Only clients using a SSL encrypted connection to the server are
allowed to join such a channel.
But please note three things:
a) already joined clients are not checked when setting this mode,
b) IRC operators are always allowed to join every channel, and
c) remote clients using a server not supporting this mode are not
checked either and therefore always allowed to join.
Now the numeric 004 correctly reports all the supported user and channel
modes (user modes "r" and "w" were missing), e. g.:
:a.irc.net 004 a a.irc.net ngircd-15 aiorsw biIklmnoPstv
Print "SSLOptionVar =" instead of omitting the option when
running --configtest with ssl enabled.
This better matches the behaviour of other options, e.g. ChrootDir.
This patch enables IRC Operators to use the SQUIT command as specified in
RFC 2812, section 3.1.8 "Squit".
When forwarding SQUIT commands, the server connected to the target will
drop the connection (not the target server itself!).
Please note:
- the configuration option "AllowRemoteOper" mus be enabled on the
server disconnecting the target to allow forwarding of SQUIT commands.
- if the remote server is configured to establish the connection, it
will just do this; so the disconnect is not permanent in this case!
The new "module" op.c is used to implement functions related to IRC Ops.
At the moment, these two functions are available:
- Op_Check() to check for a valid IRC Op, and
- Op_NoPrivileges() to generate "permission denied" messages.
The syntax of the CONNECT command now is:
- CONNECT <server-id>
- CONNECT <server-id> <port>
- CONNECT <server-id> <port> <target>
- CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd>
- CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd> <target>
Note: the configuration option "AllowRemoteOper" mus be enabled on the
target server to allow forwarding of CONNECT commands.
Added new configuration option "AllowRemoteOper" to control whether
remote IRC operators are allowed to use administrative commands that
affect this server or not
This commit introduces the configuration variable, but actually no
function is using it. That's up for the next patches to come ...
when building with debugging enabled, but without ipv6 support,
ngircd dumped core when loading a config file that specified an ipv6
listen address.
ngircd: ng_ipaddr.c:45: ng_ipaddr_init: Assertion `sizeof(*addr) >=
res0->ai_addrlen' failed.
Test for sockaddr_in.sin_len and initialize it to the correct value
which some systems (notably Mac OS X) require.
Note: this code path is only relevant when not using getaddrinfo().
A configured server could have been removed while a connection apptempt
is still in progress. So the cb_connserver() callback has to test if the
server configuration record is still valid.
fix the following warning generated by valgrind if ipv6 is enabled:
Syscall param write(buf) points to uninitialised byte(s)
at 0x4000982: (within /lib/ld-2.9.so)
by 0x80681A8: Resolve_Name (resolve.c:477)
by 0x805439F: Conn_Handler (conn.c:1658)
by 0x804AA7C: main (ngircd.c:331)
The warning is because ng_ipaddr_t can be a union, and only the
necessary parts are initialised. The callers know what part
of the union is valid, so this is not a bug.
if more than one ip address is returned for a single host
name, ngircd is supposed to try other addresses in case
connect() to the first address returned fails for some
reason.
Alexander Barton noticed that this did not work at all,
as the additional results were not stored.
Cosmo Kastemaa reported that its impossible to create an ssl-only setup,
as ngircd binds to port 6667 by default, even if setting "Ports =".
Only add the default port if _both_ "Ports" and "SSLPorts" are
unspecified.
Fixes bugzilla #98.
This patch fixes the following silly log messages:
'ID "XXX" already registered (on connection -1)!'
If the ID is already registered on a local connection, the local
connection ID is printed; and if the ID is connected via a remote
server, "via network" is displayed.
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.
This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.
After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.
It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.
- ONLY servers without ssl/tls support compiled in are not affected.
Disabling SSL in the configuration (no ssl listening ports, etc)
does NOT help.
- servers that are running standalone (i.e., not connected to any
other servers) are not affected, either.
This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
When ngircd announces the list of currently known servers
to a new (connecting) server, it sent the introducer of
the servers instead of the top server.
Assuming this network:
irc1.example.com
|--irc2.example.com
| `--irc3.example.com
| `--irc4.example.com
`--irc5.example.com
When irc4 connects to irc3, irc3 tells irc4 that irc5 was
connected to irc2. (irc2 had introduced irc5 to irc3; but thats
not what ngircd should have sent to the new server).
This also placed users on the wrong servers.
that code does not really make sense -- the info
text is freely cofngiureable and des not follow a specific
format.
Also, that "+2" might have caused invalid memory accesses.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
Don't echo multiple syntax error messages (461) on invalid commands,
but break after the first one.
In addition, this solves corrupted 'Unknown mode "+' messages.
When using OpenSSL, the following annoying "error" message was logged whenever
an encrypted connection was shut down in a orderly fashion:
TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error
of course, this isn't an error at all.
commit 6bc2d3d06e
(New connection option CONN_RFC1459) forgot to adjust the ssl bitmasks.
The result is that when a compressed AND encrypted server link goes down
the memory allocated by zlib and the r/w buffers are no longer
free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag
from the flag mask.
Store the file name of channel key files and reopen them on each access
(on each JOIN command) insted of just storing the file handles.
This eliminates the special requirements (no delete) and makes sure
that always the actual file contents are used in all circumstances.
This patch introduces the new configuration variable "KeyFile" for
[Channel] sections in ngircd.conf. Here a file can be configured for each
pre-defined channel which contains individual channel keys for different
users. This file is line-based and must have the following syntax:
<user>:<nick>:<key>
<user> and <nick> can contain the wildcard character "*".
Please not that these channel keys are only in effect, when the channel
has a regular key set using channel mode "k"!
commit 2546a13ad2
('Cumulative Message Patch') broke PRIVMSG to channels
containing dots.
Fix this by switching evaluation order:
Check first if the target matches a existing channel and only do a check
for target masks if that failed.
PRIVMSG with host/server masks is described in RFC 2812, section 3.3.1.
Makes one wonder how a server is _really_ supposed to tell the difference
between hostmasks and channel names.
Sigh.
when ngircd is build without DEBUG enabled, LOG_DEBUG messages
are always discarded.
To avoid the extra code, ngircd has a LogDebug() wrapper which
gets removed by the compiler when compiling without DEBUG defined.
Update a few functings which were using the
Log(LOG_DEBUG, .. interface directly without #ifdef DEBUG guards.
text data bss dec hex filename
127748 1900 28280 157928 268e8 ngircd.before
126836 1896 28280 157012 26554 ngircd.after
Silly bug: the condition of a while() loop in the Channel_Exit() function
used the wrong variable and therefore got never executed ...
This bug is in the code since the beginning (see commit bb19cfda in 2002);
shame on me!
in the same vein as the earlier commit:
cast posix data types (pid_t, ...) to long and use
%ld as format specifier. This will avoid problems
when sizeof(int) != sizeof(type).
We could also cast to int, but this might truncate the value.
Reported by Christoph Biedl:
ngircd[21581]: Running as user irc(39), group irc(39), with PID 140733193409613.
cast pid_t to long to avoid this.
While we are there, cast uid_t and gid_t, too.
- Fix formatting of some log messages, mostly punctuation.
- cb_Connect_to_Server(): don't use string concatenation, because it
is not supported by pre-ANSI C compilers ...
This patch fixes the following warning of GCC (version 4.3.2) in
function pem_passwd_cb() when compiling with OpenSSL support and
without debug code:
conn-ssl.c: In function 'pem_passwd_cb':
conn-ssl.c:122: warning: unused parameter 'rwflag'
The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.
The IRC command "SERVLIST" lists all the registered services, see RFC 2811, section 3.5.1.
The syntax is "SERVLIST [<mask> [<type>]]". The parameter <type> is not used by ngIRCd at
the moment, all registered services are of type 0 (which is the default when omitted).
ngIRCd now creates a server-local channel &SERVER with channel modes
+mnPt (moderated, no messages from outside the channel, persistent and
with the topic locked) and logs all the messages to it that a user with
mode +s ("server messages") receives.
If an IRC operator withdraws the +P ("persistent") mode and the &SERVER
channel is freed because of no members, nothing special happens. The
channel can be recerated any time later and ngIRCd would begin logging
to it again.
The following bits and bytes were not included in distribution archives:
- contrib: ngindent, ngircd.sh
- contrib/Debian: ngircd.postinst
- contrib/MacOSX: preinstall.sh, postinstall.sh
- doc/src: Doxyfile, header.inc.html, footer.inc.html, ngircd-doc.css
- src/portab: splint.h
I changed the test suite to start two test servers (on port 6789 and 6790),
so server-server links can be tested as well for which I included the new
test script "server-link-test.e".
In addition the documentation of the test suite (src/testsuite/README) has
been updated and is more complete now.
This patch lets ngIRCd count outgoing connections as well as incoming
connections (up to now only outgoing connections have been counted). This
change is required because the Conn_Close() function doesn't know whether
it closes an outgoing connection or not and therefore would decrement the
counter below zero when an outgoing connection existed -- which would
trigger an assert() call ...
Please note that this patch changes the (so far undocumented but now fixed)
behaviour of the "MaxConnections" configuration option to account the sum
of the in- and outbound connections!
Some servers send the numeric 020 ("please wait while we process your
connection") when a client connects. This is no useful information for
this server, so we simply ignore it :-)
This patch enables ngIRCd to use GNUTLS in really old versions, tested
with version 1.0.16, that don't define the "new" data types ending in
xxx_t. LIBGNUTLS_VERSION_MAJOR isn't defined there as well, so we use
it to test if we must define the new types on our own.
Alexander Barton reported a compiler warning on 64-bit platforms:
cc1: warnings being treated as errors
conn-ssl.c: In function 'ConnSSL_Init_SSL':
conn-ssl.c:403: error: cast to pointer from integer of
different size
Unfortunately, I couldn't find a real solution; the GNUTLS
API expects 'gnutls_transport_ptr_t' (which is void*),
but the default push/pull functions (send/recv) expect an int.
The only alternative solution is to pass in an address to the
file descriptor, then add send/recv wrappers that expect a pointer.
What a mess[tm].
This patch fixes the following warning of GCC (version 4.3.2) in
function ForwardLookup():
resolve.c: In function 'ForwardLookup':
resolve.c:282: warning: ISO C90 forbids specifying subobject to initialize
resolve.c:284: warning: ISO C90 forbids specifying subobject to initialize
resolve.c:285: warning: ISO C90 forbids specifying subobject to initialize
This patch fixes the following warning of GCC (version 4.3.2) in
function ConnSSL_LogCertInfo() when compiling with GNUTLS support:
conn-ssl.c: In function 'ConnSSL_LogCertInfo':
conn-ssl.c:542: warning: unused variable 'cred'
This patch
- introduces a new server flag "S" to indicate that the server can handle
the SERVICE command (on server links),
- implements the IRC command "SERVICE" for server-server links,
- uses the "SERVICE" command to announce IRC services when a new
server connects to it,
- and fixes the Send_Message() function to let it send messages to
services using a "target mask".
If the remote server doesn't indicate that it can handle the "SERVICE"
command (it has not set the "S" flag), services are announced as regular
users as before.
This patch enables ngIRCd to handle IRC services as real services, and not
as "fake users":
- Set correct client type CLIENT_SERVICE for services,
- Change log messages to include correct client type,
- PRIVMSG: allow users to send messages to services,
- Send services nick names to other servers (as users).
Please note that this patch doesn't announce services as services in the
network, but as regular users (as before). Only the local server knows
of services as services (see LUSERS command, for example). It is up to
one of the next patches to fix this and to introduce the SERVICE command
in server to server communication.
The propagation of services as regular users between servers doesn't limit
the functionality of the IRC services and will be the fallback for servers
that don't support "real" services propagation in the future.
Client_TypeText() is used to get correct naming ("Client", "Service", ...)
for log messages, and Destroy_UserOrService() is used to correctly destroy
user and services clients.
Introduce a new configuration variable "ServiceMask" in SERVER blocks to
define a mask matching nick names that should be treated as services.
Regular servers don't need this parameter (leave it empty, the default),
but you should set it to "*Serv" when connection ircservices, for example.
This patch allows ngIRCd to detect services, it doesn't change the
functionality: you only get different log messages ;-)
All the required information is already stored in the CLIENT structure
of new new connection, so pass this to Introduce_Client() and don't
invent an unneeded new structure ...
This patch allows ngIRCd to detect right after receiving the SERVER command
from the peer whether the RFC 1459 compatibility mode must be used or not.
And it fixes the announcement of users during establishing new server links
with such peers.
This patch enables ngIRCd to deal with NICK and USER commands following
RFC 1459 to register new clients, and to send these commands instead of one
full NICK command as specified in RFC 2813 on connections that are in RFC
1459 compatibility mode.
Can be useful for e. g. IRC services that simulate a RFC 1459 server.
This new connection option CONN_RFC1459 indicates that the peer on this
link only supports the IRC protocol as defined in RFC 1459 and that the
compatibility mode (e. g. for outgoing commands like NICK) should be used.
This patch allows servers and services to call the NICK command using the
syntax defined in RFC 1459 to register new users, with only two parameters.
See section 4.1.2.
Useful for some services packages, which emulate this protocol.
Config option claimed to be 'number of connections' but in reality this
was treated as 'largest file descriptor allowed'.
This also fixes another bug in New_connection, where the
ng_ipaddr_tostr_r error path was missing a return statement.
Some message targets could lead to a NULL pointer dereference and therefore
could crash the daemon (denial of service).
(cherry picked from commit e493ad2d30ff80bca2556cde2212e367cb006517)
by Steven D. Blackford <kb7sqi@aol.com>:
"I wanted to let you know that I've done a quick port of ngircd-0.12.0 for
NEXTSTEP3.3/OPENSTEP4.2. There wasn't a lot of changes required to get it
to compile clean, but I did make the necessary changes so that I didn't
have to use -posix flag. The NeXT has a pretty buggy POSIX implementation
so I always try to work around it. :-)
Anway, here's the changes required to get it to compile."
This patch fixes the following error message of GCC (tested with version
4.3.0) when not compiling ngIRCd in "strict RFC" mode:
parse.c: In function "Validate_Args":
parse.c:341: error: unused parameter "Idx"
parse.c:341: error: unused parameter "Req"
Some operating systems, for example OpenBSD and OpenSolaris, use
"localhost.<domain>" instead of just "localhost" for 127.0.0.1, so
the "message-test" using "localhost" failed on such systems.
Don't have an idee how to make this work on all platforms ... :-/
So I simply disabled the two affected tests to make the testsuite
run on OpenBSD and OpenSolaris again.
This patch fixes the following warning of GCC 4.3.1:
irc.c: In function "Send_Message":
irc.c:315: error: "lastCurrentTarget" may be used uninitialized in
this function
This closes Bug #88.
Patch proposed by Eric <egrunow@ucsd.edu>, but with wrong length
comparision: please note that Channel_IsValidName() checks the name
INCLUDING the prefix, so the test must be length<=1!
Up to this patch ngIRCd did not return any result (GIT master) or a badly
formated 403 (":irc.server 403 test :No such channel" [note the two
spaces!], branch-0-12-x) on the above commands, this patch changes the
behaviour to reflect ircd 2.11 which returns 461 in both cases.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
(Please see 149859c5fecc..., which fixes this for the who-test already)
This patch fixes the following two warnings of GCC 4.2.4:
irc-channel.c: In function "IRC_JOIN":
irc-channel.c:185:
warning: "lastkey" may be used uninitialized in this function
irc-channel.c:185:
warning: "lastchan" may be used uninitialized in this function
Up to now ngIRCd accepted CR+LF as well as a single CR or LF in "non RFC
compliant" mode (the default). But ngIRCd became confused when it received
data containing mixed line endings (e. g. "111\r222\n333\r\n").
This patch enables ngIRCd (in "non RFC compliant" mode) to detect CR+LF,
CR, and LF as equally good line termination sequences and to always end the
command after the first one detected.
Some clients (for exmaple Trilian) are that ... broken to send such mixed
line terminations ...
First patch proposed by Scott Perry <scperry@ucsd.edu>,
Thanks to Ali Shemiran <ashemira@ucsd.edu> for testing!
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n",
"arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead
to output like:
:ngircd.test.server 322 nick #chan 1 :
topicwithprecedingnewline
:ngircd.test.server 322 nick #nxtchan 1 :
[..]
Worse, this allows clients to piggyback irc commands, e.g.
"TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which
causes the client to receive a JOIN command during /LIST output.
Bug reported by Scott Perry, first patch by Florian Westphal.
In addition, the "timeout" variable has been removed because it is
unnecessary today: Handle_Buffer() handles all the data it can handle,
and io_dispatch() returns immediately when new data is available. So
we don't have to double-check but better sleep. Pointed out by Florian.
This patch does significant cleanup on the join code by using strtok_r
instead of mangling strchr to parse channel names and keys in parallel when
a JOIN command contains a list of channels and keys.
Also adds an strtok_r implementation to libportab.
this also obsoletes ListenIPv4 and ListenIPv6 options.
If Listen is unset, it is treated as Listen="::,0.0.0.0".
Note: ListenIPv4 and ListenIPv6 options are still recognized,
but ngircd will print a warning if they are used in the config file.
Also, some plattforms require that ai_socktype
is set in the getaddrinfo() hints structure.
This patch adds -h and -V short options (to complement the usage).
It is based on a patch attached to Debian bug #466063, see
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466063>.
Idea by Jari Aalto <jari.aalto@cante.net>,
patch adapted by Alexander Barton <alex@barton.de>.
It is hard to test this in the test suite because we 1) shouldn't rely on
previous tests populating WHOWAS and 2) don't connect a user for more than 30
seconds.
Also makes WHOWAS return ERR_NONICKNAMEGIVEN_MSG as implied by RFC.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
SERVICE, SERVLIST, and SQUERY are required by RFC 2812 (it states in
section 3 that "all commands described in this section MUST be implemented
by any server for this protocol." -- So we implement them without (much)
actual functionality ...
Brandon Beresini sent me a patch yesterday adding tests for JOIN under
various circumstances, which I believe he worked on with Bryan Caldwell
and Ali Shemiran. I made a few modifications; the result is below.
Code cleanup and fix for Bug #83, "ngIRCd chokes on 1-character messages" in
function Handle_Buffer(): the buffer is now correctly cleared when ngIRCd
receives 1-character messages terminated with either CR or LF (in violation
to RFC 2812, section 2.3 "Messages", 5th paragraph).
Modeless channels (+channels) are described in RFC 2811;
so my modifications to
530112b114
('Add support for modeless channels')
to disable +channels for --strict-rfc configurations
were wrong. This reverts those changes.
Add support for modeless channels (+channels).
[fw@strlen.de:
- integrate test cases
- don't support +channels when compiled with --strict-rfc
- do not set +o mode for channel creator
- force +nt mode when channel is created ]
The config file for ngircds test suite contained obsolete
ConfUID/ConfGID settings, causing ngircd to needlesly complain when
started as non-root (which is hopefully the _normal_ case...)
When trying to part a channel ("PART #channel") the client is not member of
the daemon now correctly reports the numeric ERR_NOTONCHANNEL (442) insted
of ERR_NOSUCHCHANNEL (403).
client.c:72:6: warning: symbol 'Max_Users' was not declared. Should it be static?
client.c:72:21: warning: symbol 'My_Max_Users' was not declared. Should it be static?
ngircd will exit if the config file cannot be opened. While
thats okay if ngircd starts up for the first time, it isn't
when we are re-reading the config file after a /REHASH or SIGHUP.
all references to struct sockaddr/in_addr have been
removed from src/ngircd.
libngipaddr (in src/ipaddr/) hides all the gory details.
See src/ipaddr/ng_ipaddr.h for API description.
This does hit only operators that join a channel with at least 2 servers active in the net
the server the oper connects to sends "channel^Go" to the other servers
the other server first searches for the channel and then strips the modes from the channel name
he has to do the other way round: first strip and then check the channel name.
RPL_WHOREPLY messages generated by IRC_WHO don't include flags (*,@,+)
that should appear according to this description:
http://www.mishscript.de/reference/rawhelp3.htm#raw352
Other IRC servers do include the flags.
Modify who-test.e to expose missing flags,
modify ngircd-test.conf to accommodate who-test.e, and fix
irc-info.c to correct these problems.
Under some circumstances ngIRCd currently issues a channel MODE message
with a trailing space after the last parameter, which isn't permitted by
the grammar in RFC 2812 section 2.3.1:
http://tools.ietf.org/html/rfc2812#section-2.3.1
The following patch modifies mode-test.e to expose this, and modifies
irc-mode.c to correct it.
- put sending of mode and forwarding of JOIN to other clients
into seperate function.
- put sending of topic/channel names into seperate function.
- put access check into seperate function.
- translate/remove remaining german comments.
- stop if JOIN to a channel in a list (JOIN #a,#,b,#c...) fails
(This doesn't change the behaviour: skip-to-next-channel-on-error
did never work as intended)
Dana Dahlstrom reported that IRC_WHO did not follow
RFC 2812, Section 3.6.1. Specifically:
- IRC_WHO did not send "G" flag instead if "H" if client was away
- did not search username/servername/hostname etc. if argument
was not a channel.
Fix all of the above and tidy things up a bit.
Also add IRC_WHO test script contributed by Dana.
The students in my software-engineering class are writing IRC clients in
Java, and I'm running ngIRCd as a sandbox for them to play in. We
noticed ngIRCd doesn't obey the "JOIN 0" command specified in RFC 2812:
JOIN 0 ; Leave all currently joined
channels.
http://tools.ietf.org/html/rfc2812#section-3.2.1
I believe the following patch addresses this. Cheers!
[fw@strlen.de: put it into a seperate function]
parse.c:56:9: warning: symbol 'My_Commands' was not declared. Should it be static?
parse.c:107:9: warning: symbol 'My_Numerics' was not declared. Should it be static?
Also move handling of numerics into a seperate helper function.
struct Conf_Server stored the ip address to connect to
in dotted-decimal notation; but we only need this for connect()
so long-time storage isn't necessary.