Commit Graph

2196 Commits

Author SHA1 Message Date
Al Beano 4cacd25490 unnecessary comparisons 2017-04-06 22:25:17 +01:00
Al Beano 436240f3e1 custom cloak for tor HS users 2017-04-06 22:22:12 +01:00
Al Beano ff50430c76 fix for servers with cloaking enabled 2017-04-06 20:24:02 +00:00
Al Beano e684881e9c view connections from localhost as being secure 2017-04-06 20:43:36 +01:00
Alexander Barton 879d550408 Fix handling of connection pool allocation and enlargement
The daemon only enlarged its connection pool when accepting new client
connections, not when establishing new outgoing server links.

Thanks to Lukas Braun (k00mi) for reporting this!

In addition this patch streamlines the connection pool allocation, so
that there is only one place in the code allocating the pool: the now
updated Socket2Index() function. The name doesn't quite fit, but this
existing and today quite useless function (because the mapping from
socket number to connection index is 1:1 today) already became called
in almost all relevant code paths, so I decided to reuse it to keep the
patch small ...probably we want to fix the naming in a second patch?

Closes #231.
2017-01-19 00:06:46 +01:00
Alexander Barton 2bb917f05a 2017! 2017-01-15 22:07:11 +01:00
Alexander Barton 02c8887543 Log privilege violations and failed OPER as "error" and to &server 2016-12-08 01:34:33 +01:00
Alexander Barton 77861f6fe2 Immediately shut down connection on receiving ERROR
Don't wait for the peer to close the connection. This allows us to
forward the ERROR mesage in the network, instead of the very generic
"client closed connection" message.
2016-12-08 01:01:40 +01:00
Alexander Barton 0dc3c13469 x-Line synchronization: Don't send negative durations 2016-12-08 00:22:05 +01:00
Alexander Barton d0d4de4980 List expiration: use same log level as when setting
And log this event to the &SERVER channel, too.
2016-12-08 00:20:38 +01:00
Alexander Barton 85df414907 Remove leftover debug message. Oops! 2016-12-08 00:18:57 +01:00
Alexander Barton f5ff22d98f G-LINES: Forbid remote modifications if "AllowRemoteOper" is not set
Explicitely forbid remote servers to modify "x-lines" (G-LINES) when the
"AllowRemoteOper" configuration option isn't set, even when the command
seems to originate from the remote server itself: this prevents GLINE's
to become set during server handshake in this case (what wouldn't be
possible during regular runtime when a remote IRC Op sends the command)
and what can't be undone by IRC Ops later on (because of the missing
"AllowRemoteOper" option) ...
2016-12-08 00:14:00 +01:00
Christoph Biedl daa88b7651 Fix building ngIRCd with OpenSSL 1.1
At the moment, ngIRCd fails to build against OpenSSL 1.1 since the
configure check probes for the SSL_library_init symbol which was
removed, but probing for a different function availabe in both versions
solves that problem: SSL_new().

And as SSL_library_init is no longer needed, the patch boils down to
probing SSL_new to assert libssl is available, and disabling the
SSL_library_init invokation from OpenSSL 1.1 on, see also another
application[1] (NSCA-ng) that did pretty much the same.

Patch was compile-tested on both Debian jessie (OpenSSL 1.0.2) and
stretch (OpenSSL 1.1).

[1] <>

(Patch by Christoph, commit message cherry-picked from the email thread
on the mailing list by Alex. Thanks!)
2016-12-05 23:51:07 +01:00
Alexander Barton 2924b3d52a gcc 6.2 warnings: fix code indentation
This fixes the following correct -Wmisleading-indentation warning
messages of gcc 6.2:

irc-write.c: In function ‘IRC_SendWallops’:
irc-write.c:521:4: warning: this ‘if’ clause does not guard...
irc-write.c:524:5: note: ...this statement, but the latter is
  misleadingly indented as if it is guarded by the ‘if’
irc-write.c:526:4: warning: this ‘if’ clause does not guard... []
irc-write.c:529:5: note: ...this statement, but the latter is
  misleadingly indented as if it is guarded by the ‘if’

irc-info.c: In function ‘IRC_STATS’:
irc-info.c:895:3: warning: this ‘else’ clause does not guard...
irc-info.c:897:4: note: ...this statement, but the latter is
  misleadingly indented as if it is guarded by the ‘else’

No functional changes, the code has been correct, but the indentation
was wrong ...
2016-12-05 23:33:12 +01:00
Alexander Barton 722afc1b81 Make sure that SYSCONFDIR is always set
This is useful when ./configure hasn't been run but some source code
linters are run in an editor, for example.
2016-07-22 19:01:04 +02:00
Christian Aistleitner e84000f7b8 Add PAMServiceName setting to specify the used PAM configuration
This setting allows to run multiple ngIRCd instances with
PAM configurations on each instance.
If one sets it to "ngircd-foo", PAM will use `/etc/pam.d/ngircd-foo`
instead of the default `/etc/pam.d/ngircd`.
2016-06-05 23:48:29 +02:00
Alexander Barton 7dba1a0766 Send_Message: Fix handling of "empty" targets
Clients can specify multiple targets for the "PRIVMSG", "NOTICE", and
"SQUERY" commands, separated by commas (e. g. "PRIVMSG a,#b,c :text").

Since commit 49ab79d0 ("Limit the number of message targes, and suppress
duplicates"), ngIRCd crashed when the client sent the separator character
only as target(s), e. g. "," or ",,,," etc.!

This patch fixes the bug and adds a test case for this issue.

Thanks to Florian Westphal <> for spotting the issue!
2016-01-07 01:54:11 +01:00
Alexander Barton 6a5569c27d Update copyright notices for 2016 2016-01-04 22:43:58 +01:00
Alexander Barton 49ab79d0e6 Limit the number of message targes, and suppress duplicates
This prevents an user from flooding the server using commands like this:

  PRIVMSG nick1,nick1,nick1,...

Duplicate targets are suppressed silently (channels and clients).

In addition, the maximum number of targets per PRIVMSG/NOTICE/... command
are limited to MAX_HNDL_TARGETS (25). If there are more, the daemon sends
the new 407 (ERR_TOOMANYTARGETS_MSG) numeric, containing the first target
that hasn't been handled any more.

Closes #187.
2016-01-04 22:15:46 +01:00
Alexander Barton cedba36965 Add "_MSG" postfix to ERR_WILDTOPLEVEL_MSG 2016-01-04 22:10:38 +01:00
Alexander Barton 7c7d03b730 Enahnce comments for Send_Message() and Send_Message_Mask()
No functional changes.
2016-01-04 20:45:49 +01:00
Alexander Barton 4693226d69 Get rid of unclever assert() in Send_Message_Mask()
Either we use assert() to _guarantee_ a certain condition, or we use
if(...) to test for it. But never both.

So get rid of the assert() in Send_Message_Mask() and handle the case
that the target mask doesn't contain a dot (".") as regular error,
don't require the caller to assure that any more.

This polishes commit 5a312824.

Please note:
The test in Send_Message() is still _required_ to detect whether the
target is a channel (no dot) or a "target mask" (at least one dot)!
2016-01-04 20:37:13 +01:00
Alexander Barton afb59ab8e5 Test suite: Add new test for server-server logins
This test detects the recent NJOIN breakage, for example ...
2015-12-30 17:10:26 +01:00
Alexander Barton d90f0323e5 Fix NJOIN handler killing all clients
This bug has been introduced by commit 1e386fb7ac which had
the logic reversed :-(

Reported by "ninguno" in #ngircd, thanks a lot!
2015-12-30 14:55:55 +01:00
Alexander Barton 1e386fb7ac Make NJOIN handler more fault-tolerant
Don't crash the daemon when the NJOIN handler can't join the new client
to a channel (when the Channel_Join() function failed) but try to KILL this
client -- which is the only possible reaction besides crashing: otherwise
the network would get out of sync.
2015-12-13 21:56:07 +01:00
Alexander Barton 52ccba5d1e IRC_KillClient(): Don't break when called without "Client"
The IRC_KillClient() function is documented to handle the case that the
"Client" structure is NULL, so make sure that this actually works and
can't crash the daemon.

Please note:
The current code doesn't make use of this feature, so this fix is
definitely the "right" thing to do but doesn't fix an actual problem.
2015-12-13 21:53:53 +01:00
Alexander Barton 98e9467c85 IRC_NJOIN(): Code cleanup
No functional changes.
2015-12-13 21:00:46 +01:00
Alexander Barton 398022631a Fix NJOIN not propagating "half ops" status
ngIRCd tested for the wrong prefix of "half ops" when processing NJOIN
commands and therefore never classified a remote user as "half op".

Thanks to wowaname for pointing this out on #ngircd!
2015-12-13 19:55:47 +01:00
Alexander Barton d8aba40f07 Explicitly cast time_t to long when printing it out
This prevents wrong sizes data types on platforms where time_t doesn't
equal a long any more, for example on OpenBSD.
2015-11-15 15:14:12 +01:00
Alexander Barton eb9929e82c Make server-to-server protocol more robust
Now ngIRCd catches more errors on the server-to-server (S2S) protocol
that could crash the daemon before. This hasn't been a real problem
because the IRC S2S protocol is "trusted" by design, but the behavior
is much better now.

Thanks to wowaname on #ngircd for pointing this out!
2015-09-03 16:22:36 +02:00
Christoph Biedl ccc899c7f4 Reproducible builds
At the moment ngircd fails the tests for reproducible builds in Debian
since it uses the __DATE__ and __TIME__ macros for the INFO command.

Instead of patching this out I decided to implement an optional
constant BIRTHTIME that allows you to set a time stamp for the "Birth
Date" information, in seconds since the epoch, like in

    export CFLAGS += -DBIRTHTIME=$(shell date +%s --date="2015/08/15 23:42:22")

In the future, Debian will provide a SOURCE_DATE_EPOCH environment
variable, dealing with the situation until then will be my job.

The time format was taken from the NGIRCd_StartStr formatting in
ngircd.c so the "Birth Date" and "On-line since" lines in the INFO
output look similar: 371 nick :ngIRCd 22.1-IDENT+IPv6+IRCPLUS+PAM+SSL+SYSLOG+ZLIB-x86_64/pc/linux-gnu 371 nick :Birth Date: Tue Aug 25 2015 at 18:11:11 (CEST) 371 nick :On-line since Tue Aug 25 2015 at 18:11:33 (CEST) 374 nick :End of INFO list

The format of the time stamped is changed, but as far as I can tell, there's no
rule that is violated by that.

Bonus level: Reformat the messages so the time stamps are aligned.
2015-08-26 10:05:36 +02:00
Alexander Barton 9811223fb8 Whitespace fixes (no functional changes) 2015-08-01 15:15:30 +02:00
Alexander Barton 0083fe177f Fix debug message "Client ... is closing connection"
It should be "host:port"!
2015-08-01 15:14:23 +02:00
Alexander Barton 85dc4d8777 "NoticeAuth" configuration variable is deprecated now! 2015-08-01 14:52:07 +02:00
Alexander Barton 64c265cf33 Merge pull request #217 from SaberUK/master+notice-auth
Use "NOTICE *" before registration instead of "NOTICE AUTH".
2015-08-01 14:51:04 +02:00
Alexander Barton b8482fd3cf First check if channel has mode "N", then check membership
This should be more efficient.
2015-08-01 14:26:11 +02:00
Alexander Barton 90ea23ab4f Merge pull request #214 from Flupsy/channel-mode-N
Channel mode N (users on this channel can't change their nick)
2015-08-01 14:24:20 +02:00
Alexander Barton a5ca8be658 Streamline ".gitignore" files 2015-07-19 03:03:06 +02:00
Peter Powell 5545e1bebf Rename NoticeAuth to NoticeBeforeRegistration.
The old name is still supported for compatibility reasons.
2015-07-14 14:43:19 +01:00
Peter Powell d118cd74b6 Use "NOTICE *" before registration instead of "NOTICE AUTH".
AUTH is a valid nickname so sending notices to it is probably not
a good idea. Use * as the target instead as done with numerics
when the nick is not available.

This mimics the behaviour in Charybdis, IRCD-Hybrid, InspIRCd 2.2,
Plexus 4, etc.
2015-07-14 14:37:42 +01:00
Ian Chard 599626d570 Only enforce channel mode N on users (not servers or services) 2015-06-26 10:36:57 +01:00
Tom Ryder b71a0ddbd5 Specify session context for OpenSSL clients
Reconnecting to ngIRCd 22.1 built with OpenSSL with some OpenSSL
clients, including Pidgin and stunnel 5.06, attempts to reuse a session
and fails due to the absence of this line.

The error message in syslog from ngIRCd is:

> SSL protocol error: SSL_accept (error:140D9115:SSL
> routines:SSL_GET_PREV_SESSION:session id context uninitialized)

This patch appears to fix the problem for both Pidgin and stunnel; it
may work for other OpenSSL clients that attempt to re-use sessions.

*   <>
*   <>
*   <>
2015-06-26 16:21:54 +12:00
Ian Chard 7ff16e8116 Don't bother looking for +N channels for an op 2015-06-24 20:28:27 +01:00
Ian Chard adfe5affed Don't use a standard message number 2015-06-24 15:51:37 +01:00
Ian Chard f64cb901ef Add channel mode N (normal user can't change nick while on channel) 2015-06-24 15:37:56 +01:00
Alexander Barton d28d838cb9 Merge remote-tracking branch 'LucentW/master'
* LucentW/master:
  Fix with oneshot invites
  Fixed building issues\
  Implement timestamp tracking of invites
  Keep track of who placed bans/invites/excepts
  IRC operators w/OperCanMode can kick anyone [already cherry-picked]

Closes #203, Closes #205.
2015-06-07 21:13:45 +02:00
Alexander Barton 2fc61ce8a6 Make setgroups(3) function optional
For example, Interix is missing this function, which prevented
ngIRCd to build on this platform. When setgroups(3) isn't available,
a warning message is issued when ngIRCd starts up.
2015-06-06 22:19:47 +02:00
LucentW 5c48d7e9c7 IRC operators w/OperCanMode can kick anyone
Closes #202.

(cherry picked from commit 10c7ba99e7)
2015-05-16 20:48:37 +02:00
LucentW 0f490b5cae Implement numeric RPL_LISTSTART(321)
lightIRC and other clients expecting RPL_LISTSTART should now behave correctly.

Closes #207.

(cherry picked from commit 0680ce5fd99bc643651d1433bcdaf271aeb73c46)
2015-05-16 20:29:10 +02:00
LucentW 93a872a36b Fix with oneshot invites
This should finally implement correctly oneshot invites sent via /INVITE
2015-05-15 14:02:37 +02:00