use one of:
                  ONLY_SERVERS ALL_MEMBERS ONLY_CHANOPS ONLY_CHANOPSVOICED
 		  If type is not ALL_MEMBERS it's not sent to not-CHW-capable
 		  servers.
 		  Deaf (umode +D) clients are always skipped.
                  usage - sendto_channel_flags(struct Client *one,
                                               int type,
                                               struct Client *from,
                                               struct Channel *chptr,
                                               const char *pattern, ... );
                  sendto_channel_butone(cptr, ALL_MEMBERS, sptr, chptr
                                        "PRIVMSG %s :HI!",
                                        chptr->chname);
                  e.g. if channel message is coming from "cptr"
                  it must not be sent back to cptr.
 sendto_server()
                - This function sends specified var args message
                  to all connected servers except the client "one"
                  which have all of "caps" capabilities but none
 		  of "nocaps" capabilities.
 		  If "chptr" is not NULL and is a local channel,
 		  nothing is sent.
                  usage - sendto_server(struct Client *one,
                                        struct Channel *chptr,
 					unsigned long caps,
 					unsigned long nocaps,
                                        const char *format, ... );  
 sendto_common_channels_local()
                - This function is used only by m_nick and exit_one_client
                  its used to propagate nick changes to all channels user
                  is in, and QUIT messages to all channels user is in.
                  As it only sends to local clients, prefix generation
                  is left to the user. It also sends the message to the
                  user if the user isn't on any channels.
                  usage - sendto_common_channels_local(struct Client *user,
                                                       const char *pattern,
                                                       ...);
 sendto_channel_local()
                - This function is used to send only locally, never
                  to remote servers. This is useful when removing
                  local chanops, or adding a local chanop. MODE/SJOIN
                  sent to remote server allows that server to propagate
                  mode changes to its clients locally.
 		  The message is also sent to deaf (umode +D) clients.
                  usage - sendto_channel_local(int type,
                                               struct Channel *chptr,
                                               const char *pattern, ... );
                  prefix must be pre-built. type is a flag
                  denoting ONE of 
                  ALL_MEMBERS		- all members locally are sent to
                  ONLY_CHANOPS_VOICED	- only chanops and voiced see this
                  ONLY_CHANOPS		- only chanops see this
 sendto_match_butone()
                - only used for the old style oper masking
                  i.e. /msg #hostmask which in hyb7 is /msg $#hostmask
                  or  /msg $servermask in hyb7 /msg $$servermask
                  usage - sendto_match_butone(struct Client *one,
                                              struct Client *source_p,
                                              char *mask,
                                              int what,
                                              const char *pattern, ... );
                  one is the client not to send to
                  mask is the actual mask
                  what is either MATCH_HOST or MATCH_SERVER
 sendto_match_servs()
                - Allows sending a message to servers whose names match
 		  the given mask. A message is also sent to non-matching
 		  servers which have matching servers behind them.
 		  Used for ENCAP, remote kline, etc.
 		  No message is sent to source_p->from.
 		  usage - sendto_match_servs(struct Client *source_p,
 					     const char *mask,
 					     int cap, int nocap,
 					     const char *pattern, ...);
 sendto_anywhere()
                - Allows the sending of a message to any client on the net
                  without knowing whether its local or remote. The penalty
                  is the calculation of a run-time prefix.
                  It is less efficient then sendto_one()
                  usage - sendto_anywhere(struct Client *to,
                                          struct Client *from,
                                          const char *command,
                                          const char *pattern, ...);
                  e.g.
                  sendto_anywhere(target_p, source_p,
                                  "PRIVMSG", ":Hi, Where ever you are");
 sendto_realops_flags()
                - combines old sendto_realops and sendto_realops_flags
                  sends specified message to opers locally only
                  depending on umodes. UMODE_ALL is UMODE_SERVNOTICE.
                  the message is sent as a server notice, prefixed with
 		  "*** Notice -- ".
                  usage - sendto_realops_flags(int flags,
                                               const char *pattern, ... );
                  e.g.
                  sendto_realops_flags(UMODE_ALL,
                                 "Don't eat the yellow snow");
 sendto_wallops_flags()
                - sends specified message to opers/users locally, 
                  depending on umodes.  used for messages that need
                  to be in wallops form
                - some policy decisions about who gets what live in here
                  usage - sendto_wallops_flags(int flags,
                                    struct Client *, const char *patterm ...);
                  e.g.
                  sendto_wallops_flags(UMODE_LOCOPS,
                                      sptr, "Message");
 -- Diane Bruce 
 Updated Jan 2006 by jilles with ratbox and late hybrid7 changes
 $Id: send.txt 587 2006-01-27 19:45:11Z jilles $
--- a/doc/technical/ts6-protocol.txt
+++ b/doc/technical/ts6-protocol.txt
@ -1,6 +1,5 @@
 TS6 protocol description
 Written by Jilles Tjoelker
 Edits by Elizabeth Myers to add TS rules described by Lee Harvey.
 General format: much like rfc1459
 Maximum parameters for a command: 15 (this does not include the prefix
@ -19,7 +18,6 @@ nicknames and server names are accepted, possibly with wildcards; from servers,
 UIDs/SIDs (sending names or even wildcards is deprecated). This is done with
 the function hunt_server(). Any rate limiting should be done locally.
 duration: a parameter type used for ban durations. It is a duration in seconds.
 A value of 0 means a permanent ban.
@ -114,75 +112,6 @@ type D
 +g (allow any member to /invite)
 +z (send messages blocked by +m to chanops)
 Nick TS rules:
 A server receiving a command that requires nick TS rules must check for a
 collision between an existing user, and the nick in the received message.
 (the "new user").  The collisions must obey the rules specified in Nick TS
 collisions.
 If the TS received is lower than the TS of the existing user the server will
 collide the existing user if the clients user@host are different, if the
 clients user@hosts are identical it will collide the new user.
 If the TS received is equal to the TS of the existing user both clients are
 collided.
 If the TS received is higher than the TS of the existing user, the server
 will collide the existing user if the user@hosts are identical, if the
 clients user@host are different it will collide the new user and drop the 
 message.
 Nick TS collisions:
 If both users are to be collided, we must issue a KILL for the existing
 user to all servers.  If the new user has a UID then we must also issue a
 KILL for that UID back to the server sending us data causing the collision.
 If only the existing user is being collided, we must issue a KILL for the
 existing user to all servers except the server sending us data.  If the
 existing user has a UID and the server sending us data supports TS6 then
 we must also issue a KILL for the existing users UID to the server sending
 us data.
 If only the new user is being collided, we must issue a KILL for the new user
 back to the server sending us data if the new user has a UID.
 Channel TS rules:
 A server receiving a command that requires normal channel TS rules must
 apply the following rules to the command.
 If the TS received is lower than our TS of the channel a TS6 server must
 remove status modes (+ov etc) and channel modes (+nt etc).  If the
 originating server is TS6 capable (ie, it has a SID), the server must
 also remove any ban modes (+b etc).  The new modes and statuses are then
 accepted.
 If any bans are removed, the server must send to non-TS6, directly connected
 servers mode changes removing the bans after the command is propagated.
 This prevents desync with banlists, and has to be sent after as clients are
 still able to send mode changes before the triggering command arrives.
 If the TS received is equal to our TS of the channel the server should keep
 its current modes and accept the received modes and statuses.
 If the TS received is higher than our TS of the channel the server should keep
 its current modes and ignore the received modes and statuses.  Any statuses
 given in the received message will be removed.  A server must mark clients
 losing their op (+o) status who do not have a UID as 'deopped'.  A server must
 ignore any "MODE" commands from a user marked as 'deopped'.
 Simple channel TS rules: 
 A server receiving a command that requires simple channel TS rules must
 apply the following rules to the command.
 If the TS received is lower, or equal to our TS of the channel the modes are
 accepted.  If the TS received is higher than our TS of the channel the modes
 are ignored and dropped.
 Simple channel TS rules do not affect current modes in the channel except
 for the modes we are accepting.
 <numeric>
 source: server
 parameters: target, any...
@ -319,28 +248,6 @@ Sets a D:line (IP ban checked directly after accepting connection).
 The mask must be an IP address or CIDR mask.
 EBMASK
 source: server
 propagation: broadcast
 parameters: channelTS, channel, type, space separated "masks ts hostmask" chunks
 If the channelTS in the message is greater (newer) than the current TS of
 the channel, drop the message and do not propagate it.
 Type is the mode letter of a ban-like mode. In efnet TS6 this is 'b', 'e' or
 'I'. In charybdis TS6 additionally 'q' is possible.
 Add all the masks and their set at/by to the given list of the channel.
 All ban-like modes must be bursted using this command, not using MODE or TMODE.
 ECHO
 source: user
 parameters: "P"/"N", target, text
 As PRIVMSG, but delivers an echo-message echo to the target; they will see
 a PRIVMSG or NOTICE from themselves to the source.
 ENCAP
 source: any
 parameters: target server mask, subcommand, opt. parameters...
@ -692,13 +599,6 @@ and most error messages are suppressed.
 Servers may not send '$$', '$#' and opers@server notices. Older servers may
 not allow servers to send to specific statuses on a channel.
 OPER
 source: user
 parameters: opername, privset
 Sets the source user's oper name and privset. Sent after the +o mode change, or
 during burst, to inform other servers of an oper's privileges.
 OPERSPY
 encap only
 encap target: *
@ -1237,6 +1137,8 @@ CAP
 CHALLENGE
 CHANTRACE
 CLOSE
 CNOTICE
 CPRIVMSG
 DIE
 GET
 HELP
@ -1251,6 +1153,7 @@ MODRESTART
 MODUNLOAD
 MONITOR
 NAMES
 OPER
 POST
 PUT
 RESTART
--- a/doc/technical/ts6.txt
+++ b/doc/technical/ts6.txt
@ -0,0 +1,299 @@
 $Id: ts6.txt 3211 2007-02-20 00:34:28Z jilles $
 TS6 Proposal (v8)
 Written by Lee H <lee@leeh.co.uk>
 Ideas borrowed heavily from ircnet (Beeth, jv, Q)
 - Changes between v7 and v8 -
 -----------------------------
 In the v7 specification, the JOIN command included the channel modes of a
 channel, and acted on them following TS rules.  In the v8 specification,
 JOIN will never send modes.
 Desyncs can occur both when they are sent and when they are not.  If they
 are sent, then you can have a situation where a user on one side of the
 network issues "MODE #channel -l", and a user on another side of the network
 issues "JOIN #channel" whilst the +l still exists.  As the JOIN string sent 
 server<->server includes the full modes at the time of the user joining, 
 this will propagate the +l, but there is a -l crossing in the other
 direction.  Desync will occur beyond where they intersect.
 If the modes are not sent, then a lower TS JOIN command, or a JOIN command
 that creates a channel will cause a desync.
 It is judged that the desync with sending the modes is worse than the desync
 by not sending them, as such the v8 specification dictates modes are not
 sent with a JOIN command server<->server.
 The v8 specification also clarifies that servers may issue TMODE.
 - Introduction -
 ----------------
 This document aims to fix some of the flaws that are still present in the
 current TS system.
 Whilst only one person may use a nickname at any one time, they are not
 a reliable method of directing commands between servers.  Clients can change
 their nicknames, which can create desyncs.  A reliable method of directing
 messages between servers is required so that a message will always reach the
 intended destination, even if the client changes nicks in between.
 UID solves this problem by ensuring that a client has a unique ID for the
 duration of his connection.
 This document also aims to solve the lack of TS rules to channel 'bans' on
 a netburst.  Bans from both sides of a TS war (losing/winning) are kept.
 Bursting the bans with a TS solves this problem.
 There is also a race condition in the current TS system, where a user can
 issue a mode during a netburst and the mode will be set on the server 
 we are bursting to.
 - Definitions -
 ---------------
 Throughout this document, the following terms are used:
 SID	- A servers unique ID.  This is three characters long and must be in
          the form [0-9][A-Z0-9][A-Z0-9]
 ID      - A clients unique ID.  This is six characters long and must be in
          the form [A-Z][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9][A-Z0-9].  The
          numbers [0-9] at the beginning of an ID are legal characters, but
          reserved for future use.
 UID     - An ID concateneted to a SID.  This forms the clients UID.
 TS6     - The TS version 6.
 - Support -
 -----------
 Support for this document is given by the TS version 6.
 Wherever a destination parameter or source parameter is used, it must use
 the SID or UID if the server/client has one.  A TS6 capable server must
 translate any SIDs/UIDs back into the server/clients name when communicating
 with a server that does not support TS6.
 A TS6 server must also support the QS (quitstorm) system, and the encap
 specification found here:
 http://www.leeh.co.uk/ircd/encap.txt
 The TS6 protocol does not supports masked entities.
 - Nick TS rules -
 -----------------
 A server receiving a command that requires nick TS rules must check for a
 collision between an existing user, and the nick in the received message.
 (the "new user").  The collisions must obey the rules specified in Nick TS
 collisions.
 If the TS received is lower than the TS of the existing user the server will
 collide the existing user if the clients user@host are different, if the
 clients user@hosts are identical it will collide the new user.
 If the TS received is equal to the TS of the existing user both clients are
 collided.
 If the TS received is higher than the TS of the existing user, the server
 will collide the existing user if the user@hosts are identical, if the
 clients user@host are different it will collide the new user and drop the 
 message.
 - Nick TS collisions -
 ----------------------
 If both users are to be collided, we must issue a KILL for the existing 
 user to all servers.  If the new user has a UID then we must also issue a 
 KILL for that UID back to the server sending us data causing the collision.
 If only the existing user is being collided, we must issue a KILL for the
 existing user to all servers except the server sending us data.  If the 
 existing user has a UID and the server sending us data supports TS6 then 
 we must also issue a KILL for the existing users UID to the server sending 
 us data.
 If only the new user is being collided, we must issue a KILL for the new user 
 back to the server sending us data if the new user has a UID.
 - Channel TS rules -
 --------------------
 A server receiving a command that requires normal channel TS rules must 
 apply the following rules to the command.
 If the TS received is lower than our TS of the channel a TS6 server must
 remove status modes (+ov etc) and channel modes (+nt etc).  If the 
 originating server is TS6 capable (ie, it has a SID), the server must
 also remove any ban modes (+b etc).  The new modes and statuses are then
 accepted.
 If any bans are removed, the server must send to non-TS6, directly connected 
 servers mode changes removing the bans after the command is propagated.
 This prevents desync with banlists, and has to be sent after as clients are
 still able to send mode changes before the triggering command arrives.
 If the TS received is equal to our TS of the channel the server should keep
 its current modes and accept the received modes and statuses.
 If the TS received is higher than our TS of the channel the server should keep
 its current modes and ignore the received modes and statuses.  Any statuses
 given in the received message will be removed.  A server must mark clients 
 losing their op (+o) status who do not have a UID as 'deopped'.  A server must 
 ignore any "MODE" commands from a user marked as 'deopped'.
 - Simple channel TS rules -
 ---------------------------
 A server receiving a command that requires simple channel TS rules must
 apply the following rules to the command.
 If the TS received is lower, or equal to our TS of the channel the modes are
 accepted.  If the TS received is higher than our TS of the channel the modes
 are ignored and dropped.
 Simple channel TS rules do not affect current modes in the channel except
 for the modes we are accepting.
 - The following commands are defined here as the TS6 protocol -
 ---------------------------------------------------------------
 - PASS -
 	PASS <PASSWORD> TS <TS_CURRENT> :<SID>
 This command is used for password verification with the server we are
 connecting to.
 Due to the burst being sent on verification of the "SERVER" command, and
 "SVINFO" being sent after "SERVER", we need to be aware of the TS version
 earlier to decide whether to send a TS6 burst or not.
 The <PASSWORD> field is the password we have stored for this server,
 <TS_CURRENT> is our current TS version.  If this field is not present then
 the server does not support TS6.  <SID> is the SID of the server.
 - UID -
 	:<SID> UID <NICK> <HOPS> <TS> +<UMODE> <USERNAME> <HOSTNAME> <IP> <UID> :<GECOS>
 This command is used for introducing clients to the network.
 The <SID> field is the SID of the server the client is connected to.
 The <NICK> field is the nick of the client being introduced.  The <HOPS>
 field is the amount of server hops between the server being burst to and
 the server the client is on.  The <TS> field is the TS of the client, either
 the time they connected or the time they last changed nick.  The <UMODE>
 field contains the clients usermodes that need to be transmitted between
 servers.  The <USERNAME> field contains the clients username/ident.  The
 <HOSTNAME> field contains the clients host.
 The <IP> field contains the clients IP.  If the IP is not to be sent
 (due to a spoof etc), the field must be sent as "0".  The <UID> field is the 
 clients UID.  The <GECOS> field is the clients gecos.
 A server receiving a UID command must apply nick TS rules to the nick.
 - SID -
 	:<SID> SID <SERVERNAME> <HOPS> <SID> :<GECOS>
 This command is used for introducing servers to the network.
 The first <SID> field is the SID of the new servers uplink.  The
 <SERVERNAME> field is the new servers name.  The <HOPS> field is the hops
 between the server being introduced nd the server being burst to.
 The second <SID> field is the SID of the new server.  The <GECOS> field i
 is the new servers gecos.
 Upon receiving the SID command servers must check for a SID collision.  
 Two servers must not be allowed to link to the network with the same SID.  
 If a server detects a SID collision it must drop the link to the directly 
 connected server through which the command was received.
 Client and servers which do not have a UID/SID must be introduced by old
 methods.
 - SJOIN -
 	:<SID> SJOIN <TS> <CHANNAME> +<CHANMODES> :<UIDS>
 This command is used for introducing users to channels.
 The <SID> field is the SID of the server introducing users to the channel.
 The <TS> field is the channels current TS, <CHANNAME> is the channels
 current name, <CHANMODES> are the channels current modes.  <UIDS> is a
 space delimited list of clients UIDs to join to the channel.  Each clients
 UID is prefixed with their status on the channel, ie "@UID" for an opped
 user.  Multiple prefixes are allowed, "peons" (clients without a status) are
 not prefixed.
 A server receiving an SJOIN must apply normal channel TS rules to the SJOIN.  
 A TS6 server must not use the SJOIN command outside of a netburst
 to introduce a single user to an existing channel.  It must instead
 use the "JOIN" command defined in this specification.  A TS6 server must
 still use SJOIN for creating channels.
 - JOIN -
 	:<UID> JOIN <TS> <CHANNAME> +
 This command is used for introducing one user unopped to an existing channel.
 The <UID> field is the UID of the client joining the channel.  The
 <TS> field is the channels current TS, <CHANNAME> is the channels
 current name.
 A server receiving a JOIN must apply normal channel TS rules to the JOIN.
 No channel modes are sent with the JOIN command.  In previous versions of
 this specification, the "+" parameter contained the channels current modes.
 A server following this version of the specification must not interpret this
 argument and must not propagate any value other than "+" for this parameter.
 It should be noted that whilst JOIN would not normally create a 
 channel or lower the timestamp, during specific conditions it can.  This 
 can create a desync that this specification does not rectify.
 - BMASK -
 	:<SID> BMASK <TS> <CHANNAME> <TYPE> :<MASKS>
 This command is used for bursting channel bans to a network.
 The <SID> field is the SID of the server bursting the bans.  The
 <TS> field is the channels current TS, <CHANNAME> is the channels
 name.  <TYPE> is a single character identifying the mode type (ie,
 for a ban 'b').  <MASKS> is a space delimited list of masks of the 
 given mode,limited only in length to the size of the buffer as defined 
 by RFC1459.
 A server receiving a BMASK must apply simple channel TS rules to the BMASK.
 A TS6 server must translate BMASKs into raw modes for non-TS6 
 capable servers.  This command must be used only after SJOIN has
 been sent for the given channel.
 It should be noted however, that a BMASK with a lower TS should
 not be possible without a desync, due to it being sent after
 SJOIN.
 - TMODE -
 	:<SID|UID> TMODE <TS> <CHANNAME> <MODESTRING>
 This command is used for clients issuing modes on a channel.
 <SID|UID> is either the UID of the client setting the mode, or the SID of
 the server setting the mode.  <TS> is the current TS of the channel, 
 <CHANNAME> is the channels name. <MODESTRING> is the raw mode the client is 
 setting.
 A server receiving a TMODE must apply simple channel TS rules to the TMODE.
 A TS6 server must translate MODEs issued by a local client, or received from
 a server into TMODE to send to other TS6 capable servers.
--- a/doc/features/tgchange.txt
+++ b/doc/features/tgchange.txt
@ -41,3 +41,6 @@ you are messaging that channel or a client within that channel.  The latter
 can be done explicitly using the CNOTICE and CPRIVMSG commands, see
 /quote help cnotice and /quote help cprivmsg, but is also implicit in a
 normal /msg, /notice or /invite.
 -- 
 $Id: tgchange.txt 6 2005-09-10 01:02:21Z nenolod $
--- a/extensions/.indent.pro
+++ b/extensions/.indent.pro
@ -0,0 +1 @@
 -i8 -bli0 -cs -ut -nsai -nsaw -nsaf -npcs -nprs -l100
--- a/extensions/Makefile.am
+++ b/extensions/Makefile.am
@ -1,77 +0,0 @@
 AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/librb/include $(LTDLINCL)
 AM_LDFLAGS  = -module -export-dynamic -avoid-version -no-undefined -shared
 AM_LDFLAGS += -export-symbols-regex _mheader
 LIBS += $(top_srcdir)/ircd/libircd.la
 extensiondir=@moduledir@/extensions
 extension_LTLIBRARIES =		\
  chantype_dummy.la		\
  chm_adminonly.la		\
  chm_operonly.la		\
  chm_insecure.la		\
  chm_nonotice.la		\
  chm_operpeace.la		\
  chm_regmsg.la			\
  chm_sslonly.la		\
  createauthonly.la		\
  createoperonly.la		\
  extb_account.la		\
  extb_canjoin.la		\
  extb_channel.la		\
 	extb_guest.la		\
  extb_hostmask.la		\
  extb_oper.la			\
  extb_server.la		\
  extb_ssl.la			\
  extb_realname.la		\
  extb_usermode.la		\
  extb_extgecos.la		\
  extb_combi.la			\
  force_user_invis.la		\
  helpops.la			\
  hurt.la			\
  invite_notify.la		\
  ip_cloaking.la		\
  ip_cloaking_old.la		\
  ip_cloaking_3.0.la		\
  ip_cloaking_4.0.la		\
  override.la			\
  override_kick_immunity.la	\
  restrict-unauthenticated.la	\
  sno_channelcreate.la		\
  sno_farconnect.la		\
  sno_globalnickchange.la	\
  sno_globaloper.la		\
  umode_noctcp.la		\
  m_adminwall.la		\
  m_echotags.la			\
  m_extendchans.la		\
  m_findforwards.la		\
  m_identify.la			\
  m_locops.la			\
  m_mkpasswd.la			\
  m_ojoin.la			\
  m_okick.la			\
  m_omode.la			\
  m_opme.la			\
  m_sendbans.la			\
  m_shedding.la			\
  m_webirc.la			\
  m_remove.la			\
  hide_uncommon_channels.la	\
  no_kill_services.la		\
  no_locops.la			\
  no_oper_invis.la		\
  sasl_usercloak.la		\
  drain.la			\
  identify_msg.la		\
  cap_realhost.la		\
  invex_regonly.la		\
  umode_hide_idle_time.la	\
  cap_oper.la			\
  example_module.la
 if HAVE_HYPERSCAN
    extension_LTLIBRARIES += filter.la
 endif
--- a/extensions/Makefile.in
+++ b/extensions/Makefile.in
@ -0,0 +1,131 @@
 #
 # Makefile.in for ircd/contrib
 #
 # $Id: Makefile.in 3522 2007-07-06 07:48:28Z nenolod $
 #
 CC		= @CC@
 RM		= @RM@
 SED             = @SED@
 LEX		= @LEX@
 LEXLIB		= @LEXLIB@
 CFLAGS		= @IRC_CFLAGS@ -DIRCD_PREFIX=\"@prefix@\"
 PICFLAGS	= @PICFLAGS@
 MKDEP		= @MKDEP@
 INSTALL		= @INSTALL@
 INSTALL_PROGRAM	= @INSTALL_PROGRAM@
 INSTALL_DATA	= @INSTALL_DATA@
 INSTALL_SUID    = @INSTALL_PROGRAM@ -o root -m 4755
 SHELL		= /bin/sh
 prefix          = @prefix@
 exec_prefix     = @exec_prefix@
 libdir          = @libdir@
 pkglibdir       = @pkglibdir@
 moduledir       = @moduledir@
 PACKAGE_TARNAME = @PACKAGE_TARNAME@
 AUTOMODULEDIR	= $(moduledir)/extensions
 SSL_LIBS	= @SSL_LIBS@
 SSL_INCLUDES	= @SSL_INCLUDES@
 IRCDLIBS	= @LIBS@ $(SSL_LIBS)
 INCLUDES	= -I. -I../include -I../libratbox/include $(SSL_INCLUDES)
 CPPFLAGS	= ${INCLUDES} @CPPFLAGS@
 SRCS =                          \
  chm_adminonly.c		\
  chm_operonly.c		\
  chm_operonly_compat.c		\
  chm_nonotice.c		\
  chm_quietunreg_compat.c	\
  chm_sslonly.c			\
  chm_sslonly_compat.c		\
  createauthonly.c		\
  createoperonly.c		\
  extb_account.c		\
  extb_canjoin.c		\
  extb_channel.c		\
  extb_hostmask.c		\
  extb_oper.c			\
  extb_server.c			\
  extb_ssl.c			\
  extb_realname.c		\
  extb_usermode.c		\
  extb_extgecos.c		\
  extb_combi.c			\
  force_user_invis.c		\
  hurt.c			\
  ip_cloaking.c			\
  ip_cloaking_old.c		\
  ip_cloaking_3.0.c		\
  ip_cloaking_4.0.c		\
  override.c			\
  restrict-unauthenticated.c    \
  sno_farconnect.c		\
  sno_globalkline.c		\
  sno_globaloper.c		\
  sno_whois.c			\
  m_42.c			\
  m_adminwall.c			\
  m_findforwards.c		\
  m_identify.c			\
  m_mkpasswd.c                  \
  m_ojoin.c			\
  m_okick.c			\
  m_omode.c			\
  m_opme.c			\
  m_sendbans.c			\
  m_webirc.c			\
  m_remove.c			\
  m_roleplay.c			\
  hide_uncommon_channels.c	\
  no_kill_services.c		\
  no_locops.c			\
  no_oper_invis.c		\
  spy_admin_notice.c		\
  spy_info_notice.c		\
  spy_links_notice.c		\
  spy_motd_notice.c		\
  spy_stats_notice.c            \
  spy_stats_p_notice.c		\
  spy_trace_notice.c		\
  example_module.c
 OBJS = ${SRCS:.c=.so}
 default:	build
 build: all
 all: $(OBJS)
 install: all
 	-@if test ! -d $(DESTDIR)$(AUTOMODULEDIR); then \
                mkdir $(DESTDIR)$(AUTOMODULEDIR); \
        fi
 	@echo "Installing modules into $(DESTDIR)$(AUTOMODULEDIR) .."
 	@for file in $(OBJS); do \
 		$(INSTALL_DATA) $$file $(DESTDIR)$(AUTOMODULEDIR); \
 	done
 .SUFFIXES: .so
 .c.so:
 	${CC} ${PICFLAGS} ${CPPFLAGS} ${CFLAGS} ${LDFLAGS} $< -o $@
 .PHONY: depend clean distclean
 depend:
 	@${MKDEP} ${CPPFLAGS} ${SRCS} > .depend
 	@sed s/\\\.o/\\\.so/ < .depend > .depend.tmp
 	@sed -e '/^# DO NOT DELETE THIS LINE/,$$d' <Makefile >Makefile.depend
 	@echo '# DO NOT DELETE THIS LINE!!!' >>Makefile.depend
 	@echo '# make depend needs it.' >>Makefile.depend
 	@cat .depend.tmp >>Makefile.depend
 	@mv Makefile.depend Makefile
 	@rm -f .depend.tmp .depend
 clean:
 	${RM} -f *.so *~ 
 distclean: clean
 	${RM} -f Makefile
--- a/extensions/README
+++ b/extensions/README
@ -1,6 +1,8 @@
-This directory contains extensions (modules) to solanum ircd that
+$Id: README 1622 2006-06-04 03:01:05Z beu $
 This directory contains extensions (modules) to charybdis ircd that
 have been contributed by other people, or written by our development
-team.
+team.  Unsupported extensions live under unsupported/.
 Modules
@ -11,6 +13,9 @@ createauthonly.c - Only allow authenticated (identified) users to create
 ip_cloaking.c  - Cloak (spoof) the host for users that have umode +h.
 m_42.c         - The Answer to Life, the Universe, and Everything.
                 Syntax: 42
 m_adminwall.c  - Sends a message to all admins network-wide (umode +a)
                 Syntax: ADMINWALL :<message>
@ -79,7 +84,6 @@ extb_account.so  - Account bans (+b $a[:mask])
 extb_canjoin.so  - Banned from another channel (+b $j:mask)
 extb_channel.so  - Other-channel bans (+b $c:mask)
 extb_extgecos.so - Extended ban (+b $x:mask)
 extb_guest.so    - Unidentified bans (+b $g:mask)
 extb_oper.so     - Oper bans (+b $o)
 extb_realname.so - Realname (gecos) bans (+b $r:mask)
 extb_server.so   - Server bans (+b $s:mask)
--- a/extensions/cap_oper.c
+++ b/extensions/cap_oper.c
@ -1,147 +0,0 @@
 /*
 *  Copyright (C) 2021 David Schultz <me@zpld.me>
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 */
 #include <stdinc.h>
 #include <modules.h>
 #include <capability.h>
 #include <s_conf.h>
 #include <s_serv.h>
 #include <s_newconf.h>
 #include <client.h>
 #include <msgbuf.h>
 static char cap_oper_desc[] = "Provides the solanum.chat/oper capability";
 static bool cap_oper_oper_visible(struct Client *);
 static void cap_oper_outbound_msgbuf(void *);
 static void cap_oper_umode_changed(void *);
 static void cap_oper_cap_change(void *);
 static unsigned CLICAP_OPER;
 static unsigned CLICAP_OPER_AUSPEX;
 static unsigned CLICAP_OPER_JUSTOPER;
 static unsigned CLICAP_OPER_NORMAL;
 static struct ClientCapability capdata_oper_oper = {
 	.visible = cap_oper_oper_visible,
 };
 mapi_cap_list_av2 cap_oper_caps[] = {
 	{ MAPI_CAP_CLIENT, "solanum.chat/oper", NULL, &CLICAP_OPER },
 	{ MAPI_CAP_CLIENT, "?oper_auspex", &capdata_oper_oper, &CLICAP_OPER_AUSPEX },
 	{ MAPI_CAP_CLIENT, "?oper_justoper", &capdata_oper_oper, &CLICAP_OPER_JUSTOPER },
 	{ MAPI_CAP_CLIENT, "?oper_normal", &capdata_oper_oper, &CLICAP_OPER_NORMAL },
 	{ 0, NULL, NULL, NULL },
 };
 mapi_hfn_list_av1 cap_oper_hfnlist[] = {
 	{ "outbound_msgbuf", cap_oper_outbound_msgbuf, HOOK_NORMAL },
 	{ "umode_changed", cap_oper_umode_changed, HOOK_MONITOR },
 	{ "cap_change", cap_oper_cap_change, HOOK_MONITOR },
 	{ NULL, NULL, 0 },
 };
 static bool
 cap_oper_oper_visible(struct Client *client)
 {
 	return false;
 }
 static void
 cap_oper_outbound_msgbuf(void *data_)
 {
 	hook_data *data = data_;
 	struct MsgBuf *msgbuf = data->arg1;
 	if (data->client == NULL || !IsPerson(data->client))
 		return;
 	if (IsOper(data->client))
 	{
 		/* send all oper data to auspex */
 		msgbuf_append_tag(msgbuf, "solanum.chat/oper", data->client->user->opername, CLICAP_OPER_AUSPEX);
 		if (HasPrivilege(data->client, "oper:hidden") || ConfigFileEntry.hide_opers)
 			/* these people aren't allowed to see hidden opers */
 			return;
 		msgbuf_append_tag(msgbuf, "solanum.chat/oper", data->client->user->opername, CLICAP_OPER_JUSTOPER);
 		msgbuf_append_tag(msgbuf, "solanum.chat/oper", NULL, CLICAP_OPER_NORMAL);
 	}
 }
 static inline void
 update_clicap_oper(struct Client *client)
 {
 	/* clear out old caps */
 	client->localClient->caps &= ~CLICAP_OPER_AUSPEX;
 	client->localClient->caps &= ~CLICAP_OPER_JUSTOPER;
 	client->localClient->caps &= ~CLICAP_OPER_NORMAL;
 	if (client->localClient->caps & CLICAP_OPER && HasPrivilege(client, "auspex:oper"))
 	{
 		/* if the client is an oper with auspex, let them see everything */
 		client->localClient->caps |= CLICAP_OPER_AUSPEX;
 	}
 	else if (client->localClient->caps & CLICAP_OPER && IsOper(client))
 	{
 		/* if the client is an oper, let them see other opers */
 		client->localClient->caps |= CLICAP_OPER_JUSTOPER;
 	}
 	else if (client->localClient->caps & CLICAP_OPER)
 	{
 		/* if the client is a normal user, let them see opers
 		   provided that server wide oper hiding is not enabled */
 		client->localClient->caps |= CLICAP_OPER_NORMAL;
 	}
 }
 static void
 cap_oper_umode_changed(void *data_)
 {
 	hook_data_umode_changed *data = data_;
 	if (!MyClient(data->client))
 		return;
 	update_clicap_oper(data->client);
 }
 static void
 cap_oper_cap_change(void *data_)
 {
 	hook_data_cap_change *data = data_;
 	update_clicap_oper(data->client);
 }
 static int
 modinit(void)
 {
 	rb_dlink_node *ptr;
 	RB_DLINK_FOREACH(ptr, lclient_list.head)
 	{
 		struct Client *client = ptr->data;
 		update_clicap_oper(client);
 	}
 	return 0;
 }
 DECLARE_MODULE_AV2(cap_oper, modinit, NULL, NULL, NULL, cap_oper_hfnlist, cap_oper_caps, NULL, cap_oper_desc);
--- a/extensions/cap_realhost.c
+++ b/extensions/cap_realhost.c
@ -1,124 +0,0 @@
 /*
 *  Copyright (C) 2020 Ed Kellett
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 */
 #include <stdinc.h>
 #include <modules.h>
 #include <capability.h>
 #include <s_serv.h>
 #include <s_newconf.h>
 #include <client.h>
 #include <msgbuf.h>
 static char cap_realhost_desc[] = "Provides the solanum.chat/realhost oper-only capability";
 static bool cap_oper_realhost_visible(struct Client *);
 static void cap_realhost_outbound_msgbuf(void *);
 static void cap_realhost_umode_changed(void *);
 static void cap_realhost_cap_change(void *);
 static unsigned CLICAP_REALHOST;
 static unsigned CLICAP_OPER_REALHOST;
 static struct ClientCapability capdata_oper_realhost = {
 	.visible = cap_oper_realhost_visible,
 };
 mapi_cap_list_av2 cap_realhost_caps[] = {
 	{ MAPI_CAP_CLIENT, "solanum.chat/realhost", NULL, &CLICAP_REALHOST },
 	{ MAPI_CAP_CLIENT, "?oper_realhost", &capdata_oper_realhost, &CLICAP_OPER_REALHOST },
 	{ 0, NULL, NULL, NULL },
 };
 mapi_hfn_list_av1 cap_realhost_hfnlist[] = {
 	{ "outbound_msgbuf", cap_realhost_outbound_msgbuf, HOOK_NORMAL },
 	{ "umode_changed", cap_realhost_umode_changed, HOOK_MONITOR },
 	{ "cap_change", cap_realhost_cap_change, HOOK_MONITOR },
 	{ NULL, NULL, 0 },
 };
 static bool
 cap_oper_realhost_visible(struct Client *client)
 {
 	return false;
 }
 static void
 cap_realhost_outbound_msgbuf(void *data_)
 {
 	hook_data *data = data_;
 	struct MsgBuf *msgbuf = data->arg1;
 	if (data->client == NULL || !IsPerson(data->client))
 		return;
 	if (!IsIPSpoof(data->client) && !EmptyString(data->client->sockhost) && strcmp(data->client->sockhost, "0"))
 	{
 		msgbuf_append_tag(msgbuf, "solanum.chat/ip", data->client->sockhost,
 				IsDynSpoof(data->client) ? CLICAP_OPER_REALHOST : CLICAP_REALHOST);
 	}
 	if (!EmptyString(data->client->orighost))
 		msgbuf_append_tag(msgbuf, "solanum.chat/realhost", data->client->orighost, CLICAP_OPER_REALHOST);
 }
 static inline void
 update_clicap_oper_realhost(struct Client *client)
 {
 	client->localClient->caps &= ~CLICAP_OPER_REALHOST;
 	if (client->localClient->caps & CLICAP_REALHOST && HasPrivilege(client, "auspex:hostname"))
 	{
 		client->localClient->caps |= CLICAP_OPER_REALHOST;
 	}
 }
 static void
 cap_realhost_umode_changed(void *data_)
 {
 	hook_data_umode_changed *data = data_;
 	if (!MyClient(data->client))
 		return;
 	update_clicap_oper_realhost(data->client);
 }
 static void
 cap_realhost_cap_change(void *data_)
 {
 	hook_data_cap_change *data = data_;
 	update_clicap_oper_realhost(data->client);
 }
 static int
 modinit(void)
 {
 	rb_dlink_node *ptr;
 	RB_DLINK_FOREACH(ptr, lclient_list.head)
 	{
 		struct Client *client = ptr->data;
 		update_clicap_oper_realhost(client);
 	}
 	return 0;
 }
 DECLARE_MODULE_AV2(cap_realhost, modinit, NULL, NULL, NULL, cap_realhost_hfnlist, cap_realhost_caps, NULL, cap_realhost_desc);
--- a/extensions/chantype_dummy.c
+++ b/extensions/chantype_dummy.c
@ -1,30 +0,0 @@
 /* dummy channel type (>): just a global channel type */
 #include "stdinc.h"
 #include "modules.h"
 #include "client.h"
 #include "ircd.h"
 #include "supported.h"
 static const char chantype_desc[] = "Secondary global channel type (>)";
 static int _modinit(void);
 static void _moddeinit(void);
 DECLARE_MODULE_AV2(chantype_dummy, _modinit, _moddeinit, NULL, NULL, NULL, NULL, NULL, chantype_desc);
 static int
 _modinit(void)
 {
 	CharAttrs['>'] |= CHANPFX_C;
 	chantypes_update();
 	return 0;
 }
 static void
 _moddeinit(void)
 {
 	CharAttrs['>'] &= ~CHANPFX_C;
 	chantypes_update();
 }
--- a/extensions/chm_adminonly.c
+++ b/extensions/chm_adminonly.c
@ -10,13 +10,10 @@
 #include "numeric.h"
 #include "chmode.h"
-static const char chm_adminonly_desc[] =
+static void h_can_join(hook_data_channel *);
 	"Enables channel mode +A that blocks non-admins from joining a channel";
 static void h_can_join(void *);
 mapi_hfn_list_av1 adminonly_hfnlist[] = {
-	{ "can_join", h_can_join },
+	{ "can_join", (hookfn) h_can_join },
 	{ NULL, NULL }
 };
@ -38,12 +35,11 @@ _moddeinit(void)
 	cflag_orphan('A');
 }
-DECLARE_MODULE_AV2(chm_adminonly, _modinit, _moddeinit, NULL, NULL, adminonly_hfnlist, NULL, NULL, chm_adminonly_desc);
+DECLARE_MODULE_AV1(chm_adminonly, _modinit, _moddeinit, NULL, NULL, adminonly_hfnlist, "$Revision$");
 static void
-h_can_join(void *data_)
+h_can_join(hook_data_channel *data)
 {
 	hook_data_channel *data = data_;
 	struct Client *source_p = data->client;
 	struct Channel *chptr = data->chptr;
--- a/Show more
+++ b/Show more
`@ -1,2 +1,2 @@`
	`This is solanum MOTD you might replace it, but if not your friends will`	`This is charybdis MOTD you might replace it, but if not your friends will`
	`laugh at you.`	`laugh at you.`
		`@ -0,0 +1 @@`
							`-i8 -bli0 -cs -ut -nsai -nsaw -nsaf -npcs -nprs -l100`