1
0
mirror of https://github.com/osmarks/ngircd.git synced 2025-01-19 12:02:52 +00:00
Commit Graph

458 Commits

Author SHA1 Message Date
Christoph Biedl
817937b218 Support for server certificate validation on server links [S2S-TLS]
This patch provides code to validate the server certificate in
server links, defeating nasty man-in-the-middle attacks on server
links.

Features:

- Check whether the certificate is signed by a trusted certificate
  authority (CA).
- Check the host name, including wildcard certificates and Subject
  Alternative Names.
- Optionally check against a certificate revocation list (CRL).
- Implementation for both OpenSSL and GnuTLS linkage.

Left for another day:

- Parameterize the TLS parameter of an outbound connection. Currently,
  it's hardcoded to disable all versions before TLSv1.1.
- Using certificate as CA-certificate. They work for GnuTLS only but
  perhaps this should rather raise an error there, too.
- Optional OCSP checking.
- Checking client certificates. Code is there but this first needs some
  consideration about the use cases. This could replace all other
  authentication methods, for both client-server and server-server
  connections.

This patch is based on a patch by Florian Westphal from 2009, which
implemented this for OpenSSL only:

  From: Florian Westphal <fw@strlen.de>
  Date: Mon, 18 May 2009 00:29:02 +0200
  Subject: SSL/TLS: Add initial certificate support to OpenSSL backend

Commit message modified by Alex Barton.

Closes #120, "Server links using TLS/SSL need certificate validation".
Supersedes PR #8, "Options for verifying and requiring SSL client
certificates", which had (incomplete?) code for OpenSSL, no GnuTLS.
2024-03-23 20:19:01 +01:00
Alexander Barton
c1c0bca0e2 QuickStart.md: Tweak the text a bit ... 2024-03-17 22:42:19 +01:00
Alexander Barton
934f3a0d88 Add a Dockerfile and documentation to the project 2024-03-17 22:42:15 +01:00
Alexander Barton
c0b8b94550 Streamline the "testsuite" and "srcdoc" make targets 2024-02-10 00:22:33 +01:00
Alexander Barton
39eccffa32 Doxygen: Update the footer links 2024-02-05 14:03:42 +01:00
Alexander Barton
6fb8022949 Migrate info from INSTALL.md into doc/QuickStart.md
Move most information regarding configuring ngIRCd into the
doc/QuickStart.md document, only describe building and installing ngIRCd
in the INSTALL.md file. Don't duplicate content!

Add references where this makes sense.
2024-01-21 20:15:47 +01:00
Alexander Barton
b4c8e74ccb Use a default "IncludeDir" only when no config file was specified
No longer use a default built-in value for the "IncludeDir" directive
when a configuration file was explicitly specified on the command line
using "--config"/"-f": This way no default include directory is scanned
when a possibly non-default configuration file is used which
(intentionally) did not specify an "IncludeDir" directive.

With this patch you now can use "-f /dev/null" for checking all built-in
defaults, regardless of any local configuration files in the default
drop-in directory (which would have been read in until this change).
2024-01-21 20:15:47 +01:00
Alexander Barton
3ab6c85284 Add an introduction and generic info to doc/QuickStart.md 2024-01-21 14:21:57 +01:00
Alexander Barton
bb8b6f0fba Make the description of the "Info" option more precise
The "Info" option in the "[Global]" section is optional (so comment it
out in the sample configuration file) and set to the server software
name and its version when not set (so add this information to the sample
configuration file and the ngircd.conf(5) manual page).
2024-01-21 01:20:46 +01:00
Alexander Barton
3c39094b52 Deduce a server name when not set in the configuration
The server "Name" in the "[Global]" section of the configuration file is
optional now: When not set (or empty), ngIRCd now tries to deduce a
valid IRC server name from the local host name ("node name"), possibly
adding a ".host" extension when the host name does not contain a dot
(".") which is required in an IRC server name ("ID").

This new behaviour, with all configuration parameters now being
optional, allows running ngIRCd without any configuration file at all.
2024-01-21 01:20:46 +01:00
Alexander Barton
e339d9c381 Convert the AUTHORS file to Markdown 2024-01-20 16:43:54 +01:00
Alexander Barton
5413518586 Convert the FAQ to Markdown and enhance it! 2024-01-11 15:12:54 +01:00
Alexander Barton
a5de81e489 QuickStart.md: Update title and fix Markdown syntax 2024-01-11 15:11:56 +01:00
Alexander Barton
0061394d7f 2024 =:) 2024-01-11 15:11:56 +01:00
Alexander Barton
30ba325dde Various fixes and enhancements for the "Autojoin" patch
- Bring sample-ngircd.conf and ngircd.conf.5 description in line.
- Fix configuration parsing, it always showed the 'Unknown variable
  "Autojoin"' error message, even when everything was perfectly fine.
- And fix a build error (at least on macOS with Apple Clang 14):
    login.c:234:3: error: call to undeclared function 'IRC_JOIN'; ISO
    C99 and later do not support implicit function declarations
    [-Wimplicit-function-declaration]
       IRC_JOIN(Client, &Req);
       ^
  The #include for the "irc.channel.h" header was missing!
- Remove a unused variable that caused a compiler warning:
    login.c:222:12: warning: unused variable 'n' [-Wunused-variable]
       size_t i, n, channel_count = array_length(&Conf_Channels, sizeof(*conf_chan));
                 ^
- Add a explicit cast to fix a compiler warning:
    login.c:235:15: warning: assigning to 'char *' from 'const char[51]'
    discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
       Req.argv[0] = conf_chan->name;
                   ^ ~~~~~~~~~~~~~~~
2023-09-17 19:56:07 +02:00
Ivan Agarkov
cfd7d4288e Channel autojoin functionality 2023-09-16 12:40:33 +02:00
Alexander Barton
3b70f4ba0c 2023! 2023-08-03 14:22:53 +02:00
Alexander Barton
79ffa9132b 2022 =:)
Happy new year!
2022-01-01 16:05:09 +01:00
Alexander Barton
3675c7567c Enhance documentation a bit, add doc/QuickStart.md
And this file could well be expanded!
2021-12-30 20:01:44 +01:00
Alexander Barton
97ffec3d64 doc/HowToRelease.txt: "dist-tarZ" and "dist-xz" make targets can't be combined 2021-10-31 13:41:20 +01:00
Alexander Barton
dc832cd348 Update Platforms.txt
- Add aarch64/apple/darwin (Apple CLang 12.0.0)
- Add x86_64/unknown/openbsd6.7 (gcc 4.2.1)

Thanks to Götz Hoffart <goetz@hoffart.de>
2021-01-01 20:03:58 +01:00
Alexander Barton
2ff76d7f48 2021! :-)
Happy new year!
2021-01-01 15:38:26 +01:00
Alexander Barton
5ccdb26885 FAQ.txt: There is no "CVS" anymore, we use Git! 2020-11-28 21:22:34 +01:00
Alexander Barton
6e382889a3 Update Platforms.txt
- Update powerpc/apple/darwin8.11.0 (gcc 4.0.1)
- Add x86_64/apple/darwin19.6.0 (Apple clang 12.0.0)
- Add x86_64/unknown/freebsd12.1 (FreeBSD clang 8.0.1)
- Update x86_64/pc/linux-gnu (gcc 8.3.0)
- Add x86_64/unknown/netbsd9.0 (gcc 7.4.0)
- Add x86_64/unknown/openbsd6.6 (gcc 4.2.1)
- Add x86_64/unknown/openbsd6.6 (OpenBSD clang 8.0.1)

Thanks to Götz Hoffart <goetz@hoffart.de> for the PowerPC test!
2020-10-20 21:48:16 +02:00
xnaas
0ae158a492 Fixed Atheme Links
.org and not .net
2020-08-04 13:44:58 +02:00
Alexander Barton
c55a832806 Update NEWS, ChangeLog and doc/Platforms.txt files 2020-06-11 17:13:06 +02:00
Alexander Barton
3dedd57f7f Add AppStream metadata file: contrib/de.barton.ngircd.metainfo.xml 2020-06-11 17:11:15 +02:00
Alexander Barton
07cb8ed9ae Don't send invalid CHANINFO commands when no key is set
It can happen that a channel is +k, but no key is set: for example by
misconfiguring a pre-defined channel. In this case, ngIRCd sent an
invalud CHANINFO command ("CHANINFO #test +Pk  0 :'", note the unset
key represented by the two spaces) to its peers.

Fix this and enhance the CHANINFO documentation.
2020-06-11 16:45:30 +02:00
Alexander Barton
e889de9d92 Tweak & update doc/HowToRelease.txt a bit ... 2020-05-10 00:14:04 +02:00
Alexander Barton
bc22f41c51 Platforms.txt: Add x86_64/apple/darwin19.0.0
- Add x86_64/apple/darwin19.0.0 (Apple clang 11.0)
2020-05-07 17:53:13 +02:00
Alexander Barton
d11f13f187 Update Platforms.txt
- Update powerpc/apple/darwin8.11.0 (gcc 4.0.1)
- Add mips/sgi/irix6.5 (SGI C compiler)
- Add mipsel/unknown/netbsd8.0 (gcc 5.5.0)

Thanks to Götz Hoffart <goetz@hoffart.de>!
2020-05-07 17:52:51 +02:00
sam_c
1fc54ebef1
Makefile.am: Replace make with ${MAKE} (#270)
Fixes warnings such as:
"warning: jobserver unavailable: using -j1. Add `+' to parent make rule."

Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
2020-04-20 19:29:16 +02:00
Alexander Barton
9c5e42458e Update documentation to reflect "[Channel]->Modes" changes
No longer mention "[Channel]->Key" and "[Channel]->MaxUsers".
2020-03-29 23:17:21 +02:00
Alexander Barton
61ac8be2fd Convert INSTALL and README files to Markdown
This requires some changes to the build system, for example to comply
with the expectations of the GNU autoconf/automake tools ...
2020-03-29 22:33:51 +02:00
Alexander Barton
f5fa7db4ba 2020! 2020-01-21 22:02:40 +01:00
Alexander Barton
e954b59d41 Fix some typos (documentation files, ngircd.conf manual page, ...)
Spotted by Étienne Mollier <etienne.mollier@mailoo.org> and Christoph
Biedl <debian.axhn@manchmal.in-ulm.de>, see Debian bug #932462
(https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932462). Thank you!
2019-07-21 16:23:07 +02:00
Alexander Barton
13122bc97d Fix and extend documentation a little bit
- Fix syntax of LINKS amd LIST commands.
- Whitespace and spelling fixes.
- Add some more information about IRCv3 support.
2019-06-29 16:02:18 +02:00
Alexander Barton
1d4f80b422 Platforms.txt: Add and update systems
- Update x86_64/apple/darwin16.5.0 (Apple clang 8.1)
- Add x86_64/apple/darwin17.7.0 (Apple clang 10.0)
- Add x86_64/apple/darwin18.2.0 (Apple clang 10.0)
- Add x86_64/unknown/haiku (gcc 7.3)
- Update x86_64/pc/linux-gnu (gcc 6.3.0)
2019-01-23 22:45:07 +01:00
shankari
fe01ef9a51 Fix documentation of MotdPhrase length (#254)
The max length is actually 126 (< 127), since the check errors out if
length >= 127. See
<https://github.com/ngircd/ngircd/blob/master/src/ngircd/conf.c#L1487>.

I didn't look through the history to see when the change happened. I
just happened to find during a migration that my 140 character MOTD
didn't work.

Update sample configuration file as well as the man page.
2019-01-03 14:06:01 +01:00
Alexander Barton
96bad2b861 2019! 2019-01-02 00:10:06 +01:00
Alexander Barton
456eea6f18
Implement new configuration option "MaxPenaltyTime" (#251)
This option configures the maximum penalty time increase in seconds, per
penalty event. Set to -1 for no limit (the default), 0 to disable
penalties altogether. ngIRCd doesn't use penalty increases higher than 2
seconds during normal operation, so values higher than 1 rarely make
sense.

Disabling (or reducing) penalties can greatly speed up "make check" runs
for example, see below, but are mostly a debugging feature and normally
not meant to be used on production systems!

Some example timings running "make check" from my macOS workstation:

- MaxPenaltyTime not set: 4:41,79s
- "MaxPenaltyTime = 1":   3:14,71s
- "MaxPenaltyTime = 0":     25,46s

Closes #249.
2018-11-28 14:13:09 +01:00
Alexander Barton
a38eea8987 Update doc/Protocol.txt for IRCv3 WEBIRC extension
See commit d0f9d3d92.
2018-10-07 23:55:30 +02:00
Alexander Barton
bb4101cd6c Update HowToRelease.txt: Include the website 2018-09-01 01:48:17 +02:00
Alexander Barton
e29e15ca27 Platforms.txt: Add and update systems
- Update x86_64/unknown/freebsd10.0 (FreeBSD clang 3.3)
- Add x86_64/unknown/freebsd10.3 (FreeBSD clang 3.4)
- Update i386/pc/solaris2.11 (gcc 4.8.2)
- Add mipsel/openwrt/linux-uclibc (gcc 4.8) [cross-compiler]
- Add x86_64/pc/linux-gnu (gcc 5.4.0) [Win10/WSL]
- Platforms.txt: Update "pre-ANSI compiler" foot note.

Thanks to Götz Hoffart <goetz@hoffart.de>!
2018-08-29 23:05:45 +02:00
Alexander Barton
34bdb0d98a 2018! 2018-02-09 22:02:21 +01:00
Alexander Barton
bc728f92de Update HowToRelease.txt
- Freshmeat is no more, and
- GitHub issues doesn't allow us to configure "releases".
2017-03-12 22:25:08 +01:00
Alexander Barton
2f6f6929d8 Services.txt: Show Atheme "name" in example configuration 2017-02-20 23:29:40 +01:00
Alexander Barton
f244ab2219 Services.txt: Show ngIRCd "Name" in example configuration 2017-02-20 23:06:47 +01:00
Alexander Barton
b2ba3e745a Platforms.txt: Add and update systems
- Update i386/unknown/freebsd7.3 (gcc 4.2.1)
- Update i386/unknown/netbsdelf4.0 (gcc 4.1.2)
- Update x86_64/apple/darwin16.3.0 (Apple clang 8.0)
- Update x86_64/unknown/freebsd8.4 (gcc 4.2.1)
- Update x86_64/pc/linux-gnu (gcc 4.4.5)
- Update x86_64/pc/linux-gnu (gcc 4.8.4)
- Update x86_64/pc/linux-gnu (gcc 4.9.2)
- Update x86_64/pc/linux-gnu (gcc 6.2.1)
- Add x86_64/pc/linux-gnu (gcc 6.3.1)
2017-01-20 19:12:05 +01:00
Alexander Barton
2bb917f05a 2017! 2017-01-15 22:07:11 +01:00