Alexander Barton [Fri, 17 Jan 2014 15:10:34 +0000 (16:10 +0100)]
Add libwrap at the end of the configure run
If libwrap becomes added earlier, other tests may fail because of not all
external variables required by libwrap are available when linking: for
example allow_severity and deny_severity.
This patch adds generic support for the LDFLAGS_END and LIBS_END variables
(CFLAGS_END has been implemented already).
Alexander Barton [Wed, 15 Jan 2014 13:58:57 +0000 (14:58 +0100)]
Remove "range matching" functionality
Don't support "range marching" in our pattern matching code using
the "[...]" syntax, because [ and ] are valid characters in nick
names and one has to quote them currently using the "\" character,
which is quite unexpected. For example:
Nick "te[st" => "MODE #channel +b te\[st"
And remove quoting altogether, too, because "*" and "?" don't need
to be quoted because these characters are not allowed in IRC masks,
nicks, and hostnames.
Alexander Barton [Sat, 11 Jan 2014 00:33:24 +0000 (01:33 +0100)]
platformtest.sh: Allow using separate source and build trees
Now you can call platformtest.sh using its complete path name from an
other directory which is then used for building.
See <http://www.gnu.org/software/automake/manual/html_node/VPATH-Builds.html>
Please not that the build system itself is still (re-)genrated in the
original source tree. This can be avoided by passing the "-x" switch to
the platformtest.sh script.
According to RFC 2812 3.2.3 "Channel mode message" and the examples
there, it looks like clients should use "MODE -k <key>" to unset channel
keys; and that's how other servers and services behave and do expect it.
(But please note that this is NOT the case for "MODE -l"!)
In the end, it doesn't make sense to specify a key when UNsetting it at
all, and different services behave diffrently when clients do not send
the currently set key to unset it - some ignore such calls, for example!
But this implementation is quite relaxed, it accepts any key when
unsetting channel mode "k" and even accepts no key at all. But the reply
will always include an "*" character for every "-k" parameter.
C99 states that vsnprintf() "returns the number of characters that
would have been printed if the n were unlimited"; but according to the
Linux manual page "glibc until 2.0.6 would return -1 when the output
was truncated" -- so we have to handle both cases ...
We already require GNU autoconf 2.67 for generating our build system (at
least this is what the INSTALL document states), so update the build system
accordingly and implement all changes that autoupdate(1) suggests:
- Update AC_PREREQ and AC_INIT
- Use AC_LINK_IFELSE, AC_RUN_IFELSE, and AC_COMPILE_IFELSE
- Remove AC_TYPE_SIGNAL (we don't use RETSIGTYPE)
Test functions snprintf(), strlcpy(), strlcat(), vsnprintf() for
correctness, not only existance (which was quite useless, because
if they weren't available, the program could not have been linked
at all ...).
Alexander Barton [Fri, 27 Dec 2013 22:16:11 +0000 (23:16 +0100)]
Implement new configuration option "Network"
The new configuration variable "Network" is used to set the (completely
optional) "network name", to which this instance of the daemon belongs.
When set, this name is used in the ISUPPORT(005) numeric which is sent to
all clients connecting to the server after logging in.
Alexander Barton [Mon, 11 Nov 2013 23:28:50 +0000 (00:28 +0100)]
Check for working getaddrinfo() function
At least AIX 4.3.3 and 5.1 have a broken implementation of getaddrinfo()
which doesn't handle "0" as numeric service correctly. This patch adds
a configure check for this case and changes all calling functions to only
use getaddrinfo() if it "works".
See <http://www.stacken.kth.se/lists/heimdal-discuss/2004-05/msg00059.html>
Increase the penalty for a command before checking its arguments. This
makes the handling more consistent and allow us to move more penalties to
Handle_Request().
FreeBSD prior to 10.0 does not automatically stir on fork(). Same with
current NetBSD. If arc4random_stir() is present assume is needed and
call it instead of srand().
Kill all clients that match a new GLINE/KLINE mask and genrate apropriate
KILL commands. These KILL commands can be superfluous, but are required
when the IRC Operator isn't allowd to set remote G-Lines or if there are
older servers in the network that don't kill clients on GLINE/KLINE.
Alexander Barton [Thu, 26 Sep 2013 00:26:24 +0000 (02:26 +0200)]
Adjust log messages for invalid and spoofed prefixes
Now invalid prefixes aren't logged no more when originating from an other
server (besides in debug mode), and spoofed prefixes are correctly logged
using LOG_WARNING (from an other server) or LOG_ERR (from a client) levels.
In addition, the log message texts have been adjusted to better reflect
what will happen: commands with invalid prefixes are ignored and logged,
commands with spoofed prefixes will result in the client being disconncted
(regular users) or the command being ignored (other servers).
This cleans up logging of commands related to already KILL'ed clients.
* alex/bug162-SSLCipherList:
Cipher list selection for GnuTLS
ConnSSL_Init_SSL(): correctly set CONN_SSL flag
Cipher list selection for OpenSSL
ConnSSL_InitLibrary(): Code cleanup
In some error cases conn_id will be left as SERVER_WAIT and
subsequently ignored in Check_Servers(). Ensure conn_id is set to
NONE before returning from New_Server() if we couldn't establish
the connection.
Prompted by a report from gabrielgi-at-gmail-dot-com.
Alexander Barton [Sun, 15 Sep 2013 22:31:03 +0000 (00:31 +0200)]
Don't ignore SSL-related errors during startup
Without this patch, ngIRCd ignores SSL-related messages and continues
to start up but only listens on plain text communication ports -- and
this most probably isn't what the administrator wanted ...
Alexander Barton [Sun, 15 Sep 2013 13:09:36 +0000 (15:09 +0200)]
Cipher list selection for OpenSSL
This patch introduces the possibility to arbitrarily select ciphers which
should be promoted resp. declined when establishing a SSL connection
with a client by implementing the new configuration option "CipherList".
By default, OpenSSL would accept low and medium strength and RC-4 ciphers,
which nowadays are known to be broken.
This patch only implements the feature for OpenSSL. A GnuTLS counterpart
has to be implemented in another patch ...
Original patch by Bastian <bastian-ngircd@t6l.de>.