The default value for the -nameopt option changed in OpenSSL 3.2 from
`oneline' to `utf8'. The `oneline' option also included a space around
the fields which is not the case for `utf8'. This means that
CN = my.first.domain.tld
changed to
CN=my.first.domain.tld
and is now longer recognized, leading to test failure.
This can be fixed by either going back to `oneline' or keeping `utf8'
and adding additionally `space_eq'. Anoter way would be to teach the
expect that the space is optional.
Add explicit -nameopt option with `utf8,space_eq' which is understood by
by OpenSSL 3.2 and earlier to make explicit. Remove the wildcard.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
No longer use a default built-in value for the "IncludeDir" directive
when a configuration file was explicitly specified on the command line
using "--config"/"-f": This way no default include directory is scanned
when a possibly non-default configuration file is used which
(intentionally) did not specify an "IncludeDir" directive.
With this patch you now can use "-f /dev/null" for checking all built-in
defaults, regardless of any local configuration files in the default
drop-in directory (which would have been read in until this change).
The server "Name" in the "[Global]" section of the configuration file is
optional now: When not set (or empty), ngIRCd now tries to deduce a
valid IRC server name from the local host name ("node name"), possibly
adding a ".host" extension when the host name does not contain a dot
(".") which is required in an IRC server name ("ID").
This new behaviour, with all configuration parameters now being
optional, allows running ngIRCd without any configuration file at all.
Basically this is unnecessary, as Channel_UserModes() always returns a
valid pointer and strchr() can deal with an empty (NULL-terminated)
string perfectly fine, bit it makes the code a bit more obvious and
silences the following warning:
In function ‘Channel_UserHasMode’,
inlined from ‘Channel_Kick’ at channel.c:384:7:
channel.c:784:16: warning: ‘strchr’ reading 1 or more bytes from a region
of size 0 [-Wstringop-overread]
784 | return strchr(Channel_UserModes(Chan, Client), Mode) != NULL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This was seen with "gcc (Debian 12.2.0-14) 12.2.0" at least.
Add a "/* fall through */" annotation to "case" statements which
actually should "fall through" to silences GCC warning like this:
hash.c: In function ‘jenkins_hash’:
hash.c:110:27: warning: this statement may fall through
[-Wimplicit-fallthrough=]
110 | case 12: c+=((UINT32)k[11])<<24;
| ~^~~~~~~~~~~~~~~~~~~~~
Without this patch, disabling DNS in the configuration disabled IDENT
lookups as well (for no good reason).
This patch allows enabling/disabling DNS lookups and IDENT requests
completely separately and enhances the messages sent to the client when
"NoticeBeforeRegistration" is enabled, too.
Thanks for reporting this, Miniontoby!
Closes#291.
This was reported back in April 2021, thanks Sarah!
Subject: NGIRCD bug report
Date: April 28 2021, 14:30:08 MESZ
To: alex@barton.de
Hello,
I am writing to you to report a bug in ngircd.
In any give channel, if an user is with mode +a (admin), he/she can
sets mode +/-q(owner) to any other user. This is not inline with the
documentation.
I've looked into the code irc-mode.c, apparently an if block is
missing. Below are the code snippets that I believe fixes the bug.
This patch is what Sarah sent in. Thanks a lot!
You don't need to configure certificates/keys as long as you don't
configure SSL-enabled listening ports.
This can make sense when you want to only link your local daemon to an
uplink server using SSL and only have clients on your local host or in
you fully trusted network, where SSL is not required.
Don't accept incoming plain-text ("non SSL") server connections for
servers configured with "SSLConnect" enabled.
If "SSLConnect" is not set for an incoming connection the server still
accepts both plain-text and encrypted connections.
This change prevents an authenticated client-server being able to force
the server-server to send its password on a plain-text connection when
SSL/TLS was intended.
Always try to close a connection with errors immediately, but try hard
to avoid too much recursion.
Without this patch, an outgoing server connection could get stuck in an
"endless" state trying to write out data over and over again.
This tries to fix 04de1423eb.
Thanks Katherine Peeters for the patch and pull request!
Closes#294.
* katp32/master:
Improve documentation for --syslog
Added command line flag to enable syslog
Split NoSyslog from behaviour of NoDaemon
- Bring sample-ngircd.conf and ngircd.conf.5 description in line.
- Fix configuration parsing, it always showed the 'Unknown variable
"Autojoin"' error message, even when everything was perfectly fine.
- And fix a build error (at least on macOS with Apple Clang 14):
login.c:234:3: error: call to undeclared function 'IRC_JOIN'; ISO
C99 and later do not support implicit function declarations
[-Wimplicit-function-declaration]
IRC_JOIN(Client, &Req);
^
The #include for the "irc.channel.h" header was missing!
- Remove a unused variable that caused a compiler warning:
login.c:222:12: warning: unused variable 'n' [-Wunused-variable]
size_t i, n, channel_count = array_length(&Conf_Channels, sizeof(*conf_chan));
^
- Add a explicit cast to fix a compiler warning:
login.c:235:15: warning: assigning to 'char *' from 'const char[51]'
discards qualifiers [-Wincompatible-pointer-types-discards-qualifiers]
Req.argv[0] = conf_chan->name;
^ ~~~~~~~~~~~~~~~
Let's behave like most(?) other IRC daemons (at least ircd2.11) and hide
all +i users when WHOIS is used with a pattern. Otherwise privacy of
this users is not guaranteed and the +i mode a bit useless ...
Reported by Cahata on #ngircd, thanks!
All numeric replies must originate from an IRC server, never from a
client. So fix the RPL_INVITING message!
Thanks tommyrot for reporting this!
Closes#307.
The debug log messages are always available and a runtime option (since
commit c7de505c), but the assert()'s are only active when ngIRCd was
configured with the "--enable-debug" option.
So only add "+DEBUG" to the version string when the latter is the case.
This basically means to unifdef DEBUG in (almost) all places.
We keep it in src/portab/portab.h so DEBUG stays available to
enable assert(). Also add a comment about this.
Implement new numeric ERR_INVALIDMODEPARAM_MSG(696) and:
- Reject channel keys with spaces and return ERR_INVALIDMODEPARAM_MSG;
This was possible until now and resulted in garbled IRC commands later.
- Reject empty channel keys and return ERR_INVALIDMODEPARAM_MSG;
This was possible until now and resulted in garbled IRC commands later.
- Return ERR_INVALIDMODEPARAM_MSG when user limit is out of bounds;
This was silently ignored until now.
Closes#290. Thanks Val Lorentz for reporting it!
This relates to #290 and considerations which errors to show when: and I
think it is the better approach to give feedback instead of silently
failing.
Note that this code path is also used when handling modes of channels
defined in "[Channel]" blocks in configuration files: in this case the
client is the local server and we can't send messages to it, because it
has no socket connection! Therefore we need those "is_machine" checks
and log an error im this case.
Don't forbid the local server to change modes on local channels: this
happens when overriding modes on local (&) channels in the server
configuration file, for example, and is perfectly fine.
Without this patch, the server worked as expected but showed critical
error messages for each local channel in its configuration file:
"Got remote MODE command for local channel!? Ignored."
