As per RFC whois should return 431 if no nick is provided. While
here convert upper check to use irc-macros. As a bonus we get to set
the penalty for free.
The configuration option "AllowedChannelTypes" must only be enforced for
regular clients and not for remote servers. Channels created by other
servres are always allowed, because they already exist and the daemon
must stay in sync with the network.
Without this patch, ngIRCd logged the "IDENT lookup for connection X:
no result"-message even when IDENT lookups have been disabled using the
"Ident = no" configuration option, which is a little bit misleading.
Reported by "btwe" in #ngircd.
This patch introduces a new field in the CLIENT structure, "ipa_text",
which points to an optional textual representation of the client IP
address (or NULL) which can be used to store the "real" IP address
information of a client using the "WEBIRC" protocol.
Without this patch, ngIRCd ignored the <ip-address> paramater ...
In addition, the functions Client_SetIPAText() and Client_IPAText()
have been introduced to set and get the textual representation of the
client IP address.
Client_IPAText() can be used even when no "IP address text" has been
set before, it then returns the real IP address of the connection.
Closes bug #159.
The new configuration option "DefaultUserModes" lists user modes that
become automatically set on new local clients right after login.
Please note that only modes can be set that the client could set on
itself, you can't set "a" (away) or "o" (IRC Op), for example! User
modes "i" (invisible) or "x" (cloaked) etc. are "interesting", though.
Default: set no modes (like without this patch).
Closes bug #160.
There have been code paths that ignored the return code of Handle_Write()
when sending "notice auth" messages to new clients connecting to the
server. But because Handle_Write() would have closed the client connection
again if an error occurred, this would have resulted in new errors and
assert()'s later on that could have crashed the server (denial of service).
Only setups having the configuration option "NoticeAuth" enabled are
affected, which is not the default.
CVE-2013-5580.
Channel_Modes() and Channel_Topic() return static memory that is zeroed at
creation time. Fix checking for empty modes and topic so they're propagated
correctly.
This function is used to send "error messages", including numerics,
back to clients and to automatically enforce a 2 second penalty. With
this patch, all error results enforces a delay for the client.
All callers of IRC_WriteStrClient(ERR_xxx) have been converted.
Please note that this patch prolongs the time "make check" needs
to complete its tests, because of lots of new enforced penalties ...
These functions usually write to more than one target, and therefore
can't return value indicating success or failure in a sane way. And, even
more omportant, these functions should send to as much as possible clients
and not stop at the first client which isn't reachable any more!
The new configuration variable "AllowedChannelTypes" lists all allowed
channel types (channel prefixes) for newly created channels on the local
server. By default, all supported channel types are allowed.
If set to the empty string, local clients can't create new channels at
all, which equals the old "PredefChannelsOnly = yes" setting.
This patch deprecates the "PredefChannelsOnly" variable, too, but it is
still supported and translated to the apropriate "AllowedChannelTypes"
setting. When "PredefChannelsOnly" is processed, a warning message is
logged.
Closes bug #152.
Move Announce_User() to client.c and rename it to Client_Announce().
Use this in cb_introduceClient() instead of duplicating the code.
This fix the certificate fingerprint announcement for new clients.
Also ensure the certificate fingerprint is only announced if the
client supports it (`M' flag).
This patch changes the handlers of the "PASS", "NICK", "USER",
and "SERVICE" commands to enforce a 2 second penalty when an error
like "need more/other parameters" occurs.
More functions should follow, I think ...
Now "IncludeDir" defaults to "$SYSCONFDIR/ngircd.conf.d" instead
of no directory, but a missing directory is only reported as an
error if it has explicitely configured in the main configuration
file and simply ignored otherwise.
Therefore it is now possible not to touch the default (sample)
configuration file at all, and set all distribution and/or system
specific configuration options in "*.conf" files stored in
"$SYSCONFDIF/ngircd.conf.d/".
Thanks to "Elmasloco" for the idea!
The option "IncludeDir" in the [Options] section can be used
to specify a directory which can contain further configuration
files and configuration file snippets matching the pattern
"*.conf" that should be read in after the main configuration
file ("ngircd.conf" by default) has been parsed.
Closes bug #157.
This function reads in and parses a single configuration file.
Adjust all other functions to display the correct name of the
file being read in currently.
As pointed by Alex while strl{cat,cpy} take the full length
we need to leave space to ensure a proper mask is always created
so revert the removal of - N from my last change.
Change callers accordingly so they don't rely on a global buffer and
rename Mask to Pattern where it makes sense since some functions
where indeed receiving a pattern and not a mask.
Change Lists_CheckReason() to receive a buffer where the reason
will be stored and its length. Change callers accordingly.
Change Class_GetMemberReason() (and its callers) in a similar way
so it doesn't rely on a global buffer for the rejected reason.
Fix the cb_clientserver_ssl() callback function to not read in and store SSL
encrypted client data before the asynchronous DNS resolver sub-process has
finished: This could have resulted in discarding the resolved client hostname
and IDENT reply afterwards, because in some situations (timing dependent) the
NICK and USER commands could have already been read in from the client,
stored in the buffer, and been processed.
Thanks to Julian Brost for reporting the issue and testing, and to Federico
G. Schwindt <fgsch@lodoss.net> for helping to debug it!
* bug153-ServerMask:
Update irc-info.c to use irc-macros.h
Add new irc-macros.h to project
irc-info.c: add/streamline function documentation comments
irc-info: move static functions at the top of the file
Implement new function Client_SearchServer()
Conflicts:
src/ngircd/irc-info.c
Test if the user that it is to be kicked is on the channel before user
channel modes are tested. Otherwise assert( cl2chan != NULL ); in
line 742 would fail and stop the service.
This fixes the following warning using Apple LLVM version 4.2
(clang-425.0.24) on OS X:
src/ngircd/conn.c:157:9: Implicit conversion loses integer
precision: 'long' to 'int'
The "@" character isn't allowed in IRC usernames, because it is the
separator between user name and hostname in IRC masks:
<nickname>!<username>@<hostname>
This patch accepts user names including "@" characters, saves the
unmodified name for authentication but stores only the part in front
of the "@" character as "IRC user name". And the latter is how
ircd2.11, Bahamut, and irc-seven behave as well.
Closes bug #155.
* systemd:
ngircd.sock: explicitely bind to IPv4 and IPv6 addresses
Show address and port of sockets passed-in by systemd(8)
Check type of sockets passed-in by systemd(8)
Adjust severity levels of some log messages
New configuration option "IdleTimeout": exit daemon when idle
Implement support for systemd(8) "socket activation"
contrib/README: add more files
Alexander Barton