William Pitcock
f3b84221d0
match: allow the CharAttrs table to be modified at runtime
2016-09-16 13:09:44 -05:00
Aaron Jones
6d16f66be6
msgbuf: Fix remote crash vulnerability due to malformed message tag.
...
Fixes #218
Reported-by: ManiacTwister <github@s7t.de>
2016-09-11 10:35:13 +00:00
Simon Arlott
86e1de17f3
ircd: serv_connect: initialise sa_connect/sa_bind to AF_UNSPEC
...
These are read to check if they're AF_UNSPEC (unset) but they aren't
initialised.
2016-09-03 14:52:48 +01:00
Aaron Jones
0942c1fc26
Print initialisation notice before forking
2016-08-24 16:44:04 +00:00
Jason Volk
c1fc044c35
ircd: Fix umode orphan scheme.
...
Cherry-picked from jevolk/charybdis f5e7f335
Reformatted slightly.
2016-08-24 16:12:05 +00:00
Aaron Jones
f4e9d91580
startup: fork before initialising the event subsystem
...
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).
Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.
So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
2016-08-21 22:29:16 +00:00
Aaron Jones
0c23c0b1c5
Attempt to open /dev/null before forking incase it would fail
2016-08-21 00:32:34 +00:00
Aaron Jones
0c433865d3
Attempt #2 at fixing the file descriptor mess.
...
This commit defers daemonisation to the end of initialisation
as that makes it vastly simpler to get this right.
2016-08-21 00:15:17 +00:00
Aaron Jones
ef24ede3e2
Revert "ircd startup: avoid black magic with file descriptors"
...
This reverts commit 27c0f6d8f4
.
A more extensive investigation and refactoring of the code is
necessary.
2016-08-20 22:22:37 +00:00
Aaron Jones
27c0f6d8f4
ircd startup: avoid black magic with file descriptors
...
This *should* fix a reported but as yet unreproducable
ircd abort on restart.
2016-08-20 21:14:53 +00:00
Jason Volk
ffedad8dfb
ircd: Allow non-default CAP_MASK during server estab.
2016-08-20 04:10:28 -07:00
Jason Volk
4cc889ae17
ircd: Fix missing operhash reference decrement from b02a913b
.
2016-07-19 23:24:33 +00:00
Jason Volk
e4a7cf9f50
Fix erroneous return value.
2016-07-16 11:26:38 -07:00
Jason Volk
12de082e2c
Fix bug. Note: The second hunk is just an assumption. It's not called from anywhere.
2016-06-25 14:27:32 -05:00
Jason Volk
b5cfad0319
Core modules cannot be unloaded, otherwise bad things happen.
...
Additionally some information is logged and passed to the operator
conducting a MODRESTART.
2016-06-21 17:42:36 -07:00
Jason Volk
94afbe9c8e
ircd: Fix capability entry name string ownership.
...
The entry->cap must be copied and exclusive to the entry for the
cap to be orphaned, even if literals are expected. Because modules.
2016-06-21 17:32:28 -07:00
William Pitcock
94555087a1
ircd: relocate_paths() back on windows only now
2016-06-18 01:05:38 -05:00
William Pitcock
1e37cb443d
conf_parser: warning fixes
2016-06-18 00:52:54 -05:00
William Pitcock
e55a9d6abc
modules: serious cleanups
2016-06-18 00:52:16 -05:00
William Pitcock
92dad4831d
modules: cleanups
2016-06-18 00:38:40 -05:00
William Pitcock
73b70ae846
ircd: fix compile of relocate_paths()
2016-06-18 00:22:02 -05:00
William Pitcock
7145720468
ircd: make relocate_paths() available always
2016-06-18 00:21:39 -05:00
William Pitcock
c51b77a312
ircd: call relocate_paths() in all cases
2016-06-18 00:20:59 -05:00
William Pitcock
e0e0c41524
ircd: print runtime path configuration
2016-06-17 23:36:47 -05:00
Aaron Jones
ab9088ad2e
wsproc: compile out dead code
...
Investigation is required to determine if this function should
actually be used
2016-06-01 20:54:12 +00:00
Aaron Jones
0b91afb2e1
ircd_signal: a function that tailcalls a noreturn function should be marked noreturn
2016-06-01 20:54:12 +00:00
Aaron Jones
df3db5d99b
ircd: functions that call exit(3) should be marked noreturn
2016-06-01 20:54:12 +00:00
Aaron Jones
b1cfd3922c
dns: make function used only within this unit static
2016-06-01 20:54:12 +00:00
Aaron Jones
4decc628bd
class: remove unused macros
2016-06-01 20:54:12 +00:00
Aaron Jones
ce2c092b49
chmode: remove unreachable break statement
2016-06-01 20:54:12 +00:00
Aaron Jones
bca336720e
chmode: silence harmless uninitialised variable warning
2016-06-01 20:54:12 +00:00
Aaron Jones
ec5522a1ca
channel: silence harmless uninitialised variable warning
2016-06-01 20:54:12 +00:00
Aaron Jones
2ec9f59588
bandbi: a function that calls exit(3) should be marked noreturn
2016-06-01 20:54:11 +00:00
Aaron Jones
5cbd46a893
authproc: don't shadow variable decls, avoid reserved name
2016-06-01 20:54:11 +00:00
Aaron Jones
0982871a99
strcpy: mass-migrate to strlcpy where appropriate
2016-05-15 03:58:44 +00:00
Aaron Jones
d539f22782
ircd_lexer: fix another crash with the same cause
2016-05-15 00:57:16 +00:00
Aaron Jones
401cb2bb17
ircd_lexer: fix crash with very large config option strings
2016-05-15 00:00:23 +00:00
Aaron Jones
b143df9ac4
minor spring cleaning: remove/relocate duplicate/unused includes & macros
...
[ci skip]
2016-05-14 23:29:33 +00:00
William Pitcock
dcf450702b
newconf: ensure wsock and defer_accept are default-to-disable for now, for consistency sake on rehashes
2016-05-14 17:23:51 -05:00
Simon Arlott
d2a4981ab2
client: call authd_abort_client with the client that is exiting, not the originator
2016-05-12 10:06:31 +01:00
Aaron Jones
f5960b830b
[sslproc] Use certificate file if key file is not present
2016-05-05 04:10:57 +00:00
Aaron Jones
4d83a4d92d
[sslproc] Allow absense of private key file
...
Backends can then assume that the private key is in the certificate file
2016-05-05 03:47:18 +00:00
Simon Arlott
da20854e83
random_ping: stop producing negative values that become 16 chars
2016-05-02 21:14:16 +01:00
Simon Arlott
3c5f720c6f
authd_check: don't try to update bl_stats if it doesn't exist
...
This can happen if all the blacklists are removed and then authd
sends a blacklisted response for a client.
2016-04-30 13:18:06 +01:00
Simon Arlott
4573f8f2fb
authproc: don't try to delete bl_stats if it hasn't been created
2016-04-30 13:11:06 +01:00
Elizabeth Myers
e7c4ecd5b1
authproc: don't delete during iteration, this is not safe.
2016-04-30 01:11:56 -05:00
William Pitcock
b5f3e5e5e8
ircd: Channel.bants is not a serial but a timestamp.
...
Previously, the IRCd would increment bants instead of resyncing the timestamp, causing the potential of
false negatives from the bancache system.
2016-04-29 18:59:32 -05:00
Aaron Jones
fed4fc59bc
Mention another RFC with regard to deprecating plaintext
2016-04-29 16:28:18 +00:00
Simon Arlott
1cdf323be9
sslproc: don't send updated config to dead/shutdown sslds
...
They might be running older versions of the SSL library that
doesn't support the key type or ciphers being configured.
2016-04-29 07:35:43 +01:00
Simon Arlott
036cafaaaf
sslproc: reset ssld_wait/spin_count when explicitly requested to restart ssld
2016-04-28 22:25:36 +01:00
Simon Arlott
f018ed844d
certfp: Move method name/prefix strings to a separate header file
2016-04-26 20:33:18 +01:00
Simon Arlott
5adde7a4ed
getopt: don't modify argv as it breaks restart()
2016-04-25 23:32:18 +01:00
Simon Arlott
c173a8ad44
modules: use exit(EXIT_FAILURE) on failure
...
This will allow service process monitoring to recognise the difference
between a shutdown and an error of a -foreground ircd, because only
/DIE (or SIGINT) will exit with return code 0.
2016-04-25 22:27:57 +01:00
Simon Arlott
762468f85d
authd: wait until the ssl connection is "open" before reading
...
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.
Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
2016-04-25 21:43:21 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
...
Don't use the librb callback type as we're always passing client_p.
Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
f61d096186
conf: require certificate fingerprint for SSL connections
2016-04-25 20:19:48 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT
2016-04-25 20:12:27 +01:00
Simon Arlott
93ad89b232
sslproc: send the certftp method on rehash
2016-04-25 19:25:45 +01:00
Simon Arlott
f7b0c4b3d8
sslproc: use global ServerInfo configuration
...
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
2016-04-25 19:20:45 +01:00
Simon Arlott
90fd6ede1b
sslproc: include ssl_cipher_list in length check before sending configuration to ssld
2016-04-25 19:12:47 +01:00
Simon Arlott
19d1853f71
ssld: remove init_prng command
...
This is no longer configurable so it's redundant.
2016-04-25 19:02:03 +01:00
Simon Arlott
8cbd70a8ed
ircd: don't send ERR_NOTREGISTERED to servers
...
Sending messages after SERVER but before zlib is established breaks
outgoing connections. If the other server is misbehaving then ignore
its messages.
2016-04-24 17:41:44 +01:00
Simon Arlott
5ad62c80ee
librb: remove socklen parameter from rb_connect_tcp
2016-04-24 17:11:20 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
...
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.
Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.
Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
65f43a4fc4
ircd: Don't try to connect to servers that we know have an invalid fingerprint
...
This just causes an unnecessary link/squit on the other server.
2016-04-24 11:49:21 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
...
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
5c317f1313
ircd: parse: add asserts for improper use of mod_add_cmd/mod_del_cmd
2016-04-23 23:56:41 +01:00
Simon Arlott
e8de2bfaf0
modules: add missing break
2016-04-23 23:37:38 +01:00
Simon Arlott
558744e520
ircd: do nothing in client_release_connids if !MyConnect
2016-04-23 23:25:25 +01:00
Simon Arlott
cc02bdf3a6
ircd: fix assert in client_release_connids
...
The connection may have already been closed and MyConnect cleared.
It's only a bug if the connection somehow has connids but is not
our connection.
2016-04-23 23:22:01 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
...
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.
(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
0ae7a89d78
ircd: sslproc: certfp commands have a 9 byte header, not 5 bytes
...
SHA512 hashes were being ignored because the message was too large
2016-04-23 20:52:20 +01:00
William Pitcock
c6098ed357
client: fix up client_release_connids() too, pointed out by lp0
2016-04-23 14:26:01 -05:00
William Pitcock
5c63bfe8b1
client: connid_get() should check MyConnect(), not MyClient().
2016-04-23 14:17:36 -05:00
Simon Arlott
84e3e445aa
mr_server: Report certificate fingerprint mismatches
...
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-04-23 17:37:05 +01:00
Simon Arlott
e7c4cf63bc
authproc: set GOT_ID flag when an ident response is received
2016-04-23 15:41:27 +01:00
staticfox
1729f46eab
authd: Avoid negative array indices
2016-04-22 23:06:42 -04:00
Elizabeth Myers
7445ece1d1
Revert "Implement the netsplit batch type."
...
This needs more work, see
https://github.com/ircv3/ircv3-specifications/issues/253
This reverts commit 2373891299
.
2016-04-16 11:05:00 -05:00
Elizabeth Myers
2373891299
Implement the netsplit batch type.
...
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...
Compile tested, needs more testing.
2016-04-15 16:50:43 -05:00
Elizabeth Myers
4f2b9a4fd1
Don't use key member of dictionary iter objects after deletion
2016-04-12 09:43:50 -05:00
Elizabeth Myers
9e5c31ea0d
authproc: fix a typo
2016-04-12 09:37:56 -05:00
Elizabeth Myers
5e9a3f8674
Change the way authd configures opm
...
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
2016-04-12 09:36:09 -05:00
Elizabeth Myers
ed5e1d1e41
send: trim a blank line [ci skip]
2016-04-11 11:52:01 -05:00
Elizabeth Myers
7a21fb5b34
s_user: clean up authd checks
2016-04-10 10:02:33 -05:00
Elizabeth Myers
2a104d6641
s_user: enhancements to proxy reporting messages
2016-04-10 09:35:02 -05:00
Elizabeth Myers
d19aab3375
Fix stupid linux warning
2016-04-10 09:22:34 -05:00
Elizabeth Myers
154dc91ef0
Wrap up authd preclient stuff in its own struct
2016-04-10 09:20:51 -05:00
staticfox
02fa4362cd
version.c.SH: Fix build
...
We need stddef.h mainly for NULL
2016-04-09 06:05:08 -04:00
Elizabeth Myers
b14d2bd6ea
Formatting fixes for credits
...
Contributed from jackal^, but fixed up a bit.
2016-04-09 04:55:57 -05:00
Elizabeth Myers
4eafa9e62f
ipv4_from_ipv6: move to librb
2016-04-08 03:49:23 -05:00
Elizabeth Myers
66f7fe673b
Get rid of flags2.
...
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.
This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
Elizabeth Myers
9057170ce8
Cleanup defaults.h config file.
...
Clean up spaces/tabs mixing mess (bleh), add some defaults for authd
stuff, and get rid of CHARYBDIS_SOMAXCONN (just define SOMAXCONN if it's
available...).
2016-04-07 04:47:48 -05:00
Elizabeth Myers
0a87075b86
modules: fix up display names
2016-04-07 04:15:12 -05:00
Elizabeth Myers
78946542bb
modules: move module loading/unloading commands to dedicated module.
...
There's no reason to really have these in the main ircd anymore, static
modules are dead and aren't coming back.
To ensure people don't do something hopelessly retarded, this is a core
module.
2016-04-07 04:00:25 -05:00
Elizabeth Myers
999c42bad8
Remove useless alias_entry hits member
2016-04-06 11:47:13 -05:00
Elizabeth Myers
a19097baa4
ircd: load modules after conf files
...
The alias module depends on this
2016-04-06 07:43:45 -05:00
Elizabeth Myers
b663a8070f
Move alias handling into a dedicated module.
...
Not yet tested, caveat emptor!
Closes #166
2016-04-06 07:27:50 -05:00
Elizabeth Myers
2575a78b0e
Add hook for when rehash is called.
...
This will be used by the future alias module.
2016-04-06 05:43:54 -05:00
Elizabeth Myers
f956cb0f1f
Use rb_* versions of nonportable string functions
2016-04-05 05:39:59 -05:00
Elizabeth Myers
731d128990
authd: rework module ID system
...
Provider ID's are now assigned dynamically at load-time. To accomodate
this, there is now a lookup system for finding providers by name (all
providers have names as well).
2016-04-05 04:31:22 -05:00