This patch fixes unsetting of channel user mode "+a" (channel admin)
and adds a better error message: without this patch, a channel admin is
unable to unset this mode.
This closes bug #142.
This closes bug #109.
* bug109-CHARCONV:
Debian: require "telnet" or "telnet-ssl" for building
Debian ngircd-full[-dbg]: enable CHARCONV
Add "CHARCONV" to "feature string" when enabled
Implement new IRC+ "CHARCONV" command
Added new configure option "--with-iconv"
Conflicts:
src/ngircd/messages.h
Both modes protect users from channel kicks: only IRC operators and
servers can kick users having mode "q" or in channels with mode "Q".
Original patch by DNS777 <dns@rbose.org>, thanks!
This closes bug #141.
Patches from Federico G. Schwindt, thanks!
(cherry picked from commit a44b7126227ba1118ec02b399e31b08102af5e8c
and 6fbe9583753b2620da275676cde46a89cb4d06c2)
Allow users to "cloak" their hostname only when the configuration
variable "CloakHostModeX" (introduced in 19.2) is set. Otherwise, only
IRC opertators, other servers, and services are allowed to set mode +x.
This prevents regular users from changing their hostmask to the name
of the IRC server itself, which confused quite a few people ;-)
This fixes bug #133.
If disabled, IRC operators don't become channel operators in persistent
channels when joining. Enabled by default, which has been the behavior
of ngIRCd up to this patch.
Closes bug #135.
(Cosmetic fixes by Alex.)
As long as 'MorePrivacy' isn't enabled in the configuration file, local
IRC operators can see secret (+s) channels when using the LIST command.
Closes bug #136.
* automake-am11-am12:
autogen.sh: detect automake version format a.b.c and a.b
configure.ng: don't require GIT tree to detect version string
Include .mailmap file in distribution archives
Include all build-system files into distribution archives
Change build system to support new and old GNU automake
By Alexander Barton (5) and Sebastian Köhler (2)
* bug92-xop:
Fix NAMES/WHO response when client has multi-prefix
Fix prefix of "halfop" when "multi-prefix" is active
Clean up doc/.gitignore
doc/Modes.txt: add version number to new channel modes
Fix some "whitespace glitches"
Tests and documentation for xop
Implemented xop support
Conflicts (because of "multi-prefix fix"):
src/ngircd/irc-info.c
This fixes bug #92 "ngircd does not support XOP usermodes".
Starting with GNU automake 1.12, the "de-ANSI-fication support" has been
removed, which ngIRCd used to enable building itself on very old systems.
Now the problem is, that using automake >= 1.12 isn't working because of
the now unsupported M4 macros. Therefore the solution that this patch
implements is to dynamically generate the automake input files with our
own ./autogen.sh script:
configure.ng => configure.in
Makefile.ng => Makefile.am
This is quite an ugly approach, but it works and enables us to:
1. use current automake >= 1.12 for development and "private builds",
2. still build distribution archives using automake 1.11.x that have
"de-ANSI-fication support" enabled in the generated Makefile's.
And if you are using Makefile's generated with a automake version newer
than 1.11.x (without "de-ANSI-fication support"), the ./configure script
warns you not to use this generated build system to generate distribution
archives.
Drawback of this patch: you MUST use our autogen.sh script, you can't call
the autoconf/automake commands directly any more; but autoreconf should
still work ...
With this patch, the SSL subsystem will only be initialized if at least
one SSL ports is configured; so you won't get "SSL initialization failed"
messages if you didn't configured it at all.
And if SSL initialization fails, no SSL listen ports will be enabled
later which never could establish a working SSL connection at all ...
Update GNU autoconf and automake infrastructure.
Tested on modern systems as well as Apple A/UX :-)
* autoconf-update:
AUTOMAKE_OPTIONS: fix ansi2knr option, include path
Don't use AC_FUNC_MALLOC and AC_FUNC_REALLOC
Make our own targets "silent", if enabled
configure.in: use AC_CHECK_{FUNCS|HEADERS}_ONCE
Updated config.{guess|sub} to version 2012-08-14
Make autogen.sh more verbose when VERBOSE=1 is set
configure.in: use AC_SEARCH_LIBS (not AC_CHECK_LIB)
configure.in: use AS_HELP_STRING macro
configure.in: use AC_CANONICAL_HOST (not AC_CANONICAL_TARGET)
configure.in: inttypes.h is an optional header file
Use HAVE_SETSID #define when testing for setsid()
Don't include <stdint.h>, it is included by "portab.h"
Don't check type.h availability, it is required
configure.in: Use AC_CONFIG_FILES macro
configure.in: Don't use AC_C_PROTOTYPES
configure.in: Update checks for required and optional features
configure.in: require autoconf 2.67 and automake 1.11
configure.in: sort some lists (templates, output, ...)
This fixes the following warning message when building without SSL support:
conn.c: In function "New_Connection":
conn.c:1365: warning: unused parameter "IsSSL"
Introduced by commit 01b62202.
* 'xop' of https://github.com/kart0ffelsack/ngircd:
Tests and documentation for xop
Implemented xop support
Conflicts (because of merge of the 'cmode-M' branch):
src/ngircd/channel.c
src/ngircd/defines.h
src/ngircd/messages.h
ngIRCd is a long-running process and changes its working directory to "/" to
not block mounted filesystems and the like when running as daemon ("not in the
foreground"); therefore the path to the configuration file must be relative to
"/" (or the chroot() directory), which basically is "not relative", to ensure
that "kill -HUP" and the "REHASH" command work as expected later on.
This fixes parts of bug #127.
It makes no sense to limit the list size when doing WHO for a channel
and not to return all the users in that channel, so I removed the check.
But if there are more than MAX_RPL_WHO(25) replies, the client requesting
the list will be "penalized" one second more (then 2 in total).
This fixes bug #125.
Some systems, notably FreeBSD 4.x, do have the kqueue() function but
lack the definition of EV_SET() in their header files -- but don't
worry, we can #define it on our own ;-)
Definition taken from /usr/include/sys/event.h of FreeBSD 8.1.
Patch tested on FreeBSD 4.1 by Götz Hoffart. Thanks!
Conn_StartLogin() is called after the connection has been established and
fully innitialized, including the SSL handshake, for example.
Up to this patch, the "NoticeAuth" option broke the SSL handshake ...
This numeric is sent to the client each time it changes its displayed
hostname using "MODE +/-x", and if "CloakHost" is set right after the
MOTD has been sent.
Not only cloak the hostname in Client_MaskCloaked(), but also in
Client_HostnameCloaked() -- so move the actual cloaking to this function
and call it in Client_MaskCloaked() to get the (cloaked) hostname.
This fixes USERHOST not displaying the correctly cloaked hostname,
for example.
This patch series allows ngIRCd to support the user mode "B" ("Bot flasg"):
it is settable and unsettable by every (non-restricted) client.
According to DNS777, this is how Unreal and InspIRCd do behave, so do we :-)
By Alexander Barton (1) and DNS777 (1)
* umode-B:
Add new user mode "B" to doc/Modes.txt
Implement an Unreal-like user mode "B" ("Bot mode")
By Alexander Barton (2) and DNS777 (1)
* cmode-M:
Add new channel mode "M" to doc/Modes.txt
Remove Can_Send_To_Channel_Identified()
Implement channel mode "M"
Two fixes here: IRC_Send_NAMES was checking the capability of the
wrong client when responding, and it didn't return any prefix for
clients that had either +v or +o but not both.
By Alexander Barton (1) and DNS777 (1)
* better-chan-errors:
Remove unused ERR_CANNOTSENDTOCHAN2_MSG message
Add some more information to channel error numerics
This patch series converts the statically allocated password buffer in the
CLIENT structure into a dynamically (and only when needed) allocated buffer
which is referenced by the CONNECTION structure.
This a) saves memory for clients not using passwords at all and b) allows
for "arbitrarily" long passwords.
By Brett Smith (5) and Alexander Barton (2).
* 'move-connection-password' of git://arthur.barton.de/ngircd-alex:
Login_User(): use "conn" insted of calling Client_Conn(Client)
Free already saved password when storing a new one
Indentation and style fixes.
Connection password is not constant.
Implementation clean-ups.
Dynamically allocate memory for connection password.
Move client password from the Client to the Connection struct.
The "ServiceMask" variable in "Server" blocks now can handle more than
one mask using the new MatchCaseInsensitiveList() function.
This makes marking "service clients" much more specific, which is a
good thing per se, but which is the prerequisite for reasonably
blocking these nick names, too (see commit a6dd2e3 for details).
This patch introduces the new function Conf_NickIsBlocked() which checks
if a given nick name matches with the "service mask" of a configured server.
And Client_CheckNick() uses this information to deny such names for regular
IRC users.
So nick names intended for IRC services are more protected and can't be used
by regular users even when the "services pseudo-server" isn't connected to
the network.
But please note:
Up to now, there can be only one "ServiceMask" pattern per server, which
most probably blocks much more nick names than really required ...
So "ServiceMask" should allow more than one pattern which can be more
specific, and most probably it should be possible to block nick names in
the global server configuration as well.
Nick names introduced by other servers/services are never restricted.
This is a relatively naive implementation, basically doing the bare minimum
necessary to make the switchover go. Subsequent commits can focus on
improving the implementation.
3 new channel user modes have been added.
Half Op: +h(Prefix: %) can set the channel modes +imntvIbek
and kick all +v and normal users.
Admin: +a(Prefix: &) can set channel modes +imntvIbekoRsz and kick all
+o, +h, +v and normal users.
Owner: +q(Prefix: ~) can set channel modes +imntvIbekoRsz and kick all
+a, +o, +h, +v and normal users
Implemented support for hashed hostnames for CloakHost. The admin can
use '%x' in both the CloakHost and CloakHostModeX setting. The config
option CloakHostModeX was renamed to CloakHostSalt. This salt is used
for both cloaking options.
CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.
Spelling fix in defines.h
Don't try to establish an outgoing server link after DNS lookup when this
server re-connected on its own in the meantime.
In addition, log a warning message if we try to update the connection
index of an already connected server structure -- and ignore it.
Up to now, both behaviour could lead to a race when the remote server
connects to this daemon while it still prepares the outgoing connection:
- The local server prepares the new outgoing connection ...
- in the meantime the remote server becomes connected and registered.
- Now the new outgoing connection overwrites the (correct) socket handle,
- then the 2nd connection becomes disconnected: "already registered",
- and the 1st connection becomes unhandled ("gets lost") because the
configuration structure is reset because of the wrong socket handle.
This patch hopefully fixes all these problems.
Only alphanumeric characters are allowed in the user name, so ignore
all IDENT replies that would violate this rule and use the one supplied
by the USER command.
Only alphanumeric characters are allowed in the user name, so terminate
the connection if any "strage" characters have been supplied by the user.
This is how other IRC daemons (like ircd2.11 and ircd-seven) behave ...
This fixes the following warnings with GCC 4.4.5 on Linux:
irc-login.c: In function ‘IRC_PASS’:
irc-login.c:92: warning: implicit declaration of function ‘strlen’
irc-login.c:92: warning: incompatible implicit declaration of built-in function ‘strlen’
irc-login.c:113: warning: incompatible implicit declaration of built-in function ‘strlen’
irc-login.c:129: warning: implicit declaration of function ‘strchr’
irc-login.c:129: warning: incompatible implicit declaration of built-in function ‘strchr’
irc-login.c:133: warning: implicit declaration of function ‘strcmp’
irc-login.c: In function ‘IRC_SERVICE’:
irc-login.c:556: warning: incompatible implicit declaration of built-in function ‘strchr’
login.c: In function ‘Login_User’:
login.c:131: warning: implicit declaration of function ‘strcmp’
* capabilities:
"multi-prefix" capability 2/2: adjust NAME and WHO handlers
"multi-prefix" capability 1/2: implement complete CAP infrastructure
IRC_Send_NAMES(): Code cleanup
New function Client_CapSet() in addition to Client_Cap{Add|Del}
"CAP REQ" starts capability negotiation and delays user registration
Correctly handle "CAP END", new client type CLIENT_WAITCAPEND
Implement core IRC capability handling and "CAP" command
New "login" source file
Introduce_Client() => Client_Introduce(), and move it to client.c
Now ngIRCd is able to handle "CAP LS", "CAP REQ", "CAP LIST", and
"CAP CLEAR" commands.
"multi-prefix" can be set/unset, but has no functionality - yet!
This fixes the following warning of clang:
/src/ngircd/lists.c:152:44:
warning: size argument in 'strlcpy' call appears to be size of the
source; expected the size of the destination [-Wstrlcpy-strlcat-size]
But it isn't a real problem, because the size of the source always is the
same than the size of the destination ...
This patch implements the core functions to support "IRC Capabilities"
and the IRC "CAP" command as used by other servers and specified here:
<http://www.leeh.co.uk/draft-mitchell-irc-capabilities-02.html>.
It enables ngIRCd to support the defined handshake, but it doesn't
implement any capabilities, so "CAP LS" and "CAP LIST" always return
the empty set and "CAP REQ ..." always fails with "CAP NAK".
Rename Hello_User[_PostAuth] to Login_User[_PostAuth] and move it to the
new login.c; and move cb_Read_Auth_Result(), too. This will enable further
code to easily call Login_User() when required.
Up to now, ngIRCd silently ignored permission denied errors when trying
to enable a chroot setup: only the "not running chrooted" message became
logged later on.
This patch lets ngIRCd exit with a fatal error when the chroot can't
be enabled on startup -- this is the much safer bevahiour!
This fixes the following warning with gcc 4.6.3.:
irc-mode.c: In function "Channel_Mode":
irc-mode.c:947:26: error: "list" may be used uninitialized
in this function
irc-mode.c:884:25: error: "list" may be used uninitialized
in this function
(The variable has never been used uninitialized, so don't worry)
When
* building the ngircd Debian package (on Linux at least) and
* using the sbuild build system,
the command "ps -af" does not include the commands running inside the
sbuild system. Therefore, start-server.sh will report a fail as getpid.sh
cannot not find the ./T-ngircd1 just started although it's actually
running. This results in a funny build log ...
starting server 1 ... failure!
FAIL: start-server1
running connect-test ... ok.
PASS: connect-test
The self-test of getpid.sh however will likely succeed as it's happy if
it sees any process with "sh" somewhere in the name. Things go downhill
from there.
The confusing things are:
* The alternative cowbuilder/pbuilder does not have this problem.
* The alternative usage "ps ax" does fine.
So, as a quick hack, the patch attached adds another switch to getpid.sh.
Start "regular" logging not until the configuration file has been read in
and "SyslolgFacility" is set, and log all configuration errors using the
generic "daemon" facility.
So if there are no configuration errors, logging starts right after parsing
the configuration and we log the configuration file used _after_ reading it.
But this is no problem because every configuration error message includes
the configuration file name as well.
(The "double hello" has been introduced by commit 3641e51109)
Syslog logging has been initialized before reading the configuraton
file, so ngIRCd always used the default facility and ignored the
"SyslogFacility" configuration option.
Thanks to Patrik Schindler for reporting this issue!
This patch updates the limits for handling commands from a remote server:
- "<user count> / 5 + <min>" using "<min>=10" during normal operation,
- the above count multiplied with 5 while servers are syncing.
The intention is to a) make the limit dependent of the number of users
in the network (the more users, the more commands required to sync) and
b) to significantly rise this limit while servers are joining the network
to make the login and synchronization faster.
At the end of sending all "state" to the remote server, a PING command
is sent to request a PONG reply. Until then, no "regual" PING was sent,
so Conn_LastPing(<connection>) is null and now becomes non-null in the
PONG command handler.
So the servers are still synchronizing when Conn_LastPing(<connection>)
is 0, which could easily be tested.
The numeric RPL_WHOISHOST_MSG(378) returns the DNS hostname (if
available) and the IP address of a client in the WHOIS reply.
Only the user itself and local IRC operators get this numeric.
This allows to use "*!<user>@<host>" or "*!*@<host>" masks to reject
clients even before receiving PASS, NICK and USER commands and before
forking authentication child processes which reduces resource usage.
This allows a channel operator to define exception masks that allow users
to join the channel even when a "ban" would match and prevent them from
joining: the exception list (e) overrides the ban list (b).
If the target user of a PRIVMSG or NOTICE command has the user mode 'C'
set, it is required that both sender and receiver are on the same channel.
This prevents private flooding by completely unknown clients.
