1
0
mirror of https://github.com/osmarks/ngircd.git synced 2024-12-13 02:10:27 +00:00
Commit Graph

2298 Commits

Author SHA1 Message Date
LucentW
0f490b5cae Implement numeric RPL_LISTSTART(321)
lightIRC and other clients expecting RPL_LISTSTART should now behave correctly.

Closes #207.

(cherry picked from commit 0680ce5fd99bc643651d1433bcdaf271aeb73c46)
2015-05-16 20:29:10 +02:00
LucentW
93a872a36b Fix with oneshot invites
This should finally implement correctly oneshot invites sent via /INVITE
2015-05-15 14:02:37 +02:00
Alexander Barton
c4245220de Fix MatchCaseInsensitive[List]](): lowercase string _and_ pattern
Up to now, only the the string ("haystack") became lowercased and was
the compared to the pattern ("needle") -- which failed, when the pattern
itself wasn't all lowercase ...
2015-05-13 23:47:53 +02:00
Alexander Barton
f8f7f83f5a Streamline effect of "MorePrivacy" option (WHOIS, LIST)
- Update documentation in ngircd.conf(5)
- LIST: Don't hide channels for IRC Ops when "MorePrivacy" is in effect
- WHOIS: Don't hide IP addresses/hostnames when "MorePrivacy" is in effect

Closes #198
2015-05-13 22:42:51 +02:00
LucentW
03c8997af3 Fixed building issues\
Now builds cleanly. Pass all tests from make check.
2015-05-13 20:08:26 +00:00
LucentW
4396936f38 Implement timestamp tracking of invites
Now lists nodes also have the "onlyonce" field, since the valid_until is
used to keep the timestamp of placing. Found no references to onlyonce
or about valid_until being == 1, though, so it might be unused, but
still available for other enhancements.
2015-05-11 22:15:01 +02:00
LucentW
4da04640e6 Keep track of who placed bans/invites/excepts
Implements #203.
WARNING: it does not track the time of placement of invites, since the
time_t is already used as a flag for single use invites!
2015-05-11 22:15:00 +02:00
LucentW
10c7ba99e7 IRC operators w/OperCanMode can kick anyone 2015-05-11 22:12:30 +02:00
LucentW
a4af9024fd Fixed indents 2 2015-04-29 20:29:00 +02:00
LucentW
6fc53558ed Fixed indents and documentation
(also updated the copyright date on the txt I edited)
2015-04-29 20:25:18 +02:00
LucentW
21767c968d Implement +I (private channel list on whois)
Implements enhancement requested in issue #179
2015-04-29 14:04:06 +02:00
Alexander Barton
c5da483685 Make sure that the target user is able to join a local channel
Implement ERR_USERNOTONSERV(504) numeric and make sure that the
target user is on the same server when inviting other users to
local ("&") channels.

ircd-ratbox uses the ERR_USERNOTONSERV(504) numeric for this, and I
think this is a good idea -- other IRC daemons (like ircu) silently
drop such impossible invites, but thats not a big benefit ...

Idea by Cahata, thanks! Closes #183.
2015-04-12 20:59:43 +02:00
Alexander Barton
4330f5d1c9 INVITE command: Enforce 1 second penalty time
This prevents flooding of the target client.

This closes #186. Reported by Cahata, thanks!
2015-04-12 20:14:24 +02:00
Alexander Barton
81b81c818c MODE command: Always report channel creation time
Up to now when receiving a MODE command, ngIRCd only reported the channel
creation time to clients that were members of the channel. This patch
reports the channel creation time to all clients, regardless if they are
joined to that channel or not.

At least ircd-seven behaves like this.

This closes #188. Thanks Cahata!
2015-04-12 19:39:20 +02:00
Alexander Barton
c7bbc9a390 Fix spelling of RPL_WHOISBOT message text 2015-03-27 22:51:21 +01:00
Alexander Barton
6171beb7ab Don't send nick name as default PART reason
No other IRC daemon seems to do this (today?), don't remember why
ngIRCd did it in the first place ...

Closes #185.

Reported by Cahata in #ngircd, thanks!
2015-03-14 11:13:50 +01:00
Alexander Barton
2196e945e4 Fix "WHO #<chan>" showing invisible users and hiding all visible
The logic is reversed ...

This bug has been introduced by commit c74115f2, "Simplify mode checking on
channels and users within a channel", ngIRCd releases 21, 21.1, and 22 are
affected :-(

Problem reported by Cahata in #ngircd, Thanks!
2015-03-14 10:16:16 +01:00
Alexander Barton
f16eb1b686 Fix typo in src/testsuite/README 2015-03-11 22:14:24 +01:00
Alexander Barton
c41f18e3f9 Auth PING: Fix our information text for manual sending of "PONG"
Up to now, ngIRCd doesn't send a valid IRC command at all, oops!
2015-01-20 22:50:13 +01:00
Alexander Barton
dbfe1beca8 Auth PING: The numeric ID is a "long", use atol() 2015-01-20 22:49:23 +01:00
Alexander Barton
6bdae55177 Auth PING: Don't send a prefix in our PING command
The prefix confuses WeeChat, at least, which doesn't send an appropriate
PONG in the case ...

Debugging and patch by "wowaname" on #ngircd, thanks!
2015-01-20 22:44:36 +01:00
Alexander Barton
bd8d4e710c Fix syntax of ERR_LISTFULL_MSG(478) numeric
Pointed out by "wowaname" in #ngircd, thanks!
2014-12-27 01:50:27 +01:00
Alexander Barton
9a931a549b Enhance debug messages while sending CHANINFO commands 2014-12-20 15:35:49 +01:00
Alexander Barton
3c30490d54 Reset "last try" timer when enabling a passive server
This results in a new connection attempt as soon as possible.
2014-12-20 15:31:55 +01:00
Alexander Barton
6250335352 Change log message for "Can't resolve address" 2014-12-10 11:11:42 +01:00
Alexander Barton
7e14bd3b58 Change log messages issued for IP address forgeries 2014-12-10 11:02:03 +01:00
Alexander Barton
31b3c83c1f Merge remote-tracking branch 'alex/TestsuiteNoDNS'
* alex/TestsuiteNoDNS:
  Test suite: Don't use DNS lookups
2014-11-01 20:14:09 +01:00
Alexander Barton
100de3e4cc Update "CipherList" to not enable SSLv3 by default
Idea, initial patch, and testing by Christoph Biedl
<ngircd.anoy@manchmal.in-ulm.de>
2014-10-16 13:42:24 +02:00
Alexander Barton
be88707027 Match list patterns case-insensitive
The invite-, ban-, and except lists are affected by this change,
as well as G-Lines an K-Lines.

Problem pointed out by "wowaname" on #ngircd, thanks!
2014-10-06 21:47:34 +02:00
Alexander Barton
84ff5a6eb9 Sync "except lists" between servers
Up to now, ban, invite, and G-Line lists have been synced between servers
while linking -- but obviously nobody noticed that except list have been
missing ever since. Until now.

Thanks to "j4jackj", who reported this issue in #ngircd.
2014-09-22 02:17:04 +02:00
Alexander Barton
bf2eae3249 Allow longer usernames for authentication 2014-09-11 22:04:31 +02:00
Alexander Barton
ffad2da835 Correctly check that a server has a valid hostname and port
David Binderman <dcb314@hotmail.com> reported the following compiler warning,
which is a real bug in ngIRCd, thanks!

conn.c:2077:55: warning: logical not is only applied to the left hand
                         side of comparison [-Wlogical-not-parentheses]
2014-09-10 13:03:30 +02:00
Alexander Barton
896d45471a Lists_MakeMask: Don't destroy source buffer 2014-08-08 13:50:48 +02:00
Alexander Barton
01c3552140 Initialize Conf_ScrubCTCP even when SYSLOG isn't #define'd
The "SYSLOG" #define isn't related to "Conf_ScrubCTCP" at all, so
initialize the latter even when "SYSLOG" isn't #define'd.

Pointed out by wowaname on #ngircd, thanks!
2014-07-29 23:08:18 +02:00
Alexander Barton
40ed94a1f2 Increase MAX_SERVERS from 16 to 64
There are installations out there that would like to configure more
than 16 links per server, so increase this limit. Best would be to
get rid of MAX_SERVERS altogether and make if fully dynamic, but
start with this quick and dirty hack ...
2014-07-20 13:19:36 +02:00
Alexander Barton
3f807e1045 Test suite: Don't use DNS lookups
Different operating systems do behave quite differently when doing DNS
lookups, for example "127.0.0.1" sometimes resolves to "localhost" and
sometimes to "localhost.localdomain" (for example OpenBSD). And other
systems resolve "localhost" to the real host name (for example Cygwin).

So not using DNS at all makes the test site much more portable.
2014-06-09 02:15:52 +02:00
Alexander Barton
39b8fc65b6 Add "tests-skipped.lst" to src/testsuite/.gitignore 2014-06-04 12:20:31 +02:00
Alexander Barton
3de972e0bd Test suite/platformtest.sh: Detect when tests have been skipped
Detect if some tests have been skipped, for example when telnet(1) or expect(1)
is missing: ./contrib/platformtest.sh will echo a warning message now.
2014-06-04 12:15:23 +02:00
Alexander Barton
a90004b913 Test suite: Update file headers and comments 2014-04-17 23:56:36 +02:00
Alexander Barton
d314c75a37 Allow "DefaultUserModes" to set all possible modes
Let IRC_MODE() detect that the "fake" MODE command originated on the local
sever, which enables all modes to be settable using "DefaultUserModes"
that can be set by regular MODE commands, including modes only settable by
IRC Operators.
2014-03-18 16:43:21 +01:00
Alexander Barton
5009ab3e8c Spoofed prefixes: Really kill connection on non-server links
This fixes commit 6cbe1308 which only killed the connection when the
spoofed prefix itself belonged to a non-server client.
2014-03-18 16:30:38 +01:00
Alexander Barton
5713c49c84 Implement user mode "F": "relaxed flood protection"
ngIRCd relaxes its flood protection for users having the user mode "F" set
and allows them to rapidly send data to the daemon. This mode is only
settable by IRC Operators and can cause problems in the network -- so be
careful and only set it on "trusted" clients!

User mode "F" is used by Bahamut for this purpose, for example, see
<http://docs.dal.net/docs/modes.html#4.9>.
2014-03-18 14:55:38 +01:00
Alexander Barton
35f1db5f28 Handle "throttling" in a single function
ngIRCd uses "command throttling" and "bps throttling" (bytes per second).
The states are detected in different functions, Conn_Handler() and
Read_Request(), but handle the actual "throttling" in a common function:
this enables us to guarantee consistent behavior and to disable throttling
for special connections in only one place, eventually.
2014-03-18 14:53:29 +01:00
Alexander Barton
f547981188 Streamline DEBUG_ARRAY, DEBUG_BUFFER, DEBUG_IO, DEBUG_ZIP
Change all #define's to follow the form
	#define DEBUG_xxx {0|1}
to disable (0, default) or enable (1) additional debug messages.

And somewhat enhance some DEBUG_BUFFER messages.
2014-03-17 23:54:44 +01:00
Alexander Barton
b35f8916a5 conn.c: Code cleanup
Reformat and restructure some code, move all SSL related code into
one single #ifdef block, for example.
2014-03-17 22:59:58 +01:00
Alexander Barton
a534e71e8d Re-add #include's for header files of the C file itself
This partially reverts commit b130b35f4, "Update #include's: remove
unused and add missing ones", but fixes the following compiler and
analyzer warnings of Apple Xcode 5:

 "Semantic issue: No previous prototype for function 'yyy'"
2014-03-17 18:02:57 +01:00
Alexander Barton
a13bb78b1e Update copyright notices of recently changed files 2014-03-17 12:22:00 +01:00
Alexander Barton
b130b35f48 Update #include's: remove unused and add missing ones
The "deheader" tool (<http://www.catb.org/~esr/deheader/>) has been
used to find unused #include directives as well as missing ones.

Tested on:

- A/UX 3.1.1
- ArchLinux (2014-03-17)
- Debian GNU/Hurd
- Debian GNU/Linux 6.0.9
- Debian GNU/Linux 7.4
- Fedora 20
- FreeBSD 9.2
- OpenBSD 4.8
- OpenBSD 5.1
- OS X 10.9
- Solaris 11
2014-03-17 11:37:25 +01:00
Alexander Barton
37090a28e8 portab.h: Restructure and clean up code
- Don't use HAVE_SYS_TYPES_H, <sys/types.h> is a required header now.
- Streamline check for boolean data types.
- Better indent #ifdef constructs.
2014-03-17 01:17:30 +01:00
Alexander Barton
7b10a0e4ee io.c: <sys/time.h> is only needed when using select()
Only include the <sys/time.h> header when using the select() IO API,
it isn't required otherwise.
2014-03-17 00:45:07 +01:00
Alexander Barton
259c314d14 Remove imp.h and exp.h header files
These include files don't have a function any more, remove them.
2014-03-17 00:17:02 +01:00
Alexander Barton
51396f8f1c strdup.c: Code cleanup 2014-03-16 22:59:03 +01:00
Alexander Barton
6238196dac Don't define SSL_Want{Read|Write}() when SSL is disabled
Not even call the "dummy" functions.
2014-03-16 22:31:23 +01:00
Alexander Barton
43fb18f2f5 Code cleanup, remove blank lines 2014-03-16 22:11:26 +01:00
Alexander Barton
a4ed90ba9a Fix two K&R C portability issues
Fix the following two errors emitted by the Apple K&R C compiler
on Apple A/UX:

"./class.c", line 47: no automatic aggregate initialization
"./class.c", line 47: illegal lhs of assignment operator

"./conf.c", line 1052: syntax error

Tested on A/UX 3.1.1.
2014-03-16 20:07:08 +01:00
Roy Sindre Norangshol
485d0aec81 Use server password when PAM is compiled in but disabled 2014-02-28 10:53:40 +01:00
Alexander Barton
abf280d5bd CHARCONV: Fix handling conversion errors
Don't overwrite already converted text!
2014-02-23 18:20:47 +01:00
Alexander Barton
ccc9e1baa4 Streamline punctuation of log messages
See commit d38d153f for details.
2014-02-09 16:01:13 +01:00
Alexander Barton
384b27cee0 IRC_INVITE(): Code cleanup 2014-02-02 00:27:24 +01:00
Alexander Barton
6496fa4655 Streamline punctuation of log messages
See commit d38d153f for details.
2014-02-02 00:27:03 +01:00
Alexander Barton
20b52fe33d Correctly use cloaked IRC masks on "INVITE nickname"
The cloaked IRC mask of a user is his visible mask, so the daemon has
to use it for generating the "one time" entries for the invite list of
the given channel.

Without this patch, ngIRCd records the real IRC mask which will never
match while the target client is "+x", and even worse, will disclose
the real mask on "MODE #channel +I" commands :-/

Bug reported by Cahata on #ngircd, thanks!
2014-01-27 23:05:29 +01:00
Alexander Barton
0fc822d8c4 Use correct sender as target for ISUPPORT replies on "VERSION"
This fixes commit 2e168c78 ("Return ISUPPORT(005) numerics on
'VERSION'") and make sure, that the 005 numerics are correctly
routed back to the sender.
2014-01-27 22:23:47 +01:00
Alexander Barton
2e168c7809 Return ISUPPORT(005) numerics on "VERSION"
This is how ircd-seven, Charybdis, Hybrid, and InspIRCd behave,
for example.
2014-01-26 23:41:59 +01:00
Mantas Mikulėnas
e273bd226a Show account name in WHOIS
This uses the same numeric as Charybdis and ircu families.
2014-01-20 14:25:11 +02:00
Alexander Barton
599cfd0944 Merge branch 'no-range-matching' of git://arthur.barton.de/ngircd-alex
* 'no-range-matching' of git://arthur.barton.de/ngircd-alex:
  Remove "range matching" functionality
2014-01-17 23:11:37 +01:00
Alexander Barton
e747fe9277 Fix configure script and "make check" for TCP Wrappers
Add missing #include's and static variables.

Problem spotted on OpenBSD.
2014-01-17 16:18:55 +01:00
Alexander Barton
e73d70ce6f Remove "range matching" functionality
Don't support "range marching" in our pattern matching code using
the "[...]" syntax, because [ and ] are valid characters in nick
names and one has to quote them currently using the "\" character,
which is quite unexpected. For example:

  Nick "te[st" => "MODE #channel +b te\[st"

And remove quoting altogether, too, because "*" and "?" don't need
to be quoted because these characters are not allowed in IRC masks,
nicks, and hostnames.

Reported by "hifi" (Toni Spets) on IRC, thanks!
2014-01-15 14:58:57 +01:00
Alexander Barton
fe73835666 Client_SetHostname(): Don't use strlen() to test for value 2014-01-10 19:57:05 +01:00
Alexander Barton
5b4b7e2f55 Test suite: explicitely enable glibc memory checking 2014-01-10 19:56:14 +01:00
Alexander Barton
8ae2cdfce9 Send "fake '*' key" in "MODE -k" replies
According to RFC 2812 3.2.3 "Channel mode message" and the examples
there, it looks like clients should use "MODE -k <key>" to unset channel
keys; and that's how other servers and services behave and do expect it.

(But please note that this is NOT the case for "MODE -l"!)

In the end, it doesn't make sense to specify a key when UNsetting it at
all, and different services behave diffrently when clients do not send
the currently set key to unset it - some ignore such calls, for example!

But this implementation is quite relaxed, it accepts any key when
unsetting channel mode "k" and even accepts no key at all. But the reply
will always include an "*" character for every "-k" parameter.
2014-01-08 14:24:03 +01:00
Alexander Barton
5d88030bd1 Support non-standard vsnprintf() return code
C99 states that vsnprintf() "returns the number of characters that
would have been printed if the n were unlimited"; but according to the
Linux manual page "glibc until 2.0.6 would return -1 when the output
was truncated" -- so we have to handle both cases ...
2014-01-04 23:57:05 +01:00
Alexander Barton
788da901ee Update Copyright notices for 2014 2014-01-02 15:27:07 +01:00
Alexander Barton
2a40112f09 Merge branch 'bug167-WebircIPAnoDNS' of git://arthur.barton.de/ngircd-alex
* 'bug167-WebircIPAnoDNS' of git://arthur.barton.de/ngircd-alex:
  WEBIRC: Don't respect hostname when DNS is disabled
2014-01-02 00:45:05 +01:00
Alexander Barton
61b7932e82 Merge branch 'bug165-005-NETWORK' of git://arthur.barton.de/ngircd-alex
* 'bug165-005-NETWORK' of git://arthur.barton.de/ngircd-alex:
  Implement new configuration option "Network"
2014-01-02 00:44:42 +01:00
Alexander Barton
f024a4992a portabtest: Add checks for strdup(), strndup(), and strtok_r() 2014-01-01 16:38:36 +01:00
Alexander Barton
d38747d951 portabtest: Actually test functions
Test functions snprintf(), strlcpy(), strlcat(), vsnprintf() for
correctness, not only existance (which was quite useless, because
if they weren't available, the program could not have been linked
at all ...).
2014-01-01 15:57:34 +01:00
Alexander Barton
18070e5381 portabtest: Only use one exit code to indicate errors 2013-12-29 17:48:25 +01:00
Alexander Barton
d913323ca9 portabtest: Code cleanup 2013-12-29 17:46:54 +01:00
Federico G. Schwindt
9230f2fff1 Fix permanent k/gline
Reported by Toni Spets (hifi - at - jnz - dot - fi).
2013-12-29 01:14:28 +01:00
Alexander Barton
86bdf6e1d4 Implement new configuration option "Network"
The new configuration variable "Network" is used to set the (completely
optional) "network name", to which this instance of the daemon belongs.
When set, this name is used in the ISUPPORT(005) numeric which is sent to
all clients connecting to the server after logging in.

Closes bug #165.
2013-12-27 23:16:11 +01:00
Alexander Barton
1a628fff51 WEBIRC: Don't respect hostname when DNS is disabled
When DNS lookups are disabled, don't set the hostname received by the
WEBIRC command, but use the IP address instead.

Reported by Toni Spets <toni.spets@iki.fi>, thanks!

Closes bug #167.
2013-12-27 22:34:47 +01:00
Alexander Barton
b8433e9261 Check for working getaddrinfo() function
At least AIX 4.3.3 and 5.1 have a broken implementation of getaddrinfo()
which doesn't handle "0" as numeric service correctly. This patch adds
a configure check for this case and changes all calling functions to only
use getaddrinfo() if it "works".

See <http://www.stacken.kth.se/lists/heimdal-discuss/2004-05/msg00059.html>
2013-12-27 21:35:13 +01:00
Federico G. Schwindt
5a424f60da Fix spelling 2013-12-07 22:48:31 +00:00
Alexander Barton
ae00c100ac Only use unsetenv() when it is available
AIX 4.3 dosn't support it, for example.
2013-11-10 17:08:51 +01:00
Alexander Barton
61d1c864c5 conf-ssl.h: make code compatible with pre-ANSI C compilers 2013-11-09 23:42:56 +01:00
Alexander Barton
8d25044ce5 vsnprintf.c: make code compatible with ansi2knr tool 2013-11-09 23:41:20 +01:00
Alexander Barton
c3c719b978 Remove unused vsnprintf.c test function 2013-11-09 23:31:51 +01:00
Federico G. Schwindt
9ee3760493 Add comments around some IRC_SetPenalty() calls 2013-11-07 18:17:58 +00:00
Federico G. Schwindt
344185b1bd Rework the penalty handling slightly
Increase the penalty for a command before checking its arguments.  This
makes the handling more consistent and allow us to move more penalties to
Handle_Request().
2013-11-07 16:53:29 +00:00
Federico G. Schwindt
fcf61e9e02 Move IRC_SetPenalty() to Handle_Request() when possible
This centralizes the penalty handling. It also exposes some commands that
lack it for our attention.
2013-11-07 16:29:21 +00:00
Federico G. Schwindt
9f236c4b91 Introduce a macro to define the command list
This will pave the way to other changes and simplifies the entries somewhat.
2013-11-07 13:20:08 +00:00
Federico G. Schwindt
00249f3c80 When sending an error use the IRC_WriteErrClient() variant
This ensures that all errors have a 2 second penalty.
2013-11-07 10:45:34 +00:00
Federico G. Schwindt
925b4de298 On bad /oper set the penalty to 10 seconds
This helps against brute-force attempts.
2013-11-06 21:46:53 +00:00
Federico G. Schwindt
48ea69d778 Remove unneded IRC_SetPenalty() calls
IRC_WriteErrClient() already calls IRC_SetPenalty().  While here convert
some IRC_SetPenalty() + IRC_WriteStrClient() to IRC_WriteErrClient().
2013-11-06 18:28:09 +00:00
Federico G. Schwindt
80d0613bf2 Use sizeof() intead of the explicit size 2013-11-06 18:25:11 +00:00
Alexander Barton
4ab688c5e8 Remove wrong #ifdef in Option_String()
This fixes the following error when compiling without zlib support:

  irc.c: In function ‘Option_String’:
  irc.c:487: error: ‘options’ undeclared (first use in this function)

Reported by "der_baer" on #ngircd.
2013-11-01 19:12:35 +01:00
Federico G. Schwindt
8e6db769ac Check and call arc4random_stir() if present
FreeBSD prior to 10.0 does not automatically stir on fork(). Same with
current NetBSD. If arc4random_stir() is present assume is needed and
call it instead of srand().
2013-10-23 16:00:26 +01:00
Federico G. Schwindt
62865f7e19 Add support for longer config lines
With the introduction of CipherList we could have longer config lines.
Handle up to 1024 bytes and warn if the line will be truncated.
2013-10-17 22:10:53 +01:00
Federico G. Schwindt
a7dda1b28c Report the correct file on error 2013-10-17 21:52:15 +01:00
Federico G. Schwindt
17589534d0 Add support for arc4random
If arc4random is present it will be used over the srand/rand interface.
This fixes some warnings in OpenBSD-current.
2013-10-16 16:32:06 +01:00
Federico G. Schwindt
ea26fd2840 Fix another strcat warning missed in commit 4c5b43 2013-10-16 10:41:40 +01:00
Alexander Barton
4c5b439992 ngircd.c, main(): use strlcat() instead of strcat()
This fixes the following warning on OpenBSD 5.3:

 ngircd.o(.text+0xeb4): In function `main':
  src/ngircd/ngircd.c:300: warning: strcat() is almost always misused,
                                    please use strlcat()

Thanks to Götz Hoffart for reporting this!
2013-10-07 21:56:09 +02:00
Alexander Barton
2798a12444 Actually KILL clients on GLINE/KLINE
Kill all clients that match a new GLINE/KLINE mask and genrate apropriate
KILL commands. These KILL commands can be superfluous, but are required
when the IRC Operator isn't allowd to set remote G-Lines or if there are
older servers in the network that don't kill clients on GLINE/KLINE.

Closes bug #156.
2013-10-01 12:26:34 +02:00
Alexander Barton
02182143c3 Don't forward KILL commands for unknown clients 2013-10-01 12:20:23 +02:00
Alexander Barton
b5faf3055b New function IRC_KillClient() to kill clients
The old local function Kill_Nick() in irc.c has been an ugly hack. This
patch implements a generic function for killing clients.

Adjust all callers of Kill_Nick() and respect the return code!
2013-10-01 12:13:17 +02:00
Alexander Barton
cccd8fc957 Adjust log messages for invalid and spoofed prefixes
Now invalid prefixes aren't logged no more when originating from an other
server (besides in debug mode), and spoofed prefixes are correctly logged
using LOG_WARNING (from an other server) or LOG_ERR (from a client) levels.

In addition, the log message texts have been adjusted to better reflect
what will happen: commands with invalid prefixes are ignored and logged,
commands with spoofed prefixes will result in the client being disconncted
(regular users) or the command being ignored (other servers).

This cleans up logging of commands related to already KILL'ed clients.
2013-09-26 02:28:16 +02:00
Alexander Barton
eccbd97e1f Remove CLIENT.oper_by_my, Client_SetOperByMe() and Client_OperByMe()
All places where Client_OperByMe() is used can either be converted to
Client_HasMode(Client, 'o') or Op_Check().

And Op_Check() itself can use the connection handle for deciding whether
the IRC Operator is a local user or not.
2013-09-25 01:29:23 +02:00
Federico G. Schwindt
ec5ab4fcd1 Add support to show user links using "STATS L"
Change "stats L" to show servers and user links and restrict it to
IRC Operators.
2013-09-24 21:17:35 +02:00
Alexander Barton
13a5358a3d Log an error (not info) when working directory can't be changed 2013-09-24 00:04:54 +02:00
Federico G. Schwindt
27b9d32bf2 Change the certificate fingerprint digest to sha256
While here correct some indentation.
2013-09-17 17:35:56 +01:00
Federico G. Schwindt
0985d69cc6 Change cipher defaults
Switch cipher defaults to HIGH:!aNULL:@STRENGTH (OpenSSL) or
SECURE128 (GnuTLS).
2013-09-17 17:15:24 +01:00
Alexander Barton
d0977258ee Merge remote-tracking branch 'alex/bug162-SSLCipherList'
* alex/bug162-SSLCipherList:
  Cipher list selection for GnuTLS
  ConnSSL_Init_SSL(): correctly set CONN_SSL flag
  Cipher list selection for OpenSSL
  ConnSSL_InitLibrary(): Code cleanup
2013-09-16 17:32:25 +02:00
Federico G. Schwindt
2cebfc54f5 Fix server reconnection
In some error cases conn_id will be left as SERVER_WAIT and
subsequently ignored in Check_Servers(). Ensure conn_id is set to
NONE before returning from New_Server() if we couldn't establish
the connection.

Prompted by a report from gabrielgi-at-gmail-dot-com.
2013-09-16 02:15:49 +01:00
Alexander Barton
de3e5fa77c Don't ignore SSL-related errors during startup
Without this patch, ngIRCd ignores SSL-related messages and continues
to start up but only listens on plain text communication ports -- and
this most probably isn't what the administrator wanted ...

Closes bug #163.
2013-09-16 00:31:03 +02:00
Alexander Barton
b9006acee3 Cipher list selection for GnuTLS
This patch implements the missing functionality for cipher list selection
using GnuTLS (our OpenSSL code has this already).
2013-09-15 17:57:47 +02:00
Alexander Barton
51231ac8d4 ConnSSL_Init_SSL(): correctly set CONN_SSL flag
The CONN_SSL flag must be set before any calls to ConnSSL_Free()!
2013-09-15 17:35:52 +02:00
Alexander Barton
84ed46d4c1 Cipher list selection for OpenSSL
This patch introduces the possibility to arbitrarily select ciphers which
should be promoted resp. declined when establishing a SSL connection
with a client by implementing the new configuration option "CipherList".

By default, OpenSSL would accept low and medium strength and RC-4 ciphers,
which nowadays are known to be broken.

This patch only implements the feature for OpenSSL. A GnuTLS counterpart
has to be implemented in another patch ...

Original patch by Bastian <bastian-ngircd@t6l.de>.

Closes bug #162.
2013-09-15 15:09:36 +02:00
Alexander Barton
849f85a05c ConnSSL_InitLibrary(): Code cleanup 2013-09-15 14:09:31 +02:00
Alexander Barton
e8e0351985 TRACE: fix error message when there are too many parameters
ircd 2.11 ignores additional parameters silently, but I don't think
that this is the correct behaviour either ...
2013-09-07 00:19:21 +02:00
Alexander Barton
131364def1 IRC_SetPenalty(): Code cleanup 2013-09-07 00:05:49 +02:00
Federico G. Schwindt
bcb45da1b4 Add more penalty times
Ensure before every numeric 461 there is a call to IRC_SetPenalty().
2013-09-06 23:02:01 +01:00
Federico G. Schwindt
08f9d31d60 Rework check for number of parameters
Move most of the checks that return numeric 461 into Handle_Request().
2013-09-06 23:01:59 +01:00
Federico G. Schwindt
37609d6a4f Reorder checks
Move oper and Conf_MorePrivacy checks after checking the number of
parameters.
2013-09-05 17:31:57 +01:00
Federico G. Schwindt
33c2d5e4e2 Move the IRC_SetPenalty() call after the asserts 2013-09-05 17:31:57 +01:00
Federico G. Schwindt
a98bbc8e0b Correct numeric returned by whois
As per RFC whois should return 431 if no nick is provided.  While
here convert upper check to use irc-macros. As a bonus we get to set
the penalty for free.
2013-09-05 17:31:56 +01:00
Federico G. Schwindt
9f74c0ff07 Minor cosmetic change
Add a define to indicate any client.  While I'm here use hex values
instead of decimal, it's somewhat clearer that they could be OR'ed
together.
2013-09-05 17:31:55 +01:00
Alexander Barton
e3a2a6c44d getpid.sh: use /bin/pidof when available 2013-09-03 21:33:22 +02:00
Alexander Barton
aad92ceafe Don't enforce channel types for other servers
The configuration option "AllowedChannelTypes" must only be enforced for
regular clients and not for remote servers. Channels created by other
servres are always allowed, because they already exist and the daemon
must stay in sync with the network.
2013-09-03 17:13:46 +02:00
Alexander Barton
4102e8fdfe Only log "IDENT ... no result" when IDENT was looked up
Without this patch, ngIRCd logged the "IDENT lookup for connection X:
no result"-message even when IDENT lookups have been disabled using the
"Ident = no" configuration option, which is a little bit misleading.

Reported by "btwe" in #ngircd.
2013-09-02 16:42:20 +02:00
Florian Westphal
f8f8a9a041 ngircd: use setgid/setuid errno value in error path
Need to use saved errno value as strerror argument, else you
get bogus output ('success') in the log message.
2013-08-31 22:42:56 +02:00
Alexander Barton
04b947cdc3 Show connection flag "s" (SSL) in RPL_TRACE{LINK|SERVER}
Now you can check if a server-to-server link is SSL-encrypted or not
using the IRC "TRACE" command.

Idea by Götz Hoffart, thanks!
2013-08-31 14:15:24 +02:00
Federico G. Schwindt
be2e611680 Change away to be allocated dynamically 2013-08-27 00:06:03 +01:00
Alexander Barton
41f75b6974 Ignore "operation not permitted" while dropping groups
Without this exception, you can't start ngIRCd as user any more,
it is analog to setting the user and group ID.
2013-08-27 00:41:36 +02:00
Florian Westphal
e009ccbe66 ngircd: discard supplementary group ids on startup
The intention was to switch to JUST uid:gid, but setgid is not
sufficient.

Reported-by:  Michael Scherer <misc@zarb.org>
2013-08-27 00:19:31 +02:00
Alexander Barton
44698e44e8 Merge branch 'bug159-WebircIPA'
* bug159-WebircIPA:
  Introduce Free_Client() function to free CLIENT structure
  Save client IP address text for "WebIRC" users
2013-08-26 23:22:20 +02:00
Alexander Barton
0ff33777fe Introduce Free_Client() function to free CLIENT structure 2013-08-26 22:55:00 +02:00
Alexander Barton
1dc93286a0 Save client IP address text for "WebIRC" users
This patch introduces a new field in the CLIENT structure, "ipa_text",
which points to an optional textual representation of the client IP
address (or NULL) which can be used to store the "real" IP address
information of a client using the "WEBIRC" protocol.

Without this patch, ngIRCd ignored the <ip-address> paramater ...

In addition, the functions Client_SetIPAText() and Client_IPAText()
have been introduced to set and get the textual representation of the
client IP address.

Client_IPAText() can be used even when no "IP address text" has been
set before, it then returns the real IP address of the connection.

Closes bug #159.
2013-08-26 22:54:00 +02:00
Alexander Barton
2bacb8210b Implement new configuration option "DefaultUserModes"
The new configuration option "DefaultUserModes" lists user modes that
become automatically set on new local clients right after login.

Please note that only modes can be set that the client could set on
itself, you can't set "a" (away) or "o" (IRC Op), for example! User
modes "i" (invisible) or "x" (cloaked) etc. are "interesting", though.

Default: set no modes (like without this patch).

Closes bug #160.
2013-08-26 21:17:10 +02:00
Federico G. Schwindt
3b65f4e38d Change strdup() to strndup() 2013-08-26 12:18:46 +01:00
Federico G. Schwindt
6ac5a82eec private strndup() implementation in case libc does not provide it 2013-08-26 10:47:04 +01:00
Federico G. Schwindt
8d01be7bbd Silence warning
Cast the result of the operation to long, not the time(NULL) call.
On systems where sizeof(time_t) is other than long this will produce
a warning.
2013-08-25 05:24:11 +01:00
Federico G. Schwindt
eb86d234f8 Plug memory leak 2013-08-25 05:24:11 +01:00
Federico G. Schwindt
3af0ece2bc Implement account login support
This is done via the `accountname' METADATA command and used to
automatically identify users after netsplits or across service
restarts.
2013-08-25 05:24:08 +01:00
Federico G. Schwindt
a9ffbdea3f Fix spelling 2013-08-24 17:51:44 +01:00
Alexander Barton
309122017e Correctly handle return code of Handle_Write()
There have been code paths that ignored the return code of Handle_Write()
when sending "notice auth" messages to new clients connecting to the
server. But because Handle_Write() would have closed the client connection
again if an error occurred, this would have resulted in new errors and
assert()'s later on that could have crashed the server (denial of service).

Only setups having the configuration option "NoticeAuth" enabled are
affected, which is not the default.

CVE-2013-5580.
2013-08-23 21:40:51 +02:00
Alexander Barton
8f530eb315 Enhance log messages on "recursive" connection errors 2013-08-21 01:16:16 +02:00
Alexander Barton
d56341c77b Add some assert() calls to ng_ipaddr library 2013-08-21 00:23:47 +02:00
Alexander Barton
c8b12af1d2 Merge branch 'ssl-log-messages'
* ssl-log-messages:
  Make SSL-related log messages more readable
  ConnSSL_HandleError: Code cleanup, more documentation
2013-08-17 22:05:59 +02:00
Alexander Barton
a919e02ba1 Make SSL-related log messages more readable
- Don't use internal function names but describe the error.
 - Streamline wording, use "SSL" for SSL and TLS.
 - Streamline punctuation.
2013-08-14 10:56:09 +02:00
Federico G. Schwindt
b081cfb628 Use _IRC_ARGC_BETWEEN_OR_RETURN_ when possible 2013-08-14 00:07:12 +01:00
Alexander Barton
dd4c60cf39 ConnSSL_HandleError: Code cleanup, more documentation 2013-08-13 00:09:04 +02:00
Alexander Barton
4828bae8d3 Change log level of "SSL connection shutting down" 2013-08-12 00:02:40 +02:00
Federico G. Schwindt
cd38e9580e Fix 2 bugs introduced in 74514b8c23
Channel_Modes() and Channel_Topic() return static memory that is zeroed at
creation time. Fix checking for empty modes and topic so they're propagated
correctly.
2013-08-11 20:57:11 +01:00
Alexander Barton
298158501d IRC_SERVER(): Code cleanup 2013-08-07 00:13:08 +02:00
Alexander Barton
904c8a4375 Introduce new function IRC_WriteErrClient()
This function is used to send "error messages", including numerics,
back to clients and to automatically enforce a 2 second penalty. With
this patch, all error results enforces a delay for the client.

All callers of IRC_WriteStrClient(ERR_xxx) have been converted.

Please note that this patch prolongs the time "make check" needs
to complete its tests, because of lots of new enforced penalties ...
2013-08-07 00:10:50 +02:00
Alexander Barton
b86e33ef49 irc-macros.h: Update copyright, don't forget contributors! 2013-08-06 23:36:16 +02:00
Alexander Barton
0a3d8d60d3 irc-write.c: Clean up code and add more documentation comments 2013-08-06 23:21:48 +02:00
Alexander Barton
08d49a8fa0 Fix return code of some IRC_WriteXXX() functions
These functions usually write to more than one target, and therefore
can't return value indicating success or failure in a sane way. And, even
more omportant, these functions should send to as much as possible clients
and not stop at the first client which isn't reachable any more!
2013-08-06 23:18:57 +02:00
Alexander Barton
8f5cbe51a7 Streamline punctuation of log messages
See commit d38d153f for details.
2013-08-06 21:34:32 +02:00
Federico G. Schwindt
7db8481500 Inline who_flags_status 2013-08-05 11:05:12 +01:00
Federico G. Schwindt
74514b8c23 Convert more code to use Channel_HasMode 2013-08-04 21:16:03 +01:00
Federico G. Schwindt
c74115f25c Simplify mode checking on channels and users within a channel
Add Channel_HasMode() and Channel_UserHasMode() and use it where
possible.
2013-08-04 18:28:04 +01:00
Federico G. Schwindt
672a167963 Use Client_HasMode and Client_HasFlag where appropriate 2013-08-04 17:25:24 +01:00
Alexander Barton
139f5961a0 Merge branch 'bug152-AllowedChannelTypes'
* bug152-AllowedChannelTypes:
  Implement new configuration option "AllowedChannelTypes"
  Introduce "CHANTYPES" #define
2013-08-04 14:11:12 +02:00
Alexander Barton
5258fb7f7c Implement new configuration option "AllowedChannelTypes"
The new configuration variable "AllowedChannelTypes" lists all allowed
channel types (channel prefixes) for newly created channels on the local
server. By default, all supported channel types are allowed.

If set to the empty string, local clients can't create new channels at
all, which equals the old "PredefChannelsOnly = yes" setting.

This patch deprecates the "PredefChannelsOnly" variable, too, but it is
still supported and translated to the apropriate "AllowedChannelTypes"
setting. When "PredefChannelsOnly" is processed, a warning message is
logged.

Closes bug #152.
2013-08-04 14:10:12 +02:00
Federico G. Schwindt
15dfdaac82 More spelling fixes
Remove superflous comments, mostly in German. Fix spelling and
use american variants for consistency.
2013-08-04 12:45:11 +01:00
Federico G. Schwindt
bb8d207efa Change cloaked hostname to be malloc'd on demand
This shaves a few bytes when cloaked hostnames are not used and
restricts the cloakhost announcement iif there is something to
send.
2013-08-04 10:15:11 +01:00
Federico G. Schwindt
e03d8eb728 Add Client_HasFlag() to check if a client has certain flag 2013-08-04 04:00:34 +01:00
Federico G. Schwindt
a95d3e05e7 Fix spelling 2013-08-04 03:15:27 +01:00
Federico G. Schwindt
646a97de5f Rename XXX_Fingerprint to XXX_CertFp 2013-08-04 03:14:27 +01:00
Federico G. Schwindt
8e60fac73b Improved client announcement
Move Announce_User() to client.c and rename it to Client_Announce().
Use this in cb_introduceClient() instead of duplicating the code.
This fix the certificate fingerprint announcement for new clients.
Also ensure the certificate fingerprint is only announced if the
client supports it (`M' flag).
2013-08-04 00:22:38 +01:00
Alexander Barton
5e775a3fae Introduce "CHANTYPES" #define
This #define lists all the prefix characters of all supported channel
types, this is "#&+" at the moment.
2013-08-04 00:35:08 +02:00
Alexander Barton
69ce65bacb Merge remote-tracking branch 'fgsch/certfp'
* fgsch/certfp:
  Simplify MOTD handling
  Add certificate fingerprint support
2013-08-03 00:29:12 +02:00
Federico G. Schwindt
bf8e03c466 Simplify MOTD handling
Merge Show_MOTD_Start, Show_MOTD_Sendline and Show_MOTD_End into
IRC_Show_MOTD.
2013-08-02 23:24:18 +01:00
Federico G. Schwindt
1254d315b9 Add certificate fingerprint support 2013-08-02 23:24:06 +01:00
Alexander Barton
4ec19c0332 Update irc-server.c to use irc-macros.h
And add some comments :-)
2013-08-03 00:00:47 +02:00
Alexander Barton
78c8212280 Update irc-oper.c to use irc-macros.h 2013-08-02 23:27:11 +02:00
Alexander Barton
888c524683 Update irc-mode.c to use irc-macros.h
This includes code cleanups and more comments, too.
2013-08-02 01:48:35 +02:00
Alexander Barton
ae0af66d50 Update irc-channel.c to use irc-macros.h
This includes code cleanups, too :-)
2013-08-02 01:46:57 +02:00
Alexander Barton
771e539c18 Show IRC Operator name when logging a successful OPER command 2013-08-01 00:24:10 +02:00
Alexander Barton
313881d0c1 Add penalty times in error paths of generic IRC helper macros
Add a 2 second penalty time when the number of parameters is invalid.
2013-07-30 22:08:04 +02:00
Alexander Barton
3bd973037a Add more penalty times in error paths
This patch changes the handlers of the "PASS", "NICK", "USER",
and "SERVICE" commands to enforce a 2 second penalty when an error
like "need more/other parameters" occurs.

More functions should follow, I think ...
2013-07-30 22:05:00 +02:00
Alexander Barton
f494023b0d Update irc-login.c to use irc-macros.h
This includes code cleanups, too :-)
2013-07-30 21:18:42 +02:00
Alexander Barton
fa15eb1698 Update irc.c to use irc-macros.h
This includes code cleanups and better documentation for some
functions, too.
2013-07-18 23:35:33 +02:00
Federico G. Schwindt
7adc4b8e99 Handle services in IRC_WHOIS_SendReply()
If the target is a service, advertise it as such and ignore operator mode.
2013-07-18 19:52:17 +01:00
Federico G. Schwindt
5021977bb1 Fix spelling 2013-07-18 17:51:02 +01:00
Alexander Barton
9d3800fd15 Merge pull request #3 from Cofyc/master
irc-info.c: some commands use LINE_LEN as command buffer len
2013-05-30 08:55:48 -07:00
Yecheng Fu
4f525d39d4 LINE_LEN -> COMMAND_LEN
LINE_LEN is configuration file line length
2013-05-30 13:53:33 +08:00
Alexander Barton
7ea3864a93 IncludeDir: default to "$SYSCONFDIR/ngircd.conf.d"
Now "IncludeDir" defaults to "$SYSCONFDIR/ngircd.conf.d" instead
of no directory, but a missing directory is only reported as an
error if it has explicitely configured in the main configuration
file and simply ignored otherwise.

Therefore it is now possible not to touch the default (sample)
configuration file at all, and set all distribution and/or system
specific configuration options in "*.conf" files stored in
"$SYSCONFDIF/ngircd.conf.d/".

Thanks to "Elmasloco" for the idea!
2013-05-25 00:25:38 +02:00
Alexander Barton
891dbd2acc "IncludeDir" can't be overwritten by included files 2013-05-24 22:40:23 +02:00
Alexander Barton
f206fda8ae Implement new configuration option "IncludeDir"
The option "IncludeDir" in the [Options] section can be used
to specify a directory which can contain further configuration
files and configuration file snippets matching the pattern
"*.conf" that should be read in after the main configuration
file ("ngircd.conf" by default) has been parsed.

Closes bug #157.
2013-05-24 22:34:53 +02:00
Alexander Barton
6beb0fad3f conf.c: New function Read_Config_File()
This function reads in and parses a single configuration file.
Adjust all other functions to display the correct name of the
file being read in currently.
2013-05-24 21:57:42 +02:00
Alexander Barton
27fd92d580 Rename "Mask" variables into "Pattern" in assert() statements
This completes commit 3ab00e3a11 which broke debug builds.
2013-04-21 15:58:46 +02:00
Federico G. Schwindt
51e5ba94b3 Ensure there is enough space for the mask
As pointed by Alex while strl{cat,cpy} take the full length
we need to leave space to ensure a proper mask is always created
so revert the removal of - N from my last change.
2013-04-20 10:53:16 +01:00
Federico G. Schwindt
b4d0a40383 Better description for Lists_CheckReason() 2013-04-20 00:44:05 +01:00
Federico G. Schwindt
3ab00e3a11 Change Lists_MakeMask() to receive a buffer for the mask
Change callers accordingly so they don't rely on a global buffer and
rename Mask to Pattern where it makes sense since some functions
where indeed receiving a pattern and not a mask.
2013-04-20 00:43:47 +01:00
Federico G. Schwindt
cde2e8a277 Fix use-after-free on Lists_CheckReason()
Change Lists_CheckReason() to receive a buffer where the reason
will be stored and its length.  Change callers accordingly.

Change Class_GetMemberReason() (and its callers) in a similar way
so it doesn't rely on a global buffer for the rejected reason.
2013-04-20 00:43:35 +01:00
Sebastian Köhler
0131e1e00b Lists_CheckReason(): Check for Client_MaskCloaked()
Look for possible cloaked Masks in Lists. Users with +x usermode can be
banned with their cloaked hostname now.
2013-03-20 03:40:31 +01:00
Alexander Barton
a2e26aad1e Conn_Handler(): Don't test for penalty times
The Conn_Handler() main loop calls Handle_Buffer() which checks for the
"penalty time" of each client itself, so don't do it twice.
2013-03-09 17:58:10 +01:00
Alexander Barton
b4393277ea Don't read SSL client data before DNS resolver is finished
Fix the cb_clientserver_ssl() callback function to not read in and store SSL
encrypted client data before the asynchronous DNS resolver sub-process has
finished: This could have resulted in discarding the resolved client hostname
and IDENT reply afterwards, because in some situations (timing dependent) the
NICK and USER commands could have already been read in from the client,
stored in the buffer, and been processed.

Thanks to Julian Brost for reporting the issue and testing, and to Federico
G. Schwindt <fgsch@lodoss.net> for helping to debug it!
2013-03-09 17:44:34 +01:00