ngircd-alex.git
6 years agoFix configure script and "make check" for TCP Wrappers
Alexander Barton [Fri, 17 Jan 2014 15:18:55 +0000 (16:18 +0100)]
Fix configure script and "make check" for TCP Wrappers

Add missing #include's and static variables.

Problem spotted on OpenBSD.

6 years agoAdd libwrap at the end of the configure run
Alexander Barton [Fri, 17 Jan 2014 15:10:34 +0000 (16:10 +0100)]
Add libwrap at the end of the configure run

If libwrap becomes added earlier, other tests may fail because of not all
external variables required by libwrap are available when linking: for
example allow_severity and deny_severity.

This patch adds generic support for the LDFLAGS_END and LIBS_END variables
(CFLAGS_END has been implemented already).

Problem spotted on OpenBSD.

6 years agoplatformtest.sh: Allow using separate source and build trees
Alexander Barton [Sat, 11 Jan 2014 00:33:24 +0000 (01:33 +0100)]
platformtest.sh: Allow using separate source and build trees

Now you can call platformtest.sh using its complete path name from an
other directory which is then used for building.

See <http://www.gnu.org/software/automake/manual/html_node/VPATH-Builds.html>

Please not that the build system itself is still (re-)genrated in the
original source tree. This can be avoided by passing the "-x" switch to
the platformtest.sh script.

6 years agoplatformtest.sh: Show only up to 10 bytes of version information
Alexander Barton [Sat, 11 Jan 2014 00:32:12 +0000 (01:32 +0100)]
platformtest.sh: Show only up to 10 bytes of version information

6 years agoplatformtest.sh: New option "-x", don't renegerate build system
Alexander Barton [Sat, 11 Jan 2014 00:27:12 +0000 (01:27 +0100)]
platformtest.sh: New option "-x", don't renegerate build system

6 years agoClient_SetHostname(): Don't use strlen() to test for value
Alexander Barton [Fri, 10 Jan 2014 18:57:03 +0000 (19:57 +0100)]
Client_SetHostname(): Don't use strlen() to test for value

6 years agoTest suite: explicitely enable glibc memory checking
Alexander Barton [Fri, 10 Jan 2014 18:56:08 +0000 (19:56 +0100)]
Test suite: explicitely enable glibc memory checking

6 years agoSend "fake '*' key" in "MODE -k" replies
Alexander Barton [Wed, 8 Jan 2014 13:18:09 +0000 (14:18 +0100)]
Send "fake '*' key" in "MODE -k" replies

According to RFC 2812 3.2.3 "Channel mode message" and the examples
there, it looks like clients should use "MODE -k <key>" to unset channel
keys; and that's how other servers and services behave and do expect it.

(But please note that this is NOT the case for "MODE -l"!)

In the end, it doesn't make sense to specify a key when UNsetting it at
all, and different services behave diffrently when clients do not send
the currently set key to unset it - some ignore such calls, for example!

But this implementation is quite relaxed, it accepts any key when
unsetting channel mode "k" and even accepts no key at all. But the reply
will always include an "*" character for every "-k" parameter.

6 years agoAdd "config.cache" to .gitignore file
Alexander Barton [Mon, 6 Jan 2014 16:20:54 +0000 (17:20 +0100)]
Add "config.cache" to .gitignore file

6 years agoplatformtest.sh: don't use "test -e", it isn't portable
Alexander Barton [Sat, 4 Jan 2014 23:48:31 +0000 (00:48 +0100)]
platformtest.sh: don't use "test -e", it isn't portable

6 years agoMakefile.am: don't use "test -e", it isn't portable
Alexander Barton [Sat, 4 Jan 2014 23:12:00 +0000 (00:12 +0100)]
Makefile.am: don't use "test -e", it isn't portable

6 years agoSupport non-standard vsnprintf() return code
Alexander Barton [Sat, 4 Jan 2014 22:57:05 +0000 (23:57 +0100)]
Support non-standard vsnprintf() return code

C99 states that vsnprintf() "returns the number of characters that
would have been printed if the n were unlimited"; but according to the
Linux manual page "glibc until 2.0.6 would return -1 when the output
was truncated" -- so we have to handle both cases ...

6 years agoPartially revert bc098794: don't require autoconf 2.67
Alexander Barton [Sat, 4 Jan 2014 22:12:56 +0000 (23:12 +0100)]
Partially revert bc098794: don't require autoconf 2.67

GNU autoconf 2.61 is still sufficient to generate the configure script, even
after updating configure.{ng|in}, so don't require a newer version.

6 years agodoc/Platforms.txt: Update some systems to ngIRCd 21
Alexander Barton [Thu, 2 Jan 2014 17:36:18 +0000 (18:36 +0100)]
doc/Platforms.txt: Update some systems to ngIRCd 21

- update i686/pc/cygwin, gcc 4.8.2
- update x86_64/apple/darwin13.0.0, Apple clang 5.0
- update x86_64/unknown/freebsd8.4, gcc 4.2.1
- update x86_64/unknown/freebsd9.1, gcc 4.2.1
- update x86_64/unknown/linux-gnu, gcc 4.8.2
- update x86_64/unknown/linux-gnu, Open64
- update x86_64/unknown/openbsd4.8, gcc 4.2.1
- update x86_64/unknown/openbsd5.1, gcc 4.2.1

6 years agoUpdate configure.ng for autoconf 2.67
Alexander Barton [Thu, 2 Jan 2014 14:33:39 +0000 (15:33 +0100)]
Update configure.ng for autoconf 2.67

We already require GNU autoconf 2.67 for generating our build system (at
least this is what the INSTALL document states), so update the build system
accordingly and implement all changes that autoupdate(1) suggests:

 - Update AC_PREREQ and AC_INIT
 - Use AC_LINK_IFELSE, AC_RUN_IFELSE, and AC_COMPILE_IFELSE
 - Remove AC_TYPE_SIGNAL (we don't use RETSIGTYPE)

6 years agoUpdate Copyright notices for 2014
Alexander Barton [Thu, 2 Jan 2014 14:27:07 +0000 (15:27 +0100)]
Update Copyright notices for 2014

6 years agoMerge branch 'bug167-WebircIPAnoDNS' of git://arthur.barton.de/ngircd-alex
Alexander Barton [Wed, 1 Jan 2014 23:45:05 +0000 (00:45 +0100)]
Merge branch 'bug167-WebircIPAnoDNS' of git://arthur.barton.de/ngircd-alex

* 'bug167-WebircIPAnoDNS' of git://arthur.barton.de/ngircd-alex:
  WEBIRC: Don't respect hostname when DNS is disabled

6 years agoMerge branch 'bug165-005-NETWORK' of git://arthur.barton.de/ngircd-alex
Alexander Barton [Wed, 1 Jan 2014 23:44:42 +0000 (00:44 +0100)]
Merge branch 'bug165-005-NETWORK' of git://arthur.barton.de/ngircd-alex

* 'bug165-005-NETWORK' of git://arthur.barton.de/ngircd-alex:
  Implement new configuration option "Network"

6 years agoportabtest: Add checks for strdup(), strndup(), and strtok_r() enhance-portabtest
Alexander Barton [Wed, 1 Jan 2014 15:38:36 +0000 (16:38 +0100)]
portabtest: Add checks for strdup(), strndup(), and strtok_r()

6 years agoportabtest: Actually test functions
Alexander Barton [Wed, 1 Jan 2014 14:57:34 +0000 (15:57 +0100)]
portabtest: Actually test functions

Test functions snprintf(), strlcpy(), strlcat(), vsnprintf() for
correctness, not only existance (which was quite useless, because
if they weren't available, the program could not have been linked
at all ...).

6 years agoportabtest: Only use one exit code to indicate errors
Alexander Barton [Sun, 29 Dec 2013 16:48:25 +0000 (17:48 +0100)]
portabtest: Only use one exit code to indicate errors

6 years agoportabtest: Code cleanup
Alexander Barton [Sun, 29 Dec 2013 16:46:54 +0000 (17:46 +0100)]
portabtest: Code cleanup

6 years agoFix permanent k/gline
Federico G. Schwindt [Sun, 8 Dec 2013 01:43:55 +0000 (01:43 +0000)]
Fix permanent k/gline

Reported by Toni Spets (hifi - at - jnz - dot - fi).

6 years agoImplement new configuration option "Network" bug165-005-NETWORK
Alexander Barton [Fri, 27 Dec 2013 22:16:11 +0000 (23:16 +0100)]
Implement new configuration option "Network"

The new configuration variable "Network" is used to set the (completely
optional) "network name", to which this instance of the daemon belongs.
When set, this name is used in the ISUPPORT(005) numeric which is sent to
all clients connecting to the server after logging in.

Closes bug #165.

6 years agoWEBIRC: Don't respect hostname when DNS is disabled bug167-WebircIPAnoDNS
Alexander Barton [Fri, 27 Dec 2013 21:34:47 +0000 (22:34 +0100)]
WEBIRC: Don't respect hostname when DNS is disabled

When DNS lookups are disabled, don't set the hostname received by the
WEBIRC command, but use the IP address instead.

Reported by Toni Spets <toni.spets@iki.fi>, thanks!

Closes bug #167.

6 years agoOS X has a working getaddrinfo() implementation
Alexander Barton [Fri, 27 Dec 2013 20:35:53 +0000 (21:35 +0100)]
OS X has a working getaddrinfo() implementation

6 years agoCheck for working getaddrinfo() function
Alexander Barton [Mon, 11 Nov 2013 23:28:50 +0000 (00:28 +0100)]
Check for working getaddrinfo() function

At least AIX 4.3.3 and 5.1 have a broken implementation of getaddrinfo()
which doesn't handle "0" as numeric service correctly. This patch adds
a configure check for this case and changes all calling functions to only
use getaddrinfo() if it "works".

See <http://www.stacken.kth.se/lists/heimdal-discuss/2004-05/msg00059.html>

6 years agoFix spelling
Federico G. Schwindt [Tue, 26 Nov 2013 00:19:01 +0000 (00:19 +0000)]
Fix spelling

6 years agodoc/Platforms.txt: Add and update more systems
Alexander Barton [Tue, 3 Dec 2013 11:16:23 +0000 (12:16 +0100)]
doc/Platforms.txt: Add and update more systems

- add i386/unknown/netbsdelf1.5.2, egcs-1.1.2
- update i386/unknown/openbsd5.3, gcc 4.2.1
- add i386/unknown/openbsd5.4, gcc 4.2.1
- add x86_64/unknown/linux-gnu, nwcc 0.8.2
- update x86_64/unknown/linux-gnu, tcc 0.9.25

Thanks to Götz Hoffart <goetz@hoffart.de>!

7 years agodoc/Platforms.txt: Add and update more systems
Alexander Barton [Sun, 24 Nov 2013 17:32:59 +0000 (18:32 +0100)]
doc/Platforms.txt: Add and update more systems

- add i386/unknown/openbsd3.5, gcc 2.95.3
- add x86_64/unknown/linux-gnu, Sun C 5.12
- update mipsel/unknown/linux-gnu, gcc 4.4.5

Thanks to Götz Hoffart <goetz@hoffart.de>!

7 years agodoc/Platforms.txt: add DragonflyBSD 3.4 on x86_64
Alexander Barton [Wed, 13 Nov 2013 10:44:31 +0000 (11:44 +0100)]
doc/Platforms.txt: add DragonflyBSD 3.4 on x86_64

Thanks to Götz Hoffart <goetz@hoffart.de>!

7 years agodoc/Platforms.txt: add OpenBSD 5.4 on HPPA
Alexander Barton [Mon, 11 Nov 2013 23:33:30 +0000 (00:33 +0100)]
doc/Platforms.txt: add OpenBSD 5.4 on HPPA

7 years agoconfigure: clean up function definitions
Alexander Barton [Mon, 11 Nov 2013 23:25:28 +0000 (00:25 +0100)]
configure: clean up function definitions

7 years agoOnly use unsetenv() when it is available
Alexander Barton [Sun, 10 Nov 2013 16:08:41 +0000 (17:08 +0100)]
Only use unsetenv() when it is available

AIX 4.3 dosn't support it, for example.

7 years agoconf-ssl.h: make code compatible with pre-ANSI C compilers
Alexander Barton [Sat, 9 Nov 2013 22:42:56 +0000 (23:42 +0100)]
conf-ssl.h: make code compatible with pre-ANSI C compilers

7 years agovsnprintf.c: make code compatible with ansi2knr tool
Alexander Barton [Sat, 9 Nov 2013 22:41:20 +0000 (23:41 +0100)]
vsnprintf.c: make code compatible with ansi2knr tool

7 years agoRemove unused vsnprintf.c test function
Alexander Barton [Sat, 9 Nov 2013 22:31:51 +0000 (23:31 +0100)]
Remove unused vsnprintf.c test function

7 years agoAdd comments around some IRC_SetPenalty() calls
Federico G. Schwindt [Thu, 7 Nov 2013 18:17:58 +0000 (18:17 +0000)]
Add comments around some IRC_SetPenalty() calls

7 years agoRework the penalty handling slightly
Federico G. Schwindt [Thu, 7 Nov 2013 16:53:29 +0000 (16:53 +0000)]
Rework the penalty handling slightly

Increase the penalty for a command before checking its arguments.  This
makes the handling more consistent and allow us to move more penalties to
Handle_Request().

7 years agoMove IRC_SetPenalty() to Handle_Request() when possible
Federico G. Schwindt [Thu, 7 Nov 2013 16:29:21 +0000 (16:29 +0000)]
Move IRC_SetPenalty() to Handle_Request() when possible

This centralizes the penalty handling. It also exposes some commands that
lack it for our attention.

7 years agoIntroduce a macro to define the command list
Federico G. Schwindt [Thu, 7 Nov 2013 13:20:08 +0000 (13:20 +0000)]
Introduce a macro to define the command list

This will pave the way to other changes and simplifies the entries somewhat.

7 years agoWhen sending an error use the IRC_WriteErrClient() variant
Federico G. Schwindt [Thu, 7 Nov 2013 10:45:34 +0000 (10:45 +0000)]
When sending an error use the IRC_WriteErrClient() variant

This ensures that all errors have a 2 second penalty.

7 years agoOn bad /oper set the penalty to 10 seconds
Federico G. Schwindt [Wed, 6 Nov 2013 21:46:53 +0000 (21:46 +0000)]
On bad /oper set the penalty to 10 seconds

This helps against brute-force attempts.

7 years agoRemove unneded IRC_SetPenalty() calls
Federico G. Schwindt [Wed, 6 Nov 2013 18:28:09 +0000 (18:28 +0000)]
Remove unneded IRC_SetPenalty() calls

IRC_WriteErrClient() already calls IRC_SetPenalty().  While here convert
some IRC_SetPenalty() + IRC_WriteStrClient() to IRC_WriteErrClient().

7 years agoUse sizeof() intead of the explicit size
Federico G. Schwindt [Wed, 6 Nov 2013 18:16:05 +0000 (18:16 +0000)]
Use sizeof() intead of the explicit size

7 years agoRemove wrong #ifdef in Option_String()
Alexander Barton [Fri, 1 Nov 2013 18:12:35 +0000 (19:12 +0100)]
Remove wrong #ifdef in Option_String()

This fixes the following error when compiling without zlib support:

  irc.c: In function ‘Option_String’:
  irc.c:487: error: ‘options’ undeclared (first use in this function)

Reported by "der_baer" on #ngircd.

7 years agoNEWS/ChangeLog: Clean up version numbers and release dates
Alexander Barton [Thu, 31 Oct 2013 23:05:31 +0000 (00:05 +0100)]
NEWS/ChangeLog: Clean up version numbers and release dates

7 years agongIRCd Release 21 rel-21
Alexander Barton [Wed, 30 Oct 2013 21:20:36 +0000 (22:20 +0100)]
ngIRCd Release 21

7 years agodoc/Platforms.txt: add Mac OS X 10.6.8
Alexander Barton [Wed, 30 Oct 2013 21:13:21 +0000 (22:13 +0100)]
doc/Platforms.txt: add Mac OS X 10.6.8

7 years agoUpdate doc/Platforms.txt
Alexander Barton [Sun, 27 Oct 2013 23:00:06 +0000 (00:00 +0100)]
Update doc/Platforms.txt

7 years agongircd.init: Make sure no stale PID file is left over
Alexander Barton [Sat, 26 Oct 2013 19:34:56 +0000 (21:34 +0200)]
ngircd.init: Make sure no stale PID file is left over

7 years agoplatformtest.sh/Platforms.txt: allow user names up to 8 characters
Alexander Barton [Tue, 22 Oct 2013 12:15:34 +0000 (14:15 +0200)]
platformtest.sh/Platforms.txt: allow user names up to 8 characters

7 years agoCheck and call arc4random_stir() if present
Federico G. Schwindt [Wed, 23 Oct 2013 15:00:26 +0000 (16:00 +0100)]
Check and call arc4random_stir() if present

FreeBSD prior to 10.0 does not automatically stir on fork(). Same with
current NetBSD. If arc4random_stir() is present assume is needed and
call it instead of srand().

7 years agoDebian: Fix sed(1) rules adjusting "ngircd-full" package
Alexander Barton [Sun, 20 Oct 2013 16:32:50 +0000 (18:32 +0200)]
Debian: Fix sed(1) rules adjusting "ngircd-full" package

Error introduced by last commit :-/

7 years agoDebian: Fix default "HelpFile" file name in ngircd.conf
Alexander Barton [Sun, 20 Oct 2013 16:06:21 +0000 (18:06 +0200)]
Debian: Fix default "HelpFile" file name in ngircd.conf

The "full" package variants must use "/usr/share/doc/ngircd-full/Commands.txt"
and "/usr/share/doc/ngircd-full-dbg/Commands.txt" respectively.

7 years agongIRCd Release 21~rc2 rel-21-rc2
Alexander Barton [Sun, 20 Oct 2013 13:51:03 +0000 (15:51 +0200)]
ngIRCd Release 21~rc2

7 years agoplatformtest.sh: Detect clang compilers
Alexander Barton [Sun, 20 Oct 2013 13:25:19 +0000 (15:25 +0200)]
platformtest.sh: Detect clang compilers

7 years agoAdd support for longer config lines
Federico G. Schwindt [Thu, 17 Oct 2013 21:10:53 +0000 (22:10 +0100)]
Add support for longer config lines

With the introduction of CipherList we could have longer config lines.
Handle up to 1024 bytes and warn if the line will be truncated.

7 years agoReport the correct file on error
Federico G. Schwindt [Thu, 17 Oct 2013 20:52:15 +0000 (21:52 +0100)]
Report the correct file on error

7 years agodoc/Platforms.txt: Add Open64 and tcc C compilers on Linux
Alexander Barton [Wed, 16 Oct 2013 20:27:38 +0000 (22:27 +0200)]
doc/Platforms.txt: Add Open64 and tcc C compilers on Linux

Thanks to Götz Hoffart!

7 years agoplatformtest.sh: Detect tcc compiler
Alexander Barton [Wed, 16 Oct 2013 19:59:23 +0000 (21:59 +0200)]
platformtest.sh: Detect tcc compiler

7 years agoAdd support for arc4random
Federico G. Schwindt [Wed, 16 Oct 2013 10:15:27 +0000 (11:15 +0100)]
Add support for arc4random

If arc4random is present it will be used over the srand/rand interface.
This fixes some warnings in OpenBSD-current.

7 years agoFix another strcat warning missed in commit 4c5b43
Federico G. Schwindt [Wed, 16 Oct 2013 09:40:14 +0000 (10:40 +0100)]
Fix another strcat warning missed in commit 4c5b43

7 years agoplatformtest.sh: Clean up GIT source tree, when possible
Alexander Barton [Mon, 14 Oct 2013 21:47:07 +0000 (23:47 +0200)]
platformtest.sh: Clean up GIT source tree, when possible

7 years agoplatformtest.sh: Detect Apple LLVM (clang) compiler
Alexander Barton [Mon, 14 Oct 2013 21:45:59 +0000 (23:45 +0200)]
platformtest.sh: Detect Apple LLVM (clang) compiler

7 years agoUpdate (date of) manual pages
Alexander Barton [Mon, 7 Oct 2013 21:02:27 +0000 (23:02 +0200)]
Update (date of) manual pages

7 years agoChnageLog file: even more spelling fixes ...
Alexander Barton [Mon, 7 Oct 2013 20:17:49 +0000 (22:17 +0200)]
ChnageLog file: even more spelling fixes ...

7 years agoINSTALL file: Update "Upgrade Information"
Alexander Barton [Mon, 7 Oct 2013 20:15:22 +0000 (22:15 +0200)]
INSTALL file: Update "Upgrade Information"

7 years agoFix spelling in NEWS and ChangeLog files
Alexander Barton [Mon, 7 Oct 2013 19:59:02 +0000 (21:59 +0200)]
Fix spelling in NEWS and ChangeLog files

7 years agongircd.c, main(): use strlcat() instead of strcat()
Alexander Barton [Mon, 7 Oct 2013 19:56:09 +0000 (21:56 +0200)]
ngircd.c, main(): use strlcat() instead of strcat()

This fixes the following warning on OpenBSD 5.3:

 ngircd.o(.text+0xeb4): In function `main':
  src/ngircd/ngircd.c:300: warning: strcat() is almost always misused,
                                    please use strlcat()

Thanks to Götz Hoffart for reporting this!

7 years agongIRCd Release 21~rc1 rel-21-rc1
Alexander Barton [Sat, 5 Oct 2013 21:40:29 +0000 (23:40 +0200)]
ngIRCd Release 21~rc1

7 years agoUpdate NEWS and ChangeLog files
Alexander Barton [Wed, 2 Oct 2013 00:10:48 +0000 (02:10 +0200)]
Update NEWS and ChangeLog files

7 years agoActually KILL clients on GLINE/KLINE bug156-GKLine-Kill
Alexander Barton [Tue, 1 Oct 2013 10:09:59 +0000 (12:09 +0200)]
Actually KILL clients on GLINE/KLINE

Kill all clients that match a new GLINE/KLINE mask and genrate apropriate
KILL commands. These KILL commands can be superfluous, but are required
when the IRC Operator isn't allowd to set remote G-Lines or if there are
older servers in the network that don't kill clients on GLINE/KLINE.

Closes bug #156.

7 years agoDon't forward KILL commands for unknown clients
Alexander Barton [Thu, 26 Sep 2013 00:58:01 +0000 (02:58 +0200)]
Don't forward KILL commands for unknown clients

7 years agoNew function IRC_KillClient() to kill clients
Alexander Barton [Tue, 1 Oct 2013 10:13:17 +0000 (12:13 +0200)]
New function IRC_KillClient() to kill clients

The old local function Kill_Nick() in irc.c has been an ugly hack. This
patch implements a generic function for killing clients.

Adjust all callers of Kill_Nick() and respect the return code!

7 years agoAdjust log messages for invalid and spoofed prefixes
Alexander Barton [Thu, 26 Sep 2013 00:26:24 +0000 (02:26 +0200)]
Adjust log messages for invalid and spoofed prefixes

Now invalid prefixes aren't logged no more when originating from an other
server (besides in debug mode), and spoofed prefixes are correctly logged
using LOG_WARNING (from an other server) or LOG_ERR (from a client) levels.

In addition, the log message texts have been adjusted to better reflect
what will happen: commands with invalid prefixes are ignored and logged,
commands with spoofed prefixes will result in the client being disconncted
(regular users) or the command being ignored (other servers).

This cleans up logging of commands related to already KILL'ed clients.

7 years agoRemove CLIENT.oper_by_my, Client_SetOperByMe() and Client_OperByMe() RemoveOperByMe
Alexander Barton [Tue, 24 Sep 2013 23:29:23 +0000 (01:29 +0200)]
Remove CLIENT.oper_by_my, Client_SetOperByMe() and Client_OperByMe()

All places where Client_OperByMe() is used can either be converted to
Client_HasMode(Client, 'o') or Op_Check().

And Op_Check() itself can use the connection handle for deciding whether
the IRC Operator is a local user or not.

7 years agoAdd support to show user links using "STATS L"
Federico G. Schwindt [Wed, 18 Sep 2013 22:51:44 +0000 (23:51 +0100)]
Add support to show user links using "STATS L"

Change "stats L" to show servers and user links and restrict it to
IRC Operators.

7 years agoLog an error (not info) when working directory can't be changed
Alexander Barton [Mon, 23 Sep 2013 22:04:54 +0000 (00:04 +0200)]
Log an error (not info) when working directory can't be changed

7 years agodoc/PAM.txt: add a slightly more useful example
Alexander Barton [Wed, 18 Sep 2013 22:17:36 +0000 (00:17 +0200)]
doc/PAM.txt: add a slightly more useful example

7 years agoChange the certificate fingerprint digest to sha256
Federico G. Schwindt [Tue, 17 Sep 2013 16:33:12 +0000 (17:33 +0100)]
Change the certificate fingerprint digest to sha256

While here correct some indentation.

7 years agoChange cipher defaults
Federico G. Schwindt [Tue, 17 Sep 2013 15:16:51 +0000 (16:16 +0100)]
Change cipher defaults

Switch cipher defaults to HIGH:!aNULL:@STRENGTH (OpenSSL) or
SECURE128 (GnuTLS).

7 years agoMerge remote-tracking branch 'alex/bug162-SSLCipherList'
Alexander Barton [Mon, 16 Sep 2013 15:32:25 +0000 (17:32 +0200)]
Merge remote-tracking branch 'alex/bug162-SSLCipherList'

* alex/bug162-SSLCipherList:
  Cipher list selection for GnuTLS
  ConnSSL_Init_SSL(): correctly set CONN_SSL flag
  Cipher list selection for OpenSSL
  ConnSSL_InitLibrary(): Code cleanup

7 years agoFix server reconnection
Federico G. Schwindt [Mon, 16 Sep 2013 01:15:49 +0000 (02:15 +0100)]
Fix server reconnection

In some error cases conn_id will be left as SERVER_WAIT and
subsequently ignored in Check_Servers(). Ensure conn_id is set to
NONE before returning from New_Server() if we couldn't establish
the connection.

Prompted by a report from gabrielgi-at-gmail-dot-com.

7 years agoDon't ignore SSL-related errors during startup
Alexander Barton [Sun, 15 Sep 2013 22:31:03 +0000 (00:31 +0200)]
Don't ignore SSL-related errors during startup

Without this patch, ngIRCd ignores SSL-related messages and continues
to start up but only listens on plain text communication ports -- and
this most probably isn't what the administrator wanted ...

Closes bug #163.

7 years agoCipher list selection for GnuTLS bug162-SSLCipherList
Alexander Barton [Sun, 15 Sep 2013 15:57:41 +0000 (17:57 +0200)]
Cipher list selection for GnuTLS

This patch implements the missing functionality for cipher list selection
using GnuTLS (our OpenSSL code has this already).

7 years agoConnSSL_Init_SSL(): correctly set CONN_SSL flag
Alexander Barton [Sun, 15 Sep 2013 15:35:52 +0000 (17:35 +0200)]
ConnSSL_Init_SSL(): correctly set CONN_SSL flag

The CONN_SSL flag must be set before any calls to ConnSSL_Free()!

7 years agoCipher list selection for OpenSSL
Alexander Barton [Sun, 15 Sep 2013 13:09:36 +0000 (15:09 +0200)]
Cipher list selection for OpenSSL

This patch introduces the possibility to arbitrarily select ciphers which
should be promoted resp. declined when establishing a SSL connection
with a client by implementing the new configuration option "CipherList".

By default, OpenSSL would accept low and medium strength and RC-4 ciphers,
which nowadays are known to be broken.

This patch only implements the feature for OpenSSL. A GnuTLS counterpart
has to be implemented in another patch ...

Original patch by Bastian <bastian-ngircd@t6l.de>.

Closes bug #162.

7 years agoConnSSL_InitLibrary(): Code cleanup
Alexander Barton [Sun, 15 Sep 2013 12:09:31 +0000 (14:09 +0200)]
ConnSSL_InitLibrary(): Code cleanup

7 years agoTRACE: fix error message when there are too many parameters
Alexander Barton [Fri, 6 Sep 2013 22:18:00 +0000 (00:18 +0200)]
TRACE: fix error message when there are too many parameters

ircd 2.11 ignores additional parameters silently, but I don't think
that this is the correct behaviour either ...

7 years agoIRC_SetPenalty(): Code cleanup
Alexander Barton [Fri, 6 Sep 2013 22:05:49 +0000 (00:05 +0200)]
IRC_SetPenalty(): Code cleanup

7 years agoAdd more penalty times
Federico G. Schwindt [Thu, 5 Sep 2013 16:11:38 +0000 (17:11 +0100)]
Add more penalty times

Ensure before every numeric 461 there is a call to IRC_SetPenalty().

7 years agoRework check for number of parameters
Federico G. Schwindt [Thu, 5 Sep 2013 16:01:49 +0000 (17:01 +0100)]
Rework check for number of parameters

Move most of the checks that return numeric 461 into Handle_Request().

7 years agoReorder checks
Federico G. Schwindt [Thu, 5 Sep 2013 12:45:14 +0000 (13:45 +0100)]
Reorder checks

Move oper and Conf_MorePrivacy checks after checking the number of
parameters.

7 years agoMove the IRC_SetPenalty() call after the asserts
Federico G. Schwindt [Thu, 5 Sep 2013 12:07:19 +0000 (13:07 +0100)]
Move the IRC_SetPenalty() call after the asserts

7 years agoCorrect numeric returned by whois
Federico G. Schwindt [Thu, 5 Sep 2013 09:46:13 +0000 (10:46 +0100)]
Correct numeric returned by whois

As per RFC whois should return 431 if no nick is provided.  While
here convert upper check to use irc-macros. As a bonus we get to set
the penalty for free.

7 years agoMinor cosmetic change
Federico G. Schwindt [Thu, 5 Sep 2013 09:40:39 +0000 (10:40 +0100)]
Minor cosmetic change

Add a define to indicate any client.  While I'm here use hex values
instead of decimal, it's somewhat clearer that they could be OR'ed
together.

7 years agoCommands.txt: Document proprietary DIE <message> parameter
Alexander Barton [Wed, 4 Sep 2013 22:18:49 +0000 (00:18 +0200)]
Commands.txt: Document proprietary DIE <message> parameter

7 years agogetpid.sh: use /bin/pidof when available
Alexander Barton [Tue, 3 Sep 2013 19:33:22 +0000 (21:33 +0200)]
getpid.sh: use /bin/pidof when available

7 years agoDon't enforce channel types for other servers
Alexander Barton [Tue, 3 Sep 2013 15:13:46 +0000 (17:13 +0200)]
Don't enforce channel types for other servers

The configuration option "AllowedChannelTypes" must only be enforced for
regular clients and not for remote servers. Channels created by other
servres are always allowed, because they already exist and the daemon
must stay in sync with the network.