Print "SSLOptionVar =" instead of omitting the option when
running --configtest with ssl enabled.
This better matches the behaviour of other options, e.g. ChrootDir.
This patch enables IRC Operators to use the SQUIT command as specified in
RFC 2812, section 3.1.8 "Squit".
When forwarding SQUIT commands, the server connected to the target will
drop the connection (not the target server itself!).
Please note:
- the configuration option "AllowRemoteOper" mus be enabled on the
server disconnecting the target to allow forwarding of SQUIT commands.
- if the remote server is configured to establish the connection, it
will just do this; so the disconnect is not permanent in this case!
The new "module" op.c is used to implement functions related to IRC Ops.
At the moment, these two functions are available:
- Op_Check() to check for a valid IRC Op, and
- Op_NoPrivileges() to generate "permission denied" messages.
The syntax of the CONNECT command now is:
- CONNECT <server-id>
- CONNECT <server-id> <port>
- CONNECT <server-id> <port> <target>
- CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd>
- CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd> <target>
Note: the configuration option "AllowRemoteOper" mus be enabled on the
target server to allow forwarding of CONNECT commands.
Added new configuration option "AllowRemoteOper" to control whether
remote IRC operators are allowed to use administrative commands that
affect this server or not
This commit introduces the configuration variable, but actually no
function is using it. That's up for the next patches to come ...
when building with debugging enabled, but without ipv6 support,
ngircd dumped core when loading a config file that specified an ipv6
listen address.
ngircd: ng_ipaddr.c:45: ng_ipaddr_init: Assertion `sizeof(*addr) >=
res0->ai_addrlen' failed.
Test for sockaddr_in.sin_len and initialize it to the correct value
which some systems (notably Mac OS X) require.
Note: this code path is only relevant when not using getaddrinfo().
A configured server could have been removed while a connection apptempt
is still in progress. So the cb_connserver() callback has to test if the
server configuration record is still valid.
fix the following warning generated by valgrind if ipv6 is enabled:
Syscall param write(buf) points to uninitialised byte(s)
at 0x4000982: (within /lib/ld-2.9.so)
by 0x80681A8: Resolve_Name (resolve.c:477)
by 0x805439F: Conn_Handler (conn.c:1658)
by 0x804AA7C: main (ngircd.c:331)
The warning is because ng_ipaddr_t can be a union, and only the
necessary parts are initialised. The callers know what part
of the union is valid, so this is not a bug.
if more than one ip address is returned for a single host
name, ngircd is supposed to try other addresses in case
connect() to the first address returned fails for some
reason.
Alexander Barton noticed that this did not work at all,
as the additional results were not stored.
Cosmo Kastemaa reported that its impossible to create an ssl-only setup,
as ngircd binds to port 6667 by default, even if setting "Ports =".
Only add the default port if _both_ "Ports" and "SSLPorts" are
unspecified.
Fixes bugzilla #98.
This patch fixes the following silly log messages:
'ID "XXX" already registered (on connection -1)!'
If the ID is already registered on a local connection, the local
connection ID is printed; and if the ID is connected via a remote
server, "via network" is displayed.
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.
This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.
After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.
It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.
- ONLY servers without ssl/tls support compiled in are not affected.
Disabling SSL in the configuration (no ssl listening ports, etc)
does NOT help.
- servers that are running standalone (i.e., not connected to any
other servers) are not affected, either.
This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
When ngircd announces the list of currently known servers
to a new (connecting) server, it sent the introducer of
the servers instead of the top server.
Assuming this network:
irc1.example.com
|--irc2.example.com
| `--irc3.example.com
| `--irc4.example.com
`--irc5.example.com
When irc4 connects to irc3, irc3 tells irc4 that irc5 was
connected to irc2. (irc2 had introduced irc5 to irc3; but thats
not what ngircd should have sent to the new server).
This also placed users on the wrong servers.
that code does not really make sense -- the info
text is freely cofngiureable and des not follow a specific
format.
Also, that "+2" might have caused invalid memory accesses.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
Don't echo multiple syntax error messages (461) on invalid commands,
but break after the first one.
In addition, this solves corrupted 'Unknown mode "+' messages.
When using OpenSSL, the following annoying "error" message was logged whenever
an encrypted connection was shut down in a orderly fashion:
TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error
of course, this isn't an error at all.
commit 6bc2d3d06e
(New connection option CONN_RFC1459) forgot to adjust the ssl bitmasks.
The result is that when a compressed AND encrypted server link goes down
the memory allocated by zlib and the r/w buffers are no longer
free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag
from the flag mask.
Store the file name of channel key files and reopen them on each access
(on each JOIN command) insted of just storing the file handles.
This eliminates the special requirements (no delete) and makes sure
that always the actual file contents are used in all circumstances.
This patch introduces the new configuration variable "KeyFile" for
[Channel] sections in ngircd.conf. Here a file can be configured for each
pre-defined channel which contains individual channel keys for different
users. This file is line-based and must have the following syntax:
<user>:<nick>:<key>
<user> and <nick> can contain the wildcard character "*".
Please not that these channel keys are only in effect, when the channel
has a regular key set using channel mode "k"!
commit 2546a13ad2
('Cumulative Message Patch') broke PRIVMSG to channels
containing dots.
Fix this by switching evaluation order:
Check first if the target matches a existing channel and only do a check
for target masks if that failed.
PRIVMSG with host/server masks is described in RFC 2812, section 3.3.1.
Makes one wonder how a server is _really_ supposed to tell the difference
between hostmasks and channel names.
Sigh.
when ngircd is build without DEBUG enabled, LOG_DEBUG messages
are always discarded.
To avoid the extra code, ngircd has a LogDebug() wrapper which
gets removed by the compiler when compiling without DEBUG defined.
Update a few functings which were using the
Log(LOG_DEBUG, .. interface directly without #ifdef DEBUG guards.
text data bss dec hex filename
127748 1900 28280 157928 268e8 ngircd.before
126836 1896 28280 157012 26554 ngircd.after
Silly bug: the condition of a while() loop in the Channel_Exit() function
used the wrong variable and therefore got never executed ...
This bug is in the code since the beginning (see commit bb19cfda in 2002);
shame on me!
in the same vein as the earlier commit:
cast posix data types (pid_t, ...) to long and use
%ld as format specifier. This will avoid problems
when sizeof(int) != sizeof(type).
We could also cast to int, but this might truncate the value.
Reported by Christoph Biedl:
ngircd[21581]: Running as user irc(39), group irc(39), with PID 140733193409613.
cast pid_t to long to avoid this.
While we are there, cast uid_t and gid_t, too.
- Fix formatting of some log messages, mostly punctuation.
- cb_Connect_to_Server(): don't use string concatenation, because it
is not supported by pre-ANSI C compilers ...
This patch fixes the following warning of GCC (version 4.3.2) in
function pem_passwd_cb() when compiling with OpenSSL support and
without debug code:
conn-ssl.c: In function 'pem_passwd_cb':
conn-ssl.c:122: warning: unused parameter 'rwflag'
The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.
The IRC command "SERVLIST" lists all the registered services, see RFC 2811, section 3.5.1.
The syntax is "SERVLIST [<mask> [<type>]]". The parameter <type> is not used by ngIRCd at
the moment, all registered services are of type 0 (which is the default when omitted).
ngIRCd now creates a server-local channel &SERVER with channel modes
+mnPt (moderated, no messages from outside the channel, persistent and
with the topic locked) and logs all the messages to it that a user with
mode +s ("server messages") receives.
If an IRC operator withdraws the +P ("persistent") mode and the &SERVER
channel is freed because of no members, nothing special happens. The
channel can be recerated any time later and ngIRCd would begin logging
to it again.
The following bits and bytes were not included in distribution archives:
- contrib: ngindent, ngircd.sh
- contrib/Debian: ngircd.postinst
- contrib/MacOSX: preinstall.sh, postinstall.sh
- doc/src: Doxyfile, header.inc.html, footer.inc.html, ngircd-doc.css
- src/portab: splint.h
I changed the test suite to start two test servers (on port 6789 and 6790),
so server-server links can be tested as well for which I included the new
test script "server-link-test.e".
In addition the documentation of the test suite (src/testsuite/README) has
been updated and is more complete now.
This patch lets ngIRCd count outgoing connections as well as incoming
connections (up to now only outgoing connections have been counted). This
change is required because the Conn_Close() function doesn't know whether
it closes an outgoing connection or not and therefore would decrement the
counter below zero when an outgoing connection existed -- which would
trigger an assert() call ...
Please note that this patch changes the (so far undocumented but now fixed)
behaviour of the "MaxConnections" configuration option to account the sum
of the in- and outbound connections!
Some servers send the numeric 020 ("please wait while we process your
connection") when a client connects. This is no useful information for
this server, so we simply ignore it :-)
This patch enables ngIRCd to use GNUTLS in really old versions, tested
with version 1.0.16, that don't define the "new" data types ending in
xxx_t. LIBGNUTLS_VERSION_MAJOR isn't defined there as well, so we use
it to test if we must define the new types on our own.
Alexander Barton reported a compiler warning on 64-bit platforms:
cc1: warnings being treated as errors
conn-ssl.c: In function 'ConnSSL_Init_SSL':
conn-ssl.c:403: error: cast to pointer from integer of
different size
Unfortunately, I couldn't find a real solution; the GNUTLS
API expects 'gnutls_transport_ptr_t' (which is void*),
but the default push/pull functions (send/recv) expect an int.
The only alternative solution is to pass in an address to the
file descriptor, then add send/recv wrappers that expect a pointer.
What a mess[tm].
This patch fixes the following warning of GCC (version 4.3.2) in
function ForwardLookup():
resolve.c: In function 'ForwardLookup':
resolve.c:282: warning: ISO C90 forbids specifying subobject to initialize
resolve.c:284: warning: ISO C90 forbids specifying subobject to initialize
resolve.c:285: warning: ISO C90 forbids specifying subobject to initialize
This patch fixes the following warning of GCC (version 4.3.2) in
function ConnSSL_LogCertInfo() when compiling with GNUTLS support:
conn-ssl.c: In function 'ConnSSL_LogCertInfo':
conn-ssl.c:542: warning: unused variable 'cred'
This patch
- introduces a new server flag "S" to indicate that the server can handle
the SERVICE command (on server links),
- implements the IRC command "SERVICE" for server-server links,
- uses the "SERVICE" command to announce IRC services when a new
server connects to it,
- and fixes the Send_Message() function to let it send messages to
services using a "target mask".
If the remote server doesn't indicate that it can handle the "SERVICE"
command (it has not set the "S" flag), services are announced as regular
users as before.
This patch enables ngIRCd to handle IRC services as real services, and not
as "fake users":
- Set correct client type CLIENT_SERVICE for services,
- Change log messages to include correct client type,
- PRIVMSG: allow users to send messages to services,
- Send services nick names to other servers (as users).
Please note that this patch doesn't announce services as services in the
network, but as regular users (as before). Only the local server knows
of services as services (see LUSERS command, for example). It is up to
one of the next patches to fix this and to introduce the SERVICE command
in server to server communication.
The propagation of services as regular users between servers doesn't limit
the functionality of the IRC services and will be the fallback for servers
that don't support "real" services propagation in the future.
Client_TypeText() is used to get correct naming ("Client", "Service", ...)
for log messages, and Destroy_UserOrService() is used to correctly destroy
user and services clients.
Introduce a new configuration variable "ServiceMask" in SERVER blocks to
define a mask matching nick names that should be treated as services.
Regular servers don't need this parameter (leave it empty, the default),
but you should set it to "*Serv" when connection ircservices, for example.
This patch allows ngIRCd to detect services, it doesn't change the
functionality: you only get different log messages ;-)
All the required information is already stored in the CLIENT structure
of new new connection, so pass this to Introduce_Client() and don't
invent an unneeded new structure ...
This patch allows ngIRCd to detect right after receiving the SERVER command
from the peer whether the RFC 1459 compatibility mode must be used or not.
And it fixes the announcement of users during establishing new server links
with such peers.
This patch enables ngIRCd to deal with NICK and USER commands following
RFC 1459 to register new clients, and to send these commands instead of one
full NICK command as specified in RFC 2813 on connections that are in RFC
1459 compatibility mode.
Can be useful for e. g. IRC services that simulate a RFC 1459 server.
This new connection option CONN_RFC1459 indicates that the peer on this
link only supports the IRC protocol as defined in RFC 1459 and that the
compatibility mode (e. g. for outgoing commands like NICK) should be used.
This patch allows servers and services to call the NICK command using the
syntax defined in RFC 1459 to register new users, with only two parameters.
See section 4.1.2.
Useful for some services packages, which emulate this protocol.
Config option claimed to be 'number of connections' but in reality this
was treated as 'largest file descriptor allowed'.
This also fixes another bug in New_connection, where the
ng_ipaddr_tostr_r error path was missing a return statement.
Some message targets could lead to a NULL pointer dereference and therefore
could crash the daemon (denial of service).
(cherry picked from commit e493ad2d30ff80bca2556cde2212e367cb006517)
by Steven D. Blackford <kb7sqi@aol.com>:
"I wanted to let you know that I've done a quick port of ngircd-0.12.0 for
NEXTSTEP3.3/OPENSTEP4.2. There wasn't a lot of changes required to get it
to compile clean, but I did make the necessary changes so that I didn't
have to use -posix flag. The NeXT has a pretty buggy POSIX implementation
so I always try to work around it. :-)
Anway, here's the changes required to get it to compile."
This patch fixes the following error message of GCC (tested with version
4.3.0) when not compiling ngIRCd in "strict RFC" mode:
parse.c: In function "Validate_Args":
parse.c:341: error: unused parameter "Idx"
parse.c:341: error: unused parameter "Req"
Some operating systems, for example OpenBSD and OpenSolaris, use
"localhost.<domain>" instead of just "localhost" for 127.0.0.1, so
the "message-test" using "localhost" failed on such systems.
Don't have an idee how to make this work on all platforms ... :-/
So I simply disabled the two affected tests to make the testsuite
run on OpenBSD and OpenSolaris again.
This patch fixes the following warning of GCC 4.3.1:
irc.c: In function "Send_Message":
irc.c:315: error: "lastCurrentTarget" may be used uninitialized in
this function
This closes Bug #88.
Patch proposed by Eric <egrunow@ucsd.edu>, but with wrong length
comparision: please note that Channel_IsValidName() checks the name
INCLUDING the prefix, so the test must be length<=1!
Up to this patch ngIRCd did not return any result (GIT master) or a badly
formated 403 (":irc.server 403 test :No such channel" [note the two
spaces!], branch-0-12-x) on the above commands, this patch changes the
behaviour to reflect ircd 2.11 which returns 461 in both cases.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
(Please see 149859c5fecc..., which fixes this for the who-test already)
