Commit graph

3935 commits

Author SHA1 Message Date
Ed Kellett
f89a8deb3e
Make show_ip not care about remoteness (#139) 2021-04-09 20:01:11 +00:00
Eric Mertens
a03871c657
A missing colon to RPL_MAP recently split (#131) 2021-03-16 17:51:42 -07:00
Ed Kellett
df4fead0f2 privilegeset_add_privs: append rather than replace 2021-03-01 15:45:03 +00:00
Ed Kellett
181410f218 Make privilegeset_privs more const 2021-03-01 15:45:03 +00:00
Ed Kellett
9962f62577 privilegeset_diff: return things in a struct 2021-03-01 15:45:03 +00:00
Ed Kellett
8b8320596c privilege: factor out a null check 2021-03-01 15:45:03 +00:00
Ed Kellett
02690ad5b2 Use bsearch to check privset membership
I don't really care if it's faster, I just prefer it
2021-03-01 15:45:03 +00:00
Ed Kellett
ae54b3a735 Add tests for privsets 2021-03-01 15:45:03 +00:00
Ed Kellett
8aadf0ce46 Track and inform modules of privset changes 2021-03-01 15:45:03 +00:00
Aaron Jones
2e8a889fc9 doc/reference.conf: add an example TLSv1.3 ciphersuite name
[ci skip]
2021-02-07 11:52:58 +00:00
Aaron Jones
a90f22c92d OpenSSL: Support configuration of TLSv1.3 ciphersuites
The OpenSSL developers decided, during the OpenSSL 1.1.1 development
phase, to use a different API and different set of lists for TLSv1.3
ciphersuites, than for every TLS version preceeding it.

This is stupid, but we have to work with it.

This commit also improves configuration fault resilience. The reason
is that if you don't pass any valid old-style ciphersuites, OpenSSL
will not negotiate an older protocol at all. However, when they
implemented the new API, they decided that lack of any valid
ciphersuites should result in using the defaults. This means that if
you pass a completely invalid ciphersuite list (like "foo"), OR if
you pass a TLSv1.2-only ciphersuite list, TLSv1.3 continues to work.
This is not mirrored; passing a TLSv1.3-only ciphersuite list will
break TLSv1.2 and below.

Therefore we work around this lack of mirroring by falling back to
the default list for each protocol. This means that if
ssl_cipher_list is complete garbage, the default will be used, and
TLS setup will succeed for both protocols. This is logged, so that
administrators can fix their configuration.

I prefer this approach over explicitly disabling the protocols if
their respective ciphersuite lists are invalid, because it will
result in unusable TLSv1.3 if people run newer solanum with their
older charybdis/solanum configuration files that contain custom
ssl_cipher_list definitions. Hindering TLSv1.3 adoption is not an
option, in my opinion.

The downside of this is that it is no longer possible to disable a
protocol family by not including any of its ciphersuites. This could
be remedied by an ssl_protocol_list configuration directive if it is
decided that this functionality is ultimately necessary.

This work is not required for either of the other TLS backends,
because neither of those libraries yet support TLSv1.3, and in the
event that they eventually do, I expect them to allow configuration
of newer ciphersuites with the existing APIs. This can be revisited
if it turns out not to be the case.

Signed-off-by: Aaron Jones <me@aaronmdjones.net>
Tested-by: Aaron Jones <me@aaronmdjones.net>
2021-02-07 11:52:58 +00:00
Taavi Väänänen
4863b35d1d
doc: Change missed chadybdis name to solanum (#111)
Looks like this was missed in a6f63a8.
2021-01-28 14:14:40 +00:00
Taavi Väänänen
d04ed5c53f
wallops: require new oper:wallops right (#110)
Split oper:wallops right from oper:mass_notice. Update documentation and
examples to grant oper:wallops everywhere oper:mass_notice was granted.

closes #103
2021-01-28 14:09:31 +00:00
Ed Kellett
2e79cebb9e
chmode: centralise + test mode limits (#94) 2021-01-26 11:22:39 +00:00
Doug Freed
12fd6e80c5 wsproc: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
6865484458 sslproc: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
71325a9801 librb/helper: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
1cad0654b7 librb: call rb_set_cloexec in rb_setup_fd 2021-01-26 00:03:48 -05:00
Doug Freed
34a2afbc28 librb: add rb_{set,clear}_cloexec 2021-01-26 00:03:48 -05:00
Doug Freed
4ce7aa6f70 CI: test on gcc-10 too 2021-01-25 23:59:59 -05:00
jess
fdd4857c1d
/accept list should track nick changes when you share channels (#96)
* move has_common_channel to s_user.c

* don't remove clients from /accept on NICK when there's a common channel

Co-authored-by: Ed Kellett <e@kellett.im>
2021-01-24 21:00:34 -08:00
Eric Mertens
0ba1da5910
Add +R channel mode module requiring services account to chat (#102)
* Add +R channel mode module requiring services account to chat

* Use void* in hook argument

* move chm_regmsg from modules to extensions

* generate error message when module fails to load
2021-01-24 05:13:03 -08:00
Doug Freed
551e5a146e README: update build statusbadge to use GH Actions 2020-12-14 05:28:27 -05:00
Doug Freed
cd1f698ec1 Kill appveyor too
[ci skip]
2020-12-14 05:28:27 -05:00
Doug Freed
0af84b132c Oper-guide workflow for Github Actions 2020-12-14 05:28:27 -05:00
Doug Freed
457a6dff1a Kill Travis 2020-12-14 05:28:27 -05:00
Doug Freed
e9edc8edb9 Start CI configuration for Github Actions 2020-12-14 05:28:27 -05:00
Ed Kellett
b860ad5ffa
chmode: end the grace period more intelligently (#84)
We were ending the flood grace period for any channel mode command other
than `MODE #foo [bq]` by means of a hardcoded check. I've moved that to
after we parse the mode string, so we can correctly identify all
requests to change modes and end the grace period on exactly those.

It would have been entirely possible to move the check even further down
and flood_endgrace on only mode commands that *actually* change modes,
but I don't like the idea of making it sensitive to external conditions.
2020-11-30 09:24:32 +00:00
Doug Freed
6638c837cc send: fix infinite recursion in _send_linebuf
A netwide snote eventually calls into this function again with the same 
server as has already been determined is over its sendq.  Mark the link 
dead before sending the snote to avoid infinite recursion.
2020-11-28 20:08:46 -05:00
Doug Freed
31f9d9b2f3 bandb: remove embedded sqlite 2020-11-28 12:53:05 -05:00
jesopo
11f8fd4526 fix broken atheme link in README.md 2020-11-23 15:30:26 -05:00
Doug Freed
41729935d0 extensions: remove m_roleplay 2020-11-22 17:32:43 -05:00
Doug Freed
73520cd1ed m_challenge: various fixes 2020-11-19 16:48:44 -05:00
jess
40ecb85a1d
add ConfigFileEntry.oper_secure_only, to require TLS to oper up (#76) 2020-11-18 14:29:08 +00:00
Ed Kellett
6485005214 Get rid of hub_mask/leaf_mask 2020-11-14 18:22:08 +00:00
Ed Kellett
e5e814b3db Use opernames not servernames for remote opers 2020-11-13 23:30:04 +00:00
Doug Freed
99b8e2feea s_serv: refactor burst_modes_TS6 to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
8783544360 m_findforwards: refactor to use multiline
Fixes #57
2020-11-12 19:18:01 -05:00
Doug Freed
aacd07a2c6 m_monitor: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
fcdc666b42 m_privs: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
d901e969a3 m_whois: refactor channel list to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
e51d9a67be names: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
56c8530469 m_cap: refactor clicap_generate to use multiline 2020-11-12 19:18:01 -05:00
Ed Kellett
6f88bf5c30 Add some tests for multiline 2020-11-12 19:18:01 -05:00
Doug Freed
8efff56fdf send: add sendto_one_multiline_* API
Allows simplifying multiline wrapping for multiple usages, like CAP
LS/LIST, NAMES, and WHOIS channel listing
2020-11-12 19:18:01 -05:00
jesopo
f0356d2a6f iter lists backwards when sending BMASK 2020-11-12 21:34:21 +00:00
Ed Kellett
dab715910d
Update .gitignore for 25d169b649 (#69) 2020-11-11 14:14:12 -08:00
Ed Kellett
8e7cc44919 Remove *.la from install/lib
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00
Ed Kellett
f7d1cc997e Don't reassign logdir
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00
Ed Kellett
0e50ab822d tests: clean *.db, *.log
Co-authored-by: Unit 193 <unit193@unit193.net>
2020-11-10 09:37:55 +00:00