1
0
mirror of https://github.com/osmarks/ngircd.git synced 2024-10-30 13:56:15 +00:00
Commit Graph

2055 Commits

Author SHA1 Message Date
Alexander Barton
e01e8f1cb6 Merge branch 'recognize-umode-R'
By Alexander Barton (1) and DNS777 (1)

* recognize-umode-R:
  Only allow IRC services to modify user mode "R"
  Recognize user mode "R"
2012-08-27 23:21:28 +02:00
Alexander Barton
186ab51137 Only allow IRC services to modify user mode "R" 2012-08-27 23:20:32 +02:00
Alexander Barton
74be904018 ngt_RandomStr(): : make it buildable with pre-ANSI C compilers 2012-08-27 22:42:52 +02:00
Alexander Barton
298cd9a327 Get_CAP_String(): make it buildable with pre-ANSI C compilers 2012-08-27 22:42:04 +02:00
Alexander Barton
414bfe65eb Enhance "NOTICE AUTH": show hostname and IDENT reply 2012-08-27 22:05:55 +02:00
Alexander Barton
c519ba9920 Merge branch 'cmode-M'
By Alexander Barton (2) and DNS777 (1)

* cmode-M:
  Add new channel mode "M" to doc/Modes.txt
  Remove Can_Send_To_Channel_Identified()
  Implement channel mode "M"
2012-08-27 21:22:58 +02:00
Alexander Barton
fee591b759 Remove Can_Send_To_Channel_Identified()
Move the functionality directly into Can_Send_To_Channel() function.
There should be no functional change ...
2012-08-27 21:15:12 +02:00
Brian Collins
16f94546f5 Fix NAMES response when client has multi-prefix
Two fixes here: IRC_Send_NAMES was checking the capability of the
wrong client when responding, and it didn't return any prefix for
clients that had either +v or +o but not both.
2012-08-27 16:23:57 +01:00
Alexander Barton
55859c1bef Merge branch 'better-chan-errors'
By Alexander Barton (1) and DNS777 (1)

* better-chan-errors:
  Remove unused ERR_CANNOTSENDTOCHAN2_MSG message
  Add some more information to channel error numerics
2012-08-26 19:42:08 +02:00
Alexander Barton
bcefdef1ea Merge branch 'move-connection-password' of git://arthur.barton.de/ngircd-alex
This patch series converts the statically allocated password buffer in the
CLIENT structure into a dynamically (and only when needed) allocated buffer
which is referenced by the CONNECTION structure.

This a) saves memory for clients not using passwords at all and b) allows
for "arbitrarily" long passwords.

By Brett Smith (5) and Alexander Barton (2).

* 'move-connection-password' of git://arthur.barton.de/ngircd-alex:
  Login_User(): use "conn" insted of calling Client_Conn(Client)
  Free already saved password when storing a new one
  Indentation and style fixes.
  Connection password is not constant.
  Implementation clean-ups.
  Dynamically allocate memory for connection password.
  Move client password from the Client to the Connection struct.
2012-08-26 19:14:29 +02:00
Alexander Barton
f79d41e927 Login_User(): use "conn" insted of calling Client_Conn(Client) 2012-08-26 19:11:44 +02:00
Alexander Barton
1680ea02da Free already saved password when storing a new one
This shouldn't happen (clients aren't allowed to send more than one PASS
command), but who knows ...
2012-08-26 19:07:38 +02:00
DNS777
1aaf54ac24 Implement channel mode "M"
Only the server, identified users and IRC operators are able to talk.
2012-08-26 16:40:49 +02:00
Alexander Barton
a5984c702a Remove unused ERR_CANNOTSENDTOCHAN2_MSG message 2012-08-26 16:15:44 +02:00
DNS777
9a82304ae9 Add some more information to channel error numerics 2012-08-26 16:14:40 +02:00
DNS777
c2b39fdede Implement an Unreal-like user mode "B" ("Bot mode") 2012-08-26 15:58:37 +02:00
DNS777
8349a1c0d9 Recognize user mode "R"
This allows users to unset the user mode "R".
2012-08-26 15:30:49 +02:00
Alexander Barton
360a254be0 Enhance "ServiceMask" to handle a list of masks
The "ServiceMask" variable in "Server" blocks now can handle more than
one mask using the new MatchCaseInsensitiveList() function.

This makes marking "service clients" much more specific, which is a
good thing per se, but which is the prerequisite for reasonably
blocking these nick names, too (see commit a6dd2e3 for details).
2012-08-26 13:24:54 +02:00
Alexander Barton
ab1fcebeff New function MatchCaseInsensitiveList() to check list of patterns 2012-08-26 13:11:45 +02:00
Alexander Barton
a6dd2e33c2 Block nicknames that are reserved for services
This patch introduces the new function Conf_NickIsBlocked() which checks
if a given nick name matches with the "service mask" of a configured server.
And Client_CheckNick() uses this information to deny such names for regular
IRC users.

So nick names intended for IRC services are more protected and can't be used
by regular users even when the "services pseudo-server" isn't connected to
the network.

But please note:

Up to now, there can be only one "ServiceMask" pattern per server, which
most probably blocks much more nick names than really required ...
So "ServiceMask" should allow more than one pattern which can be more
specific, and most probably it should be possible to block nick names in
the global server configuration as well.

Nick names introduced by other servers/services are never restricted.
2012-08-26 12:33:21 +02:00
Alexander Barton
9d8974d509 Rename Conf_IsService() to Conf_NickIsService() 2012-08-26 12:27:51 +02:00
Alexander Barton
037b4b76df Check_Connections(): code cleanup 2012-08-26 12:04:40 +02:00
Brett Smith
be97fa8ab1 Indentation and style fixes. 2012-08-23 14:18:15 -04:00
Brett Smith
164954a788 Connection password is not constant.
Saying otherwise makes a warning when we assign this to
conv.appdata_ptr in pam.c.
2012-08-23 13:59:17 -04:00
Brett Smith
c1d7f6216f Implementation clean-ups.
* Have Conn_Password return an empty string when no password has been set,
  to play better with pam.c.

* Use strdup in Conn_SetPassword.
2012-08-23 12:24:34 -04:00
Brett Smith
7df4c12da9 Dynamically allocate memory for connection password. 2012-08-23 12:12:15 -04:00
Brett Smith
0d5de60584 Move client password from the Client to the Connection struct.
This is a relatively naive implementation, basically doing the bare minimum
necessary to make the switchover go.  Subsequent commits can focus on
improving the implementation.
2012-08-23 11:07:08 -04:00
Alexander Barton
922540306e ngt_RandomStr(): Add implicit cast to "unsigned".
This fixes the following warning of Xcode 4.5:

 src/tool/tool.c:150:19:
  Implicit conversion loses integer precision: 'long' to 'unsigned int'
2012-08-18 12:34:11 +02:00
Alexander Barton
d48e440a72 Fix a buffer overflow when initializing the random salt for "+x"
This "off by one" buffer overflow has been introduced in commit 49385a98,
"Implemented hashed cloaked hostnames for +x".
2012-08-16 23:51:28 +02:00
Sebastian Köhler
097c72aa65 Tests and documentation for xop 2012-08-06 04:42:20 +02:00
Sebastian Köhler
7b01bb833f Implemented xop support
3 new channel user modes have been added.

Half Op: +h(Prefix: %) can set the channel modes +imntvIbek
and kick all +v and normal users.

Admin: +a(Prefix: &) can set channel modes +imntvIbekoRsz and kick all
+o, +h, +v and normal users.

Owner: +q(Prefix: ~) can set channel modes +imntvIbekoRsz and kick all
+a, +o, +h, +v and normal users
2012-08-06 04:42:09 +02:00
Alexander Barton
cfd0bddc30 Fix compiler warning when not building with ZLIB support
This fixes:

 irc.c: In function ‘Option_String’:
 irc.c:333:9: error: variable ‘options’ set but not used
2012-08-06 01:35:56 +02:00
Sebastian Köhler
d0bb185cf5 Hashed hostnames for CloakHost
Implemented support for hashed hostnames for CloakHost. The admin can
use '%x' in both the CloakHost and CloakHostModeX setting. The config
option CloakHostModeX was renamed to CloakHostSalt. This salt is used
for both cloaking options.
2012-08-03 04:10:11 +02:00
Sebastian Köhler
49385a98b2 Implemented hashed cloaked hostnames for +x
CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.

Spelling fix in defines.h
2012-08-03 04:09:37 +02:00
Alexander Barton
7b6b492bdd Rename "CloakModeHost" option to "CloakHostModeX" 2012-06-09 01:58:40 +02:00
Christoph Biedl
aa7db2c0e9 Introduce new configuration option "CloakModeHost"
This closes bug #124.
2012-06-09 01:58:25 +02:00
Alexander Barton
684e50f0a4 Correctly handle asynchronously re-established server links
Don't try to establish an outgoing server link after DNS lookup when this
server re-connected on its own in the meantime.
In addition, log a warning message if we try to update the connection
index of an already connected server structure -- and ignore it.

Up to now, both behaviour could lead to a race when the remote server
connects to this daemon while it still prepares the outgoing connection:

 - The local server prepares the new outgoing connection ...
 - in the meantime the remote server becomes connected and registered.
 - Now the new outgoing connection overwrites the (correct) socket handle,
 - then the 2nd connection becomes disconnected: "already registered",
 - and the 1st connection becomes unhandled ("gets lost") because the
   configuration structure is reset because of the wrong socket handle.

This patch hopefully fixes all these problems.
2012-06-09 01:03:48 +02:00
Alexander Barton
4a90959cb5 Log a debug message when SIGUSR2 is handled 2012-06-08 22:08:52 +02:00
Alexander Barton
e7e47e77a3 NoticeAuth: Fix test if IDENT reply has been invalid
This fixes

 conn.c: In function ‘cb_Read_Resolver_Result’:
 conn.c:2252: warning: comparison between pointer and integer
2012-06-02 00:32:19 +02:00
Alexander Barton
695df6532e IDENT reply: only allow alphanumeric characters in user name
Only alphanumeric characters are allowed in the user name, so ignore
all IDENT replies that would violate this rule and use the one supplied
by the USER command.
2012-06-02 00:24:53 +02:00
Alexander Barton
6680b536c4 USER command: only allow alphanumeric characters in user name
Only alphanumeric characters are allowed in the user name, so terminate
the connection if any "strage" characters have been supplied by the user.

This is how other IRC daemons (like ircd2.11 and ircd-seven) behave ...
2012-06-01 23:57:51 +02:00
Alexander Barton
c0d059cd0e Change wording of "TLS initialized" message
Don't use the word "socket" to identify the connection number, but use the
word "connection" like on all the other messages logged.
2012-05-23 17:12:31 +02:00
Alexander Barton
7faa3ed7d6 Pidfile_Create(): Don't leak file descriptor on error path
Detected by cppcheck:
 [src/ngircd/ngircd.c:502]: (error) Resource leak: pidfd
2012-05-22 13:31:08 +02:00
Alexander Barton
5e5377a063 Numeric 005 (ISUPPORT), CHANMODES: add missing mode "r" 2012-05-01 13:42:57 +02:00
Alexander Barton
a8aa8c6cbc irc-cap.c: mark arguments of Handle_CAP_ACK() as "unused"
This fixes

 irc-cap.c: In function ‘Handle_CAP_ACK’:
 irc-cap.c:163: warning: unused parameter ‘Client’
 irc-cap.c:163: warning: unused parameter ‘Arg’
2012-04-29 12:39:28 +02:00
Alexander Barton
f01b09ce84 irc-login.c, login.c: add missing include of "string.h"
This fixes the following warnings with GCC 4.4.5 on Linux:

 irc-login.c: In function ‘IRC_PASS’:
 irc-login.c:92: warning: implicit declaration of function ‘strlen’
 irc-login.c:92: warning: incompatible implicit declaration of built-in function ‘strlen’
 irc-login.c:113: warning: incompatible implicit declaration of built-in function ‘strlen’
 irc-login.c:129: warning: implicit declaration of function ‘strchr’
 irc-login.c:129: warning: incompatible implicit declaration of built-in function ‘strchr’
 irc-login.c:133: warning: implicit declaration of function ‘strcmp’
 irc-login.c: In function ‘IRC_SERVICE’:
 irc-login.c:556: warning: incompatible implicit declaration of built-in function ‘strchr’
 login.c: In function ‘Login_User’:
 login.c:131: warning: implicit declaration of function ‘strcmp’
2012-04-29 12:36:23 +02:00
Alexander Barton
76565022fb Merge branch 'capabilities'
* capabilities:
  "multi-prefix" capability 2/2: adjust NAME and WHO handlers
  "multi-prefix" capability 1/2: implement complete CAP infrastructure
  IRC_Send_NAMES(): Code cleanup
  New function Client_CapSet() in addition to Client_Cap{Add|Del}
  "CAP REQ" starts capability negotiation and delays user registration
  Correctly handle "CAP END", new client type CLIENT_WAITCAPEND
  Implement core IRC capability handling and "CAP" command
  New "login" source file
  Introduce_Client() => Client_Introduce(), and move it to client.c
2012-04-28 00:49:37 +02:00
Alexander Barton
4602cb9891 "multi-prefix" capability 2/2: adjust NAME and WHO handlers
The NAME and WHO commands now return multiple usermode prfixes when
the "multi-prefix" capability is in effect for the requesting client.

See <http://ircv3.atheme.org/extensions/multi-prefix-3.1>
2012-04-28 00:39:21 +02:00
Alexander Barton
1d7e99531a "multi-prefix" capability 1/2: implement complete CAP infrastructure
Now ngIRCd is able to handle "CAP LS", "CAP REQ", "CAP LIST", and
"CAP CLEAR" commands.

"multi-prefix" can be set/unset, but has no functionality - yet!
2012-04-28 00:36:41 +02:00
Alexander Barton
f0a9dbe3ad IRC_Send_NAMES(): Code cleanup 2012-04-28 00:20:42 +02:00
Alexander Barton
245782897b New function Client_CapSet() in addition to Client_Cap{Add|Del} 2012-04-27 23:56:56 +02:00
Alexander Barton
2327b17656 "CAP REQ" starts capability negotiation and delays user registration
New helper function Set_CAP_Negotiation().
2012-04-27 22:47:22 +02:00
Alexander Barton
d67d077a71 Fix 8ec17063: "Lists_Add(): use size of destination when copying data"
Thanks to Florian Westphal for spotting my silliness ...
2012-04-18 17:54:54 +02:00
Alexander Barton
8ec17063a6 Lists_Add(): use size of destination when copying data
This fixes the following warning of clang:

/src/ngircd/lists.c:152:44:
 warning: size argument in 'strlcpy' call appears to be size of the
 source; expected the size of the destination [-Wstrlcpy-strlcat-size]

But it isn't a real problem, because the size of the source always is the
same than the size of the destination ...
2012-04-17 12:54:38 +02:00
Alexander Barton
da4c1ebe81 Correctly handle "CAP END", new client type CLIENT_WAITCAPEND 2012-03-31 16:37:31 +02:00
Alexander Barton
bd3a7ccb15 Implement core IRC capability handling and "CAP" command
This patch implements the core functions to support "IRC Capabilities"
and the IRC "CAP" command as used by other servers and specified here:
<http://www.leeh.co.uk/draft-mitchell-irc-capabilities-02.html>.

It enables ngIRCd to support the defined handshake, but it doesn't
implement any capabilities, so "CAP LS" and "CAP LIST" always return
the empty set and "CAP REQ ..." always fails with "CAP NAK".
2012-03-31 15:59:06 +02:00
Alexander Barton
edfcc2f9d5 New "login" source file
Rename Hello_User[_PostAuth] to Login_User[_PostAuth] and move it to the
new login.c; and move cb_Read_Auth_Result(), too. This will enable further
code to easily call Login_User() when required.
2012-03-31 15:38:46 +02:00
Alexander Barton
ee362b3bd2 Introduce_Client() => Client_Introduce(), and move it to client.c 2012-03-31 15:24:30 +02:00
Alexander Barton
67bd1bf34f Makefiles: list each source files on a separate line
Patches that add/remove source files become much nicer this way :-)
2012-03-31 12:52:58 +02:00
Alexander Barton
88c3d4896a Don't ignore "permission denied" errors when enabling chroot
Up to now, ngIRCd silently ignored permission denied errors when trying
to enable a chroot setup: only the "not running chrooted" message became
logged later on.

This patch lets ngIRCd exit with a fatal error when the chroot can't
be enabled on startup -- this is the much safer bevahiour!
2012-03-28 11:30:48 +02:00
Alexander Barton
0d9740b9fa Fix gcc warning, initialize "list" variable to NULL
This fixes the following warning with gcc 4.6.3.:

  irc-mode.c: In function "Channel_Mode":
  irc-mode.c:947:26: error: "list" may be used uninitialized
                     in this function
  irc-mode.c:884:25: error: "list" may be used uninitialized
                     in this function

(The variable has never been used uninitialized, so don't worry)
2012-03-12 22:27:55 +01:00
Alexander Barton
17ffda1c8a Fix typo: recieved -> received
Thanks to Christoph Biedl.
2012-03-12 09:47:19 +01:00
Christoph Biedl
257fe922d2 getpid.sh: Fix testcase error for Debian using sbuild
When

 * building the ngircd Debian package (on Linux at least) and
 * using the sbuild build system,

the command "ps -af" does not include the commands running inside the
sbuild system. Therefore, start-server.sh will report a fail as getpid.sh
cannot not  find the ./T-ngircd1 just started although it's actually
running. This results in a funny build log ...

         starting server 1 ... failure!
   FAIL: start-server1
         running connect-test ... ok.
   PASS: connect-test

The self-test of getpid.sh however will likely succeed as it's happy if
it sees any process with "sh" somewhere in the name. Things go downhill
from there.

The confusing things are:

  * The alternative cowbuilder/pbuilder does not have this problem.
  * The alternative usage "ps ax" does fine.

So, as a quick hack, the patch attached adds another switch to getpid.sh.
2012-03-03 18:53:03 +01:00
Alexander Barton
1068f88377 Don't log "ngIRCd hello message" two times
Start "regular" logging not until the configuration file has been read in
and "SyslolgFacility" is set, and log all configuration errors using the
generic "daemon" facility.

So if there are no configuration errors, logging starts right after parsing
the configuration and we log the configuration file used _after_ reading it.
But this is no problem because every configuration error message includes
the configuration file name as well.

(The "double hello" has been introduced by commit 3641e51109)
2012-03-02 09:41:13 +01:00
Alexander Barton
c38751191f Don't accept "[SSL]" in config when no SSL support is built in 2012-02-26 15:52:12 +01:00
Alexander Barton
5cbdcf4f0d Fix C syntax: duplicate ";;" should be ";"
Using gcc 2.7.2, this fixes:

 irc-channel.c: In function `join_allowed':
 irc-channel.c:86: parse error before `const'
2012-02-26 15:27:04 +01:00
Alexander Barton
3641e51109 Correctly re-open syslog logging after reading of configuration
Syslog logging has been initialized before reading the configuraton
file, so ngIRCd always used the default facility and ignored the
"SyslogFacility" configuration option.

Thanks to Patrik Schindler for reporting this issue!
2012-02-14 11:01:13 +01:00
Alexander Barton
3f46e93ccc Logging: remove "Activating ..." info message 2012-02-14 10:32:58 +01:00
Alexander Barton
391aa8d1f7 Fix forwarding of LIST commands
Bug reported by Cahata, thanks!
2012-02-12 13:51:43 +01:00
Alexander Barton
c16133c5ee New_Connection(): don't set the client hostname twice
Setting the hostname twice doesn't do much harm a lot, but isn't elegant.
And for IPv6 addresses, it isn't correct the first time (missing []) ...
2012-01-25 17:11:44 +01:00
Alexander Barton
4888984429 Client_SetHostname(): Code cleanup, more debug logging 2012-01-25 17:11:00 +01:00
Florian Westphal
44bb22d23e io: use define for number of possible events 2012-01-24 22:25:22 +01:00
Florian Westphal
c7dd5ea0ba io: remove outer do {} while loops for epoll/kqueue/devpoll backends
simplifies things a bit. io_dispatch() is called repeatedly from the
main loop.
2012-01-24 21:57:23 +01:00
Alexander Barton
871760583c Enhance server command limits
This patch updates the limits for handling commands from a remote server:

 - "<user count> / 5 + <min>" using "<min>=10" during normal operation,
 - the above count multiplied with 5 while servers are syncing.

The intention is to a) make the limit dependent of the number of users
in the network (the more users, the more commands required to sync) and
b) to significantly rise this limit while servers are joining the network
to make the login and synchronization faster.
2012-01-24 02:55:53 +01:00
Alexander Barton
bc20f9ec10 Send a PING at the end of the server sync to detect it
At the end of sending all "state" to the remote server, a PING command
is sent to request a PONG reply. Until then, no "regual" PING was sent,
so Conn_LastPing(<connection>) is null and now becomes non-null in the
PONG command handler.

So the servers are still synchronizing when Conn_LastPing(<connection>)
is 0, which could easily be tested.
2012-01-24 02:46:12 +01:00
Alexander Barton
5a200e1543 New function Conn_UpdatePing() to update the "ping timestamp" 2012-01-24 02:44:57 +01:00
Alexander Barton
d2df7396a8 Conn_UpdateIdle(): Code cleanup 2012-01-24 02:43:55 +01:00
Alexander Barton
3d27073d61 RPL_ISUPPORT_MSG(005): add "EXCEPTS=e INVEX=I"
Thanks to Cahata for the idea!
2012-01-23 22:07:40 +01:00
Alexander Barton
b6f19ea8fe Fix "MAXLIST=beI:50": the limit is the sum of all lists
"Modes which are specified in the same pair share the same maximum size",
so "beI:50" means a total of 50 entries, regardless of the list.

See <http://www.irc.org/tech_docs/draft-brocklesby-irc-isupport-03.txt>,
thanks to Cahata for reporting this!
2012-01-23 21:51:38 +01:00
Alexander Barton
594fdd02aa New RPL_WHOISHOST_MSG(378): show hostname and IP address
The numeric RPL_WHOISHOST_MSG(378) returns the DNS hostname (if
available) and the IP address of a client in the WHOIS reply.

Only the user itself and local IRC operators get this numeric.
2012-01-22 22:41:39 +01:00
Alexander Barton
6a308fcb42 New function Conn_GetIPAInfo(): get IP address of a connection 2012-01-22 22:35:27 +01:00
Alexander Barton
1537c79132 G/K-Lines: only add and delete valid IRC masks 2012-01-22 18:53:16 +01:00
Alexander Barton
e0c9931ad8 Check G/K-Lines before the client has been registered, too
This allows to use "*!<user>@<host>" or "*!*@<host>" masks to reject
clients even before receiving PASS, NICK and USER commands and before
forking authentication child processes which reduces resource usage.
2012-01-22 18:35:54 +01:00
Alexander Barton
eba95bb0d2 Streamline handling of connection rejects (bad password, G/K-line)
- Use Client_Reject(), get rid of Reject_Client().
 - Refactor Class_IsMember() to Class_GetMemberReason(),
 - New function Class_HandleServerBans().
2012-01-22 18:33:45 +01:00
Alexander Barton
51a6a33056 New function Client_Reject() to reject clients on connect 2012-01-22 18:17:28 +01:00
Alexander Barton
6e28f4a7d1 New function Lists_CheckReason() to get reason of list entries 2012-01-22 18:11:24 +01:00
Alexander Barton
73781c1b38 Fix ERR_{SUMMON|USERS}DISABLED: don't repeat command name in reply 2012-01-22 15:42:11 +01:00
Alexander Barton
f2fa1045e2 Implement channel exception list (mode 'e')
This allows a channel operator to define exception masks that allow users
to join the channel even when a "ban" would match and prevent them from
joining: the exception list (e) overrides the ban list (b).
2012-01-21 19:59:57 +01:00
Alexander Barton
33a165721b {Add|Del}_Ban_Invite > {Add_To|Del_From}_List(): more generic 2012-01-21 19:27:03 +01:00
Alexander Barton
a3a4b5f696 Rename ShowInvitesBans() to ShowChannelList(), make it more flexible 2012-01-21 13:48:31 +01:00
Alexander Barton
39412d6486 PRIVMSG/NOTICE: handle nick!user@host masks case-insensitive
And enhance our test suite to check this a little bit better :-)
2012-01-21 13:21:36 +01:00
Alexander Barton
c1656256df PRIVMSG/NOTICE: don't stop list processing on invalid target
Process further targets, even if one has been a server ID:
just skip this one with an error message and continue.
2012-01-16 12:37:37 +01:00
Alexander Barton
1f4711a547 Implement user mode 'C': require "same channel" to send message
If the target user of a PRIVMSG or NOTICE command has the user mode 'C'
set, it is required that both sender and receiver are on the same channel.

This prevents private flooding by completely unknown clients.
2012-01-16 11:43:22 +01:00
Alexander Barton
4d0069c3a8 New RPL_WHOISREGNICK_MSG(307) numeric: indicate if nick is registered 2012-01-16 02:18:24 +01:00
Alexander Barton
12c60a670e IRC_WHOIS_SendReply(): Code cleanup 2012-01-16 02:15:41 +01:00
Alexander Barton
2f7d0c0839 Limit channel invite and ban lists to 50 entries
- New function Lists_Count().
 - New limit #define MAX_HNDL_CHANNEL_LISTS = 50.
 - New numeric #define ERR_LISTFULL_MSG(478).
 - Adjust numeric RPL_ISUPPORT2_MSG(005) accordingly ("MAXLIST")
2012-01-16 00:29:36 +01:00
Alexander Barton
1afbf71236 Make Send_ListChange() a little bit more generic 2012-01-16 00:15:26 +01:00
Alexander Barton
7ed08f01ef Remove unused prototype of Lists_AlreadyRegistered()
This prototype has been introduced by commit fa7bb279 in 2006,
but as far as I can see, this function never existed ...
2012-01-15 19:46:00 +01:00
Alexander Barton
81cc5f82b5 Channel lists: Fix duplicate check and error messages
- Check correct list for duplicates when adding items.
 - Don't generate any messages when adding duplicates or removing
   non-existing items (this is how ircd-seven and ircu behave).
 - Code cleanup: Add_Ban_Invite(), Del_Ban_Invite().
2012-01-15 19:11:03 +01:00
Alexander Barton
78a3b4c7d6 Don't enforce MAX_HNDL_MODES_ARG on server and service links 2012-01-15 14:33:04 +01:00
Alexander Barton
d4d8102fc9 Don't stop join handling on faulty channel, skip it (part #2)
Commit 565523cb allowed processing of further channel names given to the
JOIN command when a single name was invalid.

After this patch, the JOIN command handler continues to process channel
name lists even after errors like "channel is full", "too many channels",
and the like and generates appropriate error messages for all the
channels given by the client.
2012-01-13 10:50:00 +01:00
Alexander Barton
77f68b4fd1 JOIN command: don't check channel limit if already member
Don't check the channel limit and don't report "too many channels"
when trying to join a channel that the client is already a member of.
2012-01-13 10:40:20 +01:00
Alexander Barton
2f8877ded4 Return ERR_UNKNOWNMODE(472) for unknown channel modes
The daemon reported ERR_UMODEUNKNOWNFLAG(501), which is wrong.
2012-01-09 23:18:39 +01:00
Alexander Barton
4bff3daf92 Numberic 005 (ISUPPORT), CHANMODES: add "O", "R", "z" modes 2012-01-09 12:34:55 +01:00
Alexander Barton
c5beca8aab Limit list replies of LIST, WHO, WHOIS, and MAX_RPL_WHOWAS
Introduce new #define's MAX_RPL_LIST(100), MAX_RPL_WHO(25),
MAX_RPL_WHOIS(10), and MAX_RPL_WHOWAS(25).
2012-01-06 20:06:25 +01:00
Alexander Barton
f8405b1a4f New function IRC_CheckListTooBig() to check size of list replies
It the limit is reached, a NOTICE is sent to the client and list
processing should stop.
2012-01-06 20:05:07 +01:00
Alexander Barton
fdfc27265e LIST command: compare pattern case insensitive 2012-01-06 19:55:21 +01:00
Alexander Barton
a4d1e6007f IRC_LIST(): Code cleanup 2012-01-06 19:54:23 +01:00
Alexander Barton
9260759cec DEFAULT_WHOWAS->DEF_RPL_WHOWAS; MAX_CMODES_ARG->MAX_HNDL_MODES_ARG
To streamline naming, in preparation for MAX_RPL_WHO and MAX_RPL_WHOWAS :-)
2012-01-06 18:57:31 +01:00
Alexander Barton
c2ac1ad3ba defines.h: Code cleanup and (a little bit) more documentation 2012-01-06 18:25:10 +01:00
Alexander Barton
470d2e2362 RPL_ISUPPORT (numeric 005): Report MODES=<MAX_CMODES_ARG>
"Maximum number of channel modes with parameter allowed per MODE command."
See <http://www.irc.org/tech_docs/005.html> for details.
2012-01-06 17:46:52 +01:00
Alexander Barton
888664435a Channel modes: really break handling when MAX_CMODES_ARG is hit
This fixes 98493077.
2012-01-06 17:43:20 +01:00
Alexander Barton
98493077a2 channel modes: only handle MAX_CMODES_ARG modes with arguments
Limit the MODE command to handle a maximum of MAX_CMODES_ARG (5) channel
modes that require an argument (+Ibkl) per call.

Please note: Further modes that require arguments are silently ignored
and end the handling of any further modes.
This is similar to the behavior of ircd2.11 (silently ignores but seems
to handle other modes) as well as ircd-seven (silently ignores but handles
some(!) other modes) ...
2012-01-06 17:27:29 +01:00
Alexander Barton
1fa2af5b3a Fix handling of channel mode sequence with/without arguments
For example, don't generate wrong error messages when handling
"MODE #chan +IIIIItn *!aa@b *!bb@c *!cc@d *!dd@e *!ee@f".
2012-01-06 17:24:55 +01:00
Alexander Barton
05cc9bf9b0 Conn_Write(): Make sure there is a client when detecting its type
The assert(client != NULL) got triggered during our tests, so there is
an error path that resulted in the connection being still established
(sock >= 0) but the client structure already freed.

So Conn_Write() should handle it!
2012-01-06 03:26:24 +01:00
Alexander Barton
cc06e1ff89 Proc_Close(): Only close socket if it is still valid
It could be invalid when calling Proc_Close() a 2nd time, for exmaple,
which could happen when we hit a timeout doing IDENT requests :-(
2012-01-06 02:26:04 +01:00
Alexander Barton
9fbf592924 WHOIS command: make sure matching is case-insensitive
And make sure that RPL_ENDOFWHOIS replies with the unmodified mask
like it has been received from the client.
2012-01-05 00:51:39 +01:00
Alexander Barton
adf92302bf WHOIS command: don't anser queries for IRC servers
Thanks to Cahata for spotting this!
2012-01-05 00:24:46 +01:00
Alexander Barton
566a451299 WHOIS command: make sure the reply ends with RPL_ENDOFWHOIS
Up to now, each reply for itself ended in RPL_ENDOFWHOIS and queries
for unknown nick names lacked the RPL_ENDOFWHOIS -- both is wrong.
2012-01-05 00:22:57 +01:00
Alexander Barton
5e3449a241 LINKS command: support <mask> parameter
The <mask> can be used to limit the servers shown in the listing.
2012-01-04 22:51:02 +01:00
Alexander Barton
762b0325df IRC_LINKS(): Code cleanup; more documentation 2012-01-04 22:49:18 +01:00
Alexander Barton
6b62a5ec4f Add 1 second penalty for every further target on PRIVMSG/NOTICE
This reduces the possibility of flooding channels with commands like
"PRIVMSG/NOTICE #a,#n,#c,... :message" a little bit.

Problem noticed by Cahata -- thanks!
2012-01-04 21:46:58 +01:00
Alexander Barton
b24d645ca1 Conn_SetPenalty(): Add new "penalty time" on each function call
Until now, the penalty time has only been set when longer as the
already set one, so it didn't accumulate.

And add documentation for and clean up code in Conn_SetPenalty() and
Conn_ResetPenalty() functions.
2012-01-04 21:39:46 +01:00
Alexander Barton
1bb2fbedcc Enhance log messages when setting user and group 2012-01-03 21:05:35 +01:00
Alexander Barton
3193d5477c NGIRCd_getNobodyID(): Code cleanup 2012-01-03 20:49:42 +01:00
Alexander Barton
edab86e0f8 Display correct error message when "Server{UID|GID}" is invalid
This partly closes bug #118. ngIRCd still starts up even when
Server{UID|GID} is invalid: then the daemon falls back to "nobody"
when running with root(0) privileges (as before).
2012-01-03 20:37:41 +01:00
Alexander Barton
e4006a93e3 NGIRCd_Init(): Code cleanup 2012-01-03 19:34:54 +01:00
Alexander Barton
9069380ddf main(): Code cleanup 2012-01-03 19:25:31 +01:00
Alexander Barton
5eb9f2e717 Update Copyright notices for 2012 2012-01-03 11:30:45 +01:00
Florian Westphal
abfc5c6e27 lists: don't crash if reason ptr is NULL
commit 15fec92ed7
(Update list item, if it already exists) can make ngircd
crash because 'Reason' can be NULL, as reported by
Cahata on the ngircd mailing list.

Doesn't affect any released ngircd versions.

Also, make sure that we do not pass NULL as arguments
to a '%s' printf-like function.
2012-01-02 23:43:13 +01:00
Alexander Barton
565523cbb4 Don't stop join handling on faulty channel, skip it
When JOIN is received with more than one channel name, don't stop
processing on the first error (e.g. bad name, wrong channel key, ...)
but report an error and continue with the other given channel names.

Reported by Cahata -- thanks!
2012-01-02 15:23:17 +01:00
Alexander Barton
013298d4c6 IRC_JOIN(): Code cleanup 2012-01-02 15:22:52 +01:00
Alexander Barton
af13732ec7 ISON command: reply with correct upper-/lowercase nick names
Reported by Cahata -- thanks!
2012-01-02 15:06:44 +01:00
Alexander Barton
408a74b865 IRC_ISON(): Code cleanup 2012-01-02 15:04:40 +01:00
Alexander Barton
f47904bf95 Remove unused "bool have_arg" from IRC_WHO()
This fixes:

 irc-info.c: In function ‘IRC_WHO’:
 irc-info:936:18: warning: variable ‘have_arg’ set but not used
2012-01-02 00:56:31 +01:00
Alexander Barton
56b7e67307 New configuration option "PAMIsOptional"
When "PAMIsOptional" is set, clients not sending a password are still
allowed to connect: they won't become "identified" and keep the "~"
character prepended to their supplied user name.
2012-01-01 17:12:36 +01:00
Alexander Barton
b681aa5b9f PAM: don't use global password buffer for conv struct
Use the pointer of the password of the client directly.
Eventually we can get rid of the global password again ...
2011-12-31 18:06:17 +01:00
Alexander Barton
1a5ed654b4 Fixed handling of WHO commands
This fixes two bugs:
 - "WHO <nick>" returned nothing at all if the user was "+i"
   (reported by Cahata, thanks).
 - "WHO <nick|nickmask>" returned channel names instead of "*"
   when the user was member of a (visible) channel.

Clean up code and add documentation as well.
2011-12-30 14:57:12 +01:00
Alexander Barton
9cbb8f3bb8 Remove unused "time_t now" from Lists_Check()
This fixes:

 lists.c: In function ‘Lists_Check’:
 lists.c:330:9: warning: variable ‘now’ set but not used
2011-12-30 01:03:59 +01:00
Alexander Barton
e19ce437ca Fixed some spelling errors in documentation and code comments
Thanks to Christoph Biedl!
2011-12-30 00:50:27 +01:00
Alexander Barton
765c2f26ea Fixed typo in two error messages
Thanks to Christoph Biedl!
2011-12-30 00:32:11 +01:00
Alexander Barton
69fa6f268a LUSERS reply: only count "visible" channels
Rename Channel_Count() to Channel_CountVisible() and only count channels
that are visible to the requesting client, so the existence of secret
channels is no longer revealed by using LUSERS.

Reported by Cahata -- thanks!
2011-12-28 15:11:01 +01:00
Alexander Barton
43509fd22c IRC_Send_LUSERS(): Code cleanup 2011-12-28 14:52:21 +01:00
Alexander Barton
a71abfef4b Don't stop mode handling on unknown modes; skip it
Unknown user and channel modes no longer stop the mode parser, but are
simply ignored. Therefore modes after the unknown one are now handled.

This is how ircd2.10/ircd2.11/ircd-seven behave, at least.

Reported by Cahata -- thanks!
2011-12-28 14:46:17 +01:00
Alexander Barton
8a8e8a3a23 IRC_xLINE(): output an error message for unexpected "lines"
This fixes:

 irc-oper.c: In function ‘IRC_xLINE’:
 irc-oper.c:429: warning: ‘class’ may be used uninitialized in this function
 irc-oper.c:430: warning: ‘class_c’ may be used uninitialized in this function
2011-12-25 20:11:43 +01:00
Alexander Barton
15fec92ed7 Update list item, if it already exists
This updates the "validity" (timeout) as well as the "reason" text,
if given.
2011-12-25 19:43:00 +01:00
Alexander Barton
1e4a00f94f Lists_CheckDupeMask(): return pointer to already existing item
The old behavior of returning true/false is compatible to this change,
so there are no other code changes required.
2011-12-25 19:42:03 +01:00
Alexander Barton
338758799d Log better error messages when rejecting clients 2011-12-25 19:27:06 +01:00
Alexander Barton
164e15b8c6 Synchronize G-Lines on server login 2011-12-25 19:12:40 +01:00
Alexander Barton
32bfafafd9 Op_Check(): always accept commands from a remote server itself 2011-12-25 19:11:43 +01:00
Alexander Barton
6ef20e0f9a Class_GetList() now retuns a pointer to list_head structure 2011-12-25 19:11:07 +01:00
Alexander Barton
e86e193e01 Check G-Line and K-Line lists after authenticating clients 2011-12-25 18:03:35 +01:00
Alexander Barton
ae5ebfb9f0 New functions Lists_Expire() and Class_Expire()
GLINE and KLINE lists are cleared automatically now, not when they are
checked. So "STATS g" and "STATS k" no longer show expired entries :-)
2011-12-25 17:44:20 +01:00
Alexander Barton
e9e6224aae Implement IRC_xLINE(): handler for "GLINE" and "KLINE" commands 2011-12-25 16:57:36 +01:00
Alexander Barton
e23f025dd6 Op_Check(): return client that initiated the request or NULL
The old behavior of returning true/false is compatible to this change,
so there are no other code changes required.
2011-12-25 16:52:31 +01:00
Alexander Barton
3ca8703309 irc-oper.c: code cleanup; more documentation 2011-12-25 16:08:00 +01:00
Alexander Barton
fc82efc3e8 Implement IRC "STATS g" and "STATS k" command 2011-12-25 14:50:19 +01:00
Alexander Barton
dc9fcb0fb2 New function Class_GetList() 2011-12-25 14:49:52 +01:00
Alexander Barton
2b95c69ea1 lists.{c|h}: code cleanup; more documentation 2011-12-25 14:48:13 +01:00
Alexander Barton
af70c3dbc9 List and class handling: add optional "reason" text
Adjust Lists_Add() and Class_AddMask() accordingly, implement
Lists_GetReason() and Lists_GetValidity().
2011-12-25 14:19:45 +01:00
Alexander Barton
06a20b87c4 Add new class.{c|h} to project
Implement Class_{AddMask|DeleteMask|IsMember}() functions.
2011-12-24 13:40:27 +01:00
Alexander Barton
fea2194fc0 Lists: change "only once" property into "valid until"
The old "only once" true/false behavior is still supported, so there
are no other code changes required.
2011-12-24 13:34:25 +01:00
Alexander Barton
0a85c58878 Configuration: get rid of Conf_Oper_Count and Conf_Channel_Count
Count elements dynamically when needed.
2011-12-07 10:52:30 +01:00
Alexander Barton
8fa92f0a24 Suppress 'Can't create pre-defined channel: invalid name: ""' messages
Skip predefined channel structures that have configured no name,
like the "--configtest" does.
2011-12-04 22:35:20 +01:00
Alexander Barton
8e193df973 Only use poll() when poll.h exists as well 2011-11-25 22:06:44 +01:00
Alexander Barton
9e48f3f8f8 whois-test: handle local hostname = "localhost.localdomain"
Use the pattern "localhost*" for valid local hostnames.
2011-11-10 11:54:22 +01:00
Alexander Barton
13d9e0c5a7 Test for gai_strerror()
If gai_strerror() isn't available, use a macro that simply returns
a static error message (regardless of the real error code).

For example, GNU libc 2.0.7 doesn't implement gai_strerror().
2011-11-06 14:16:59 +01:00
Alexander Barton
a7911e35af Only use AI_NUMERICHOST if it is #define'd
It isn't using GNU libc 2.0.7, for example ...
2011-11-06 14:13:49 +01:00
Alexander Barton
60812b6fdf defines.h: fix comment: "lenth" -> "length"
Reported by Christoph Biedl in #ngircd. Thanks!
2011-11-05 00:35:18 +01:00
Alexander Barton
1ea6811616 Init_Server_Struct(): correctly zero Server->bind_addr
Don't use the size of the pointer, use the size of the variable!
2011-11-05 00:21:19 +01:00
Alexander Barton
d2f54abbed Clean up and fix comments of Check_ArgIsTrue()
Thanks to kaFux for pointing this out!
And fix code formatting as well ...
2011-11-03 09:54:28 +01:00
Alexander Barton
30796698a9 Only close "unrelated" sockets in forked child processes
This fixes the problem that ngIRCd can't do any IDENT lookups because
of the socket has already been closed in the child process.

The bug has been introduced starting with ngIRCd 17 ... :-(
(commit ID 6ebb31ab35)
2011-09-07 14:51:16 +02:00
Alexander Barton
8aac366802 Implemented user mode "R" and channel mode "R"
- User mode "R": indicates that the nick name of this user is "registered".
   This mode isn't handled by ngIRCd itself, but must be set and unset by
   IRC services like Anope.

 - Channel mode "R": only registered users (having the user mode "R" set)
   are allowed to join this channel.
2011-08-26 15:26:38 +02:00
Alexander Barton
69803d6ff1 Use Proc_Close() to remove no longer unused pipes to child processes
This removes spurious (but harmless) debug messages.
2011-08-23 12:32:05 +02:00
Alexander Barton
be6994aece New function Proc_Close() to shutdown pipes to child processes 2011-08-23 12:31:17 +02:00
Alexander Barton
1361b3742d Introduce DEBUG_BUFFER, rework some debug messages
DEBUG_BUFFER is off by default and therefore disables these messages:
 - "Handle_Write() called for connection XX, YY bytes pending ..."
 - "Connection XX: ZZ bytes left in read buffer."
2011-08-23 12:28:04 +02:00
Alexander Barton
d3036c74e9 Testsuite: bind to loopback (127.0.0.1) interface only 2011-08-22 16:54:24 +02:00
Alexander Barton
51d7674ee7 New 2nd message "Nickname too long" for error code 432 2011-08-19 11:09:40 +02:00
Alexander Barton
1189200d4a Client_CheckNick(), Client_IsValidNick(): code cleanup 2011-08-19 10:44:26 +02:00
Alexander Barton
7795b07c53 Merge branch 'ServerMode'
* ServerMode:
  Handle channel user modes 'a', 'h', and 'q' from remote servers
  Handle unknown channel modes on server links
  Handle unknown user modes on server links
  IRC_MODE(), Client_Mode(): code cleanup [2/2]
  Enlarge client user mode buffer, reduce client flags buffer
  Infom clients when other servers change their user modes
  IRC_MODE(), Client_Mode(): code cleanup [1/2]
2011-08-13 21:04:01 +02:00
Alexander Barton
d9325e8030 Merge branch 'bug113-SrvPrefix'
* bug113-SrvPrefix:
  Slightly change (and document!) IRC_KILL() calling convention
  Spoofed prefixes: close connection on non-server links only
2011-08-09 10:16:56 +02:00
Alexander Barton
160c52400f Cast getpid() and time() results for srand() input
This fixes:

src/ngircd/ngircd.c:596: warning: implicit conversion
 shortens 64-bit value into a 32-bit value

(i686-apple-darwin11-llvm-gcc-4.2)
2011-08-02 13:24:13 +02:00
Alexander Barton
88f6fc5fd8 IRC_QUIT(): disconnect directly linked servers sending QUIT
Without this patch, the server becomes removed from the network and
the client structures, but the connection isn't shut down at all ...
2011-08-02 00:56:49 +02:00
Alexander Barton
989c9fa531 Handle channel user modes 'a', 'h', and 'q' from remote servers
These channel user modes aren't used for anything at the moment, but
ngIRCd knows that these three modes are "channel user modes" and not
"channel modes", that is that these modes take an "nick name" argument.

Like unknown user and channel modes, these modes are saved and forwarded,
but ignored otherwise.
2011-08-01 23:30:55 +02:00
Alexander Barton
2fd42667c2 Handle unknown channel modes on server links 2011-08-01 22:30:00 +02:00
Alexander Barton
2dfa24d2fa Handle unknown user modes on server links 2011-08-01 22:09:40 +02:00
Alexander Barton
1ed602eb47 IRC_MODE(), Client_Mode(): code cleanup [2/2] 2011-08-01 21:51:31 +02:00
Alexander Barton
ea725b99b7 Enlarge client user mode buffer, reduce client flags buffer
We have to enlage our user mode buffer, so we can handle even unknown
user modes in the future; and reduce the client flags buffer, because
I can't imagine why we ever would need ~100 flags!?

Now we support up to 15 user modes (was: 8) and up to 15 flags (was: 99).

So in the end, we even save 99-15+8-15=77 bytes for each client structure!
2011-08-01 21:28:55 +02:00
Alexander Barton
3dc3a03538 Infom clients when other servers change their user modes 2011-08-01 21:10:16 +02:00
Alexander Barton
d692286d7a IRC_MODE(), Client_Mode(): code cleanup [1/2] 2011-08-01 09:07:32 +02:00
Alexander Barton
456e55921d Slightly change (and document!) IRC_KILL() calling convention 2011-07-30 19:48:48 +02:00
Alexander Barton
9f3690c39c Testsuite: make getpid.sh work even when run as root
Use ps(1) flag "-a" (as well as "-f"):
"Select all processes except both session leaders (see getsid(2)) and
processes not associated with a terminal."

Thanks to Götz Hoffart for reporting this problem!
2011-07-30 18:47:58 +02:00
Alexander Barton
6cbe13085d Spoofed prefixes: close connection on non-server links only
On server-links, spoofed prefixes can happen because of the asynchronous
nature of the IRC protocol. So don't break server-links, only log a message
and ignore the command.

This fixes bug 113, see:
<https://arthur.barton.de/bugzilla/show_bug.cgi?id=113>
2011-07-19 16:07:34 +02:00
Alexander Barton
e160121698 MorePrivacy: Don't register WHOWAS information
Citing an email from Florian to the ngIRCd mailing list:

"I wonder what the expected behaviour is when Conf_MorePrivacy is changed
 from 'yes' to 'no' and the config is reloaded.

 At the moment, WHOWAS will start giving out information on Users that
 were connected during Conf_MorePrivacy=yes period.  If this is not
 wanted, Client_RegisterWhowas() should be changed to not store a record
 when Conf_MorePrivacy is enabled."

And I think it is "not wanted" :-)
2011-07-10 14:45:33 +02:00
Alexander Barton
2d35731399 GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime
For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e.

This patch enables ngIRCd to accept incoming connections from other servers
and clients that use at least 1024 bits (and no longer requires 2048 for
incoming connections, too).

Patch proposed by Florian Westphal.
2011-06-28 13:48:33 +02:00
Alexander Barton
14afdaee08 hash: Use UINT32 instead of uint32_t 2011-06-27 10:27:07 +02:00
Florian Westphal
1765f0ae0b hash: use more recent lookup3 algorithm instead of lookup2
Bob Jenkins published a newer hash function in May 2006, it has
better distribution.

See http://burtleburtle.net/bob/hash/doobs.html for lengthy
comparisions.
2011-06-27 00:16:37 +02:00
Alexander Barton
7f8d0ea5a3 Use srand()/rand() instead of srandom()/random(); seems to be more portable 2011-06-26 23:39:20 +02:00
Alexander Barton
d99edb7728 Merge branch 'MorePrivacy'
* MorePrivacy:
  New configuration opion "MorePrivacy" to "censor" some user information
2011-06-26 15:41:27 +02:00
Alexander Barton
269310f04b Merge branch 'ScrubCTCP'
* ScrubCTCP:
  Add documentation for "ScrubCTCP" configuration option
  New option to scrub incoming CTCP commands
2011-06-26 15:38:53 +02:00
Alexander Barton
946d838de4 Move SSL-related configuration variables to new [SSL] section 2011-06-26 00:09:36 +02:00
Alexander Barton
a085444035 CheckFileReadable(): only check when a filename is given ... 2011-06-26 00:07:47 +02:00
Alexander Barton
449ad1eeea PAM: make clear which "Password" config option is ignored 2011-06-25 23:55:54 +02:00
xor
b80e115f39 New configuration opion "MorePrivacy" to "censor" some user information
this patch contains:

  * Fix for Conf_CloakUserToNick to make it conceal user details
  * Adds MorePrivacy-feature

MorePrivacy censors some user information from being reported by the
server. Signon time and idle time is censored. Part and quit messages
are made to look the same. WHOWAS requests are silently dropped. All
of this is useful if one wish to conceal users that access the ngircd
servers from TOR or I2P.
2011-06-25 22:21:20 +02:00
xor
f087c68a99 New option to scrub incoming CTCP commands
This patch makes it possible to scrub incomming CTCP commands from
other servers and clients alike. The ngircd oper can enable it from
the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is
default off.

CTCP can be used to profile IRC users (get user clients name and
version, and also their IP addresses). This is not something we like
to happen when user pseudonymity/secrecy is important.

The server silently drops incomming CTCP requests from both other
servers and from users. The server that scrubs CTCP will not forward
the CTCP requests to other servers in the network either, which can
spell trouble if not every oper knows about the CTCP-scrubbing.
Scrubbing CTCP commands also means that it is not possible to send
files between users.

There is one exception to the CTCP scrubbing performed: ACTION ("/me
commands") requests are not scrubbed. ACTION is not dangerous to users
(unless they use OTR, which does not encrypt CTCP requests) and most
users would be confused if they were just dropped.

A CTCP request looks like this:

ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char

ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.)

They are sent as part of a message and can be delivered to channels
and users alike.
2011-06-25 21:37:17 +02:00
Alexander Barton
c438c227b5 Testsuite: update configuration files for new config file format 2011-06-25 14:57:26 +02:00
Alexander Barton
d41f4d6d20 Display configuration errors more prominent on "--configtest" 2011-06-25 14:56:27 +02:00
Alexander Barton
391cf4e2a1 conf.c: code cleanup 2011-06-25 14:55:34 +02:00
Alexander Barton
7ef6cb4584 Check for redability of SSL-related files like for MOTD file
Remove functions ssl_print_configvar() and ConfSSL_Puts(), introduce
new function CheckFileReadable().
2011-06-25 14:50:52 +02:00
Alexander Barton
e7256bb8ac Restructure ngIRCd configuration, introduce [Limits] and [Options]
The intention of this restructuring is to make the [Global] section much
cleaner, so that it only contains variables that most installations must
adjust to the local requirements.

All the optional variables are moved to [Limits], for configurable limits
and timers of ngIRCd, and [Options], for optional features.

The old variables in the [Global] section are deprecated now, but still
recognized.
2011-06-25 14:45:36 +02:00
Florian Westphal
42b32f8a2a conn: fix error handling when connecting to server
The io_event_create error handling seems to miss a 'return'
statement.

Fix this by moving io_event_create() call around so we do not
need the Conn_Close/Init calls in the error case.
2011-06-05 15:00:32 +02:00
Florian Westphal
49b2d0ec98 ssl: gnutls: bump dh bitsize to 2048
problem is that some clients refuse to connect to severs that only offer
1024.  For interoperability it would be best to just use 4096, but that
takes minutes, even on current hardware.
2011-06-04 22:57:29 +02:00
Florian Westphal
605b6a67bc fix clang warning about dead stores
clang 'scan-build':
Value stored to 'r' is never read
Value stored to 'fd' is never read
2011-05-06 20:31:56 +02:00
Florian Westphal
05748aa5ee parse: fix logical expression testing for non RFC1459 links
parse.c:284: warning: suggest parentheses around operand of '!' or
change '&' to '&&' or '!' to '~'

The expression looks dubious, this should probably be
an if-not-set, then... test.
2011-04-29 23:27:56 +02:00
Florian Westphal
0bb892bb5f conn: avoid needlesly scary 'buffer overflow' messages
When the write buffer space grows too large, ngircd has to disconnect
the client to avoid wasting too much memory.

ngircd logs this with a scary 'write buffer overflow' message.
Change this to a more descriptive wording.
2011-04-29 23:10:01 +02:00
Alexander Barton
c26ca7773b Only require server prefixes on non RFC1459 links
Not all servers (and services!) using the RFC1459 protocol style send
prefixes on all commands; so don't require them to do so.

This relaxes the requirements introduced by commit 15775e679.
2011-04-29 12:33:58 +02:00
Alexander Barton
160f5725a6 Do reverse lookups using the AF of the incoming connection
This fixes errors like this one:
  Address mismatch: 2001🔢abcd:1::1 != 192.168.1.1
2011-04-26 11:10:50 +02:00
Florian Westphal
e4e1595bff resolve: fix reverse lookups of client connections with ConnectIPv6=no
We re-use the same helper function for both forward lookups
(when we want to connect to a peer server) and for validation of reverse
loopups (where we make a lookup on the hostname returned
by a reverse lookup on the IP address that connected).

Problem:

When ConnectIPv6=no, the forward lookup helper sets the adderss family
to AF_INET, and, if out client connected via ipv6, we fail to validate
the result.

Thus move the ConnectIPvX check out of the helper.
2011-04-25 18:00:10 +02:00
Alexander Barton
1cd8d7f386 Doxygen'ify conf.c 2011-04-12 23:15:29 +02:00
Alexander Barton
9a102ca96b New function Config_Error_Section(); and code cleanup 2011-04-12 21:55:32 +02:00
Alexander Barton
e70e81460b Add some type casts to random() and srandom() functions
This fixes two gcc warnings (on Mac OS X):
 "warning: implicit conversion shortens 64-bit value into a 32-bit value"
2011-04-12 21:23:14 +02:00
Florian Westphal
5acb90fafc ngircd: improve rng initialisation
we do not need this for cryptographic purposes, but we can do better
than plain srandom(getpid()).

Also, keep in mind that rng state is inherited across fork(), so re-init
it in the child.
2011-03-28 00:29:58 +02:00
Alexander Barton
d61fbfc6e3 Merge branch 'AuthPing'
* AuthPing:
  Add documentation for "RequireAuthPing" configuration option
  New configuration option "RequireAuthPing": PING-PONG on login
2011-03-27 20:58:18 +02:00
Alexander Barton
162433398e New configuration option "RequireAuthPing": PING-PONG on login
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.

This is used by QuakeNet for example (ircu/snircd), and looks like this:

  NICK nick
  :irc.example.net PING :1858979527
  USER user . . :real name
  PONG 1858979527
  :irc.example.net 001 nick :Welcome to the Internet Relay Network ...
2011-03-27 19:33:48 +02:00
Alexander Barton
f99d33ddd9 Configuration: move "NoticeAuth" to GLOBAL section 2011-03-26 17:11:44 +01:00
Alexander Barton
d29e389779 New configuration option "NoticeAuth": send NOTICE AUTH on connect
When enabling "NoticeAuth" in the [Features] section, ngircd will send
"NOTICE AUTH" messages on client connect like e.g. snircd (QuakeNet) does.
2011-03-25 12:15:11 +01:00
Alexander Barton
f1a4a4dc88 Warn when unknown variables are found in [Features] section 2011-03-25 12:12:20 +01:00
Alexander Barton
770a58ac6d Generate WALLOPS message on SQUIT from IRC operator
So SQUIT now behaves like CONNECT and DISCONNECT commands, when called
by an IRC operator (and not received from an other server).
2011-03-21 23:52:42 +01:00
Alexander Barton
15775e6790 Commands received from other servers must have prefixes
Make sure that all commands received from other servers do have
valid prefixes.

Only exceptions are PING and ERROR commands that can occure without
prefixes when generated by the remote peer itself.
2011-03-21 10:46:09 +01:00
Alexander Barton
62f705f97e Allow servers to send more commands in the first 10 secods
This helps to speed up server login and network synchronisation.
2011-03-21 09:42:01 +01:00
Alexander Barton
a39e2f22c9 IRC_CHANINFO(): Code cleanup 2011-03-19 17:29:19 +01:00
Alexander Barton
dcb1951efd Handle_GLOBAL(): don't use multi-line strings
They aren't supported by elder C compilers ...
2011-03-19 17:28:38 +01:00
Alexander Barton
fa8b83e69b Merge branches 'CloakUserHost', 'QuitOnHTTP' and 'bug72-WHOIS-List'
* CloakUserHost:
  Add a note not to use a percent sign ("%") in CloakHost variable
  Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick
  Don't use "the.net" in sample-ngircd.conf, use "example.net"
  ngircd.conf.5: document "ClientHost" and "ClientUserNick"
  Move "ClientHost" and "ClientUserNick" to end of [Global] section
  ClientUserNick setting
  ClientHost setting

* QuitOnHTTP:
  Only "handle" HTTP commands on unregistered connections
  Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd
  IRC_QUIT_HTTP(): enhance error message
  Move IRC_QUIT_HTTP() below IRC_QUIT()
  quit on HTTP commands: GET & POST

* bug72-WHOIS-List:
  Add "whois-test" to testsuite and distribution archive
  Add support for up to 3 targets in WHOIS queries.
2011-03-19 17:16:14 +01:00
Alexander Barton
ae7470ceb5 Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick 2011-03-19 16:58:29 +01:00
Alexander Barton
d1f604ab89 Add "whois-test" to testsuite and distribution archive
Test script proposed by Dana Dahlstrom, 2008-02-17.
See <https://arthur.barton.de/bugzilla/show_bug.cgi?id=72> ...
2011-03-19 15:03:15 +01:00
Florian Westphal
ff2a425ab8 Add support for up to 3 targets in WHOIS queries.
also allow up to one wildcard query from local hosts.
Follows ircd 2.10 implementation rather than RFC 2812.
At most 10 entries are returned per wildcard expansion.

WHOIS test cases by Dana Dahlstrom.
2011-03-19 15:03:15 +01:00
Alexander Barton
b19f7d73cb Only "handle" HTTP commands on unregistered connections 2011-03-17 00:03:10 +01:00
Alexander Barton
38747b40dc Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd 2011-03-16 23:58:39 +01:00
Alexander Barton
dbb66695c9 IRC_QUIT_HTTP(): enhance error message 2011-03-16 23:58:01 +01:00
Alexander Barton
77cff9e47c Move IRC_QUIT_HTTP() below IRC_QUIT() 2011-03-16 23:56:27 +01:00
Alexander Barton
25dd193e9b Move "ClientHost" and "ClientUserNick" to end of [Global] section 2011-03-16 23:43:29 +01:00
Gabor Adam Toth
71d8c37171 ClientUserNick setting 2011-03-16 23:15:50 +01:00
Gabor Adam Toth
52f59149ad ClientHost setting 2011-03-16 23:15:50 +01:00
Gabor Adam Toth
33e8c24806 quit on HTTP commands: GET & POST 2011-03-16 22:59:57 +01:00
Florian Westphal
5417a72536 channel: always reject zero-length channel key
previously, any client could join in this configuration:

[Channel]
  Name = #test
  Modes = tnk
  KeyFile = /tmp/foobar

fix this by checking for zero-length key before comparing
key to channel key.
2011-02-28 23:28:24 +01:00
Alexander Barton
94e4562c1c PAM-Auth child: log if result can't be reported
This fixes the followin GCC warning on modern Linux systems as well:

irc-login.c:     In function ‘Hello_User’:
irc-login.c:876: warning: ignoring return value of ‘write’,
                 declared with attribute warn_unused_result
2011-02-23 22:55:45 +01:00
Alexander Barton
adfa968f99 Correctly detect errors when handling "MODE x" commands 2011-02-14 01:44:40 +01:00
Alexander Barton
07f241ff6d Enhance documentation for the WEBIRC command 2011-02-13 17:52:39 +01:00
Alexander Barton
53fecf5a2b Doxygen'ify irc-login.c 2011-02-13 17:52:39 +01:00
Alexander Barton
8a674c3263 Doxygen'ify irc-channel.c 2011-02-13 17:52:39 +01:00
Alexander Barton
1f5fbd5992 Doxygen'ify conn.c 2011-02-13 17:52:39 +01:00
Alexander Barton
5858dc3886 Doxygen'ify proc.h 2011-02-13 17:52:39 +01:00
Alexander Barton
af6ac0fa41 Doxygen'ify parse.h 2011-02-13 17:52:39 +01:00
Alexander Barton
f3ec90f3f0 Doxygen'ify and update comments in ngircd.{c|h} 2011-02-13 17:52:39 +01:00
Alexander Barton
c6a7de869c Doxygen'ify and update comments in match.c 2011-02-13 17:52:39 +01:00
Alexander Barton
4ef23df813 Update and translate comments in hash.c 2011-02-13 17:52:39 +01:00
Alexander Barton
5555b6cc86 Doxygen'ify conf.h 2011-02-13 17:52:39 +01:00
Alexander Barton
72a982ae7e Add missong Doxygen @file tags to ngircd.h and irc-op.h 2011-02-13 17:52:39 +01:00
Alexander Barton
2a7dd06ebd Code cleanup: mostly removing empty lines 2011-02-13 17:52:38 +01:00
Alexander Barton
03628dbeaf Add Doxygen @file documentation to each source and header file 2011-02-13 17:52:38 +01:00
Alexander Barton
f732c7117e Make write buffers bigger, but flush early
This patch
 - makes the server write buffer bigger: 64k,
 - makes the regular write buffer bigger: 32k,
 - tries to flush the write buffer starting at 4K.

Before this patch, a client got disconnected if the buffer flushing at 4k
failed, now regular clients can store up to 32k and servers up 64k even
if flushing is not possible at the moment (e.g. on slow links).
2011-02-12 23:24:56 +01:00
Alexander Barton
477224be5c Enhance logging on "write buffer overflow" 2011-02-12 23:24:26 +01:00
Alexander Barton
493ccd57f4 Clean up Validate_Prefix(); don't send punctuation in ERROR commands 2011-01-29 16:05:55 +01:00
Alexander Barton
8700f4d93c Better check for invalid IRC+ PASS command
Don't do a NULL-pointer dereference when a remote server using the
IRC+ protocol sends an invalid PASS command without the required
<serverversion> parameter ...
2011-01-23 18:38:36 +01:00
Alexander Barton
765dc320f1 Read_Request(): don't access possibly free'd CLIENT structure
Handle_Buffer() can shut down connections and remove clients, so after
calling it, we have to make sure that our CLIENT pointer is still valid.
2011-01-23 15:14:18 +01:00
Alexander Barton
9fff9f6a2b ngircd-test2.conf: really disable Ident and PAM ... 2011-01-19 01:19:40 +01:00
Alexander Barton
b856a58051 Log "Can't read MOTD file" as "configuration error"
Now this error message is displayed in the console without debug prefix
when running the configuration test (--configtest).
2011-01-18 23:44:07 +01:00
Alexander Barton
8927700b22 Allow "Port = 0" in [Server] blocks
Port number 0 marks remote servers that try to connect to this
daemon, but where this daemon never tries to establis a connection
on its own: only incoming connections are allowed.
2011-01-18 22:45:01 +01:00
Alexander Barton
58a4dae56d conf: fix 'Value of "..." is not a number!' for negative values
Don't use isdigit() function any more, because it only checks the
first character of the variable value and because it doesn't know
about the minus sign which is required e.g. for "Group = -1".
2011-01-18 22:41:27 +01:00
Alexander Barton
914d6a26d8 Don't read MOTD file twice
The MOTD file is read in Read_Config(), so don't read it when handling
the "MotdFile" configuration variable. Instead make sure that it is
initialized properly when (re-)reading the configuration.
2011-01-18 22:01:27 +01:00
Alexander Barton
c98e794b38 Add [Features] section to ngircd-test{1|2}.conf
Fix commit 5a34bb203a:
It is not enough to strip the "No" prefix from "Ident" and "PAM",
but we have to introduce the new [Features] section to fix all
warning messages of ngIRCd.

Variables "Ident" and "PAM" in [Global] are completely wrong :-(
2011-01-18 21:39:48 +01:00
Alexander Barton
a990bd72ec Enable WHOIS command to return information about services 2011-01-18 21:04:55 +01:00
Alexander Barton
5a34bb203a Update testsuite configuration: strip No... prefixes 2011-01-18 14:28:39 +01:00
Alexander Barton
d3ef2239e1 Add connection/socket information to some log messages 2011-01-16 23:24:41 +01:00
Alexander Barton
a57748e1a1 Implement channel mode 'O': "IRC operators only"
This channel mode is used on DALnet (bahamut), for example.
2011-01-10 12:15:05 +01:00
Alexander Barton
4a6d44dce2 Remove support for ZeroConf/Bonjour/Rendezvous service registration 2011-01-09 23:51:30 +01:00
Alexander Barton
5ed7a4ea57 TOPIC command: test for channel admin rights correctly
This enables other servers, services and IRC operators to change
channel topics, even when the client is not joined to this channel.

Now the handler for TOPIC behaves like the one for MODE.
2011-01-09 23:08:15 +01:00
Alexander Barton
ba32d594fd Channel_CheckAdminRights(): test if client can admin a channel
This generic function tests if a client is allowed to do administrative
tasks to a specific channel:

 - servers and services are always truested ("allowed everything"),
 - channel operators are allowed,
 - IRC operarors are allowed if OperCanUseMode is set in the config.
2011-01-09 22:40:11 +01:00
Florian Westphal
3460c87c58 conf: fix 'unknown section' FEATURES parse error
pointed out by Alex:
ngircd.conf, line 105: Unknown section "[Features]"!
2011-01-09 22:19:17 +01:00
Alexander Barton
02592f912e IRC_TOPIC(): code cleanup 2011-01-09 22:10:30 +01:00
Florian Westphal
1964bda252 conf: move 'run-time-feature-disable' options to new FEATURE section 2011-01-09 19:42:42 +01:00
Florian Westphal
23ce0393b2 array: remove check for allocated == 0
allocated can only be zero if ->mem is NULL.
2011-01-09 19:40:54 +01:00
Florian Westphal
994a003aba array: remove alignment of requested size
libc should know better than us.
Also, this helps debugging with tools like valgrind:
When you allocate an array of size x, and then erronoulsy
use x+1 valgrind cannot detect the bug because due to ALIGN_()
made by array.c we might have allocated more than size x...
2011-01-09 19:28:50 +01:00
Florian Westphal
eda2556e09 conf: Warn if PAM=true when ngircd was built without PAM support 2011-01-09 18:17:35 +01:00
Florian Westphal
9402bcaa73 conf: add missing static qualifier
internal helper, so it should be static.

also, add UNUSED to 'Line'.
2011-01-09 17:54:21 +01:00
Alexander Barton
6d11fb1497 Update copyright notices for 2010 :)
And update the NEWS and ChangeLog file as well.
2011-01-09 16:11:12 +01:00
Alexander Barton
28bbd7e27a Make NoZeroConf option work with Howl 2011-01-09 14:31:18 +01:00
Florian Westphal
1dca082fc6 config: deprecate NoXX-Options
ngircd unfortunately uses several options using double-negation, e.g.

NoIdent = No, NoPam = No, etc.

This renames all options by dropping the "No" prefix, e.g.
"NoIdent = no" becomes "Ident = yes".

The old options will continue to work, but will cause a warning
message.

Also update man pages and default config.

To prevent silly
'Ident = yes' from appearing in  --configtest output in the
'ident support not compiled in and Ident Option not used' case,
make default value depend on feature availability.
If feature is available, enable by default, otherwise disable.

We might consider moving these options to a new
[Feature]

section, or something like that, because none of these options are
essential.

Another possible improvement:

'Ident = yes' option in ngircd.conf causes a warning if ngircd was
built without ident support.

This does not happen with e.g. zeroconf....
2011-01-09 13:59:33 +01:00
Florian Westphal
4a5dfcc3ac channel: fix confusing "adding to invite list" debug output
adding entries to ban list produced 'invite list' debug output...
2010-12-31 11:35:40 +01:00
Alexander Barton
f37e495a2b Command throttling: introduce MAX_COMMANDS_SERVICE
New MAX_COMMANDS_SERVICE (currently set to MAX_COMMANDS_SERVER[10]),
so that services are handled like servers (and not regular users).
2010-12-29 14:19:51 +01:00
Alexander Barton
21cbf37db5 Don't throttle services and servers beeing registered 2010-12-29 14:12:34 +01:00
Alexander Barton
36d4f6c601 Don't assert() when serching a client for an invalid server token
This is only relevant when a trusted server on a server-server link
sends invalid commands.
2010-12-24 12:48:03 +01:00
Alexander Barton
8ea1c5bb82 --configtest: remember if MOTD is configured by file or phrase
Configuration variables "MotdFile" and "MotdPhrase" are mutually
exclusive; so don't display content in both of them when running
"ngircd --configtest": instead remember which one is beeing used.
2010-12-02 16:51:21 +01:00
Alexander Barton
79ca5fe04d Enhance log messages when establishing server links a little bit 2010-12-02 13:40:08 +01:00
Alexander Barton
60bb40d67a Reset ID of outgoing server link on DNS error correctly
Not resetting the ID prevents the daemon from trying to re-establish
outgoing server links when the DNS resolver failed to resole a hostname.
2010-12-02 13:38:42 +01:00
Alexander Barton
5da98ec389 Don't log critical (or worse) messages to stderr
stderr isn't redirected to the "error file" any more, so there is
no point in trying to log to it ...
2010-12-02 13:36:19 +01:00
Alexander Barton
790fa89e67 Remove "error file" when compiled with debug code enabled
The information written to the "error file" (/tmp/ngircd-<PID>.err) when
ngIRCd is compiled with debug code enabled isn't that usefule, so don't
create this file at all.
2010-12-01 21:22:20 +01:00
Alexander Barton
7321be2ccd New numeric 329: get channel creation time on "MODE #chan" commands 2010-11-11 12:39:49 +01:00
Alexander Barton
9bc5d565bb Save channel creation time; new function Channel_CreationTime() 2010-11-11 12:39:19 +01:00
Alexander Barton
d7ad956a06 Fix connect attempts to further IP addresses of outgoing server links
If a hostname resolves to more than one IP address (round-robin DNS,
IPv4 and IPv6) and an attempt to connect to the first address fails,
ngIRCd should try to connect to the 2nd address, 3rd address etc.

But because of a wrong variable used in the call to New_Server(),
the wrong server structure has been used in further connection attemps
which possibly lead to connection attempts to already connected servers.
2010-10-27 21:59:51 +02:00