This patch enables ngIRCd to work with listening sockets already
initialized and passed-in by systemd(8) and hereby to support on-demand
"socket activation".
systemd(8) uses two environment variables to pass information about the
sockets to ngIRCd, LISTEN_PID and LISTEN_FDS, and this mechanism only
kicks in when both variables are set. In all other cases, and therefore
in most installations out there, nothing changes at all.
Please note:
If socket activation is in effect, ngIRCd will not initialize any (other)
soeckets on its own! All sockets must be configured in the systemd(8)
socket unit configuration file in this case, see ./contrib/ngircd.socket
for example.
Probably it would be interesting to match passed-in sockets to configured
listening sockets and to initialize all the remaining ones not already
set up by systemd(8), but this is kept back for an other patch ...
See
- <http://0pointer.de/blog/projects/socket-activation.html>
- <http://0pointer.de/blog/projects/socket-activation2.html>
- <http://www.freedesktop.org/software/systemd/man/systemd.socket.html>
Make sure that all log messages end with a correct punctuation mark.
The rules for formatting log messages are:
1. Add punctuation marks to all messages passed to the actual logging
functions like Log() and LogDebug().
2. Don't add any punctuation marks to messages that are stored in
variables for later use or are passed over the network.
3. IP addresses, DNS host names and IRC server names should be quoted.
4. Messages originating in the network should be quoted (at least if
they are "untrusted" or variable).
Most probably this patch doesn't fix all mistakes, but it should be a
good starting point ...
If two servers try to link each other, there was a time frame that
could result in one connection overwriting the other, e. g. the incoming
connection overwriting the status of the outgoing one. And this could
lead to all kind of weirdness (even crashes!) later on.
So now such incoming connections are dropped. But this most probably
prevents the two servers from linking until timing changes somehow
(network latency?) because each server drops the incoming connection of
the other one, so no connection survives in the end.
But this has to be addressed by an other patch ...
This fixes the following warning message when building without SSL support:
conn.c: In function "New_Connection":
conn.c:1365: warning: unused parameter "IsSSL"
Introduced by commit 01b62202.
Conn_StartLogin() is called after the connection has been established and
fully innitialized, including the SSL handshake, for example.
Up to this patch, the "NoticeAuth" option broke the SSL handshake ...
This patch series converts the statically allocated password buffer in the
CLIENT structure into a dynamically (and only when needed) allocated buffer
which is referenced by the CONNECTION structure.
This a) saves memory for clients not using passwords at all and b) allows
for "arbitrarily" long passwords.
By Brett Smith (5) and Alexander Barton (2).
* 'move-connection-password' of git://arthur.barton.de/ngircd-alex:
Login_User(): use "conn" insted of calling Client_Conn(Client)
Free already saved password when storing a new one
Indentation and style fixes.
Connection password is not constant.
Implementation clean-ups.
Dynamically allocate memory for connection password.
Move client password from the Client to the Connection struct.
This is a relatively naive implementation, basically doing the bare minimum
necessary to make the switchover go. Subsequent commits can focus on
improving the implementation.
Don't try to establish an outgoing server link after DNS lookup when this
server re-connected on its own in the meantime.
In addition, log a warning message if we try to update the connection
index of an already connected server structure -- and ignore it.
Up to now, both behaviour could lead to a race when the remote server
connects to this daemon while it still prepares the outgoing connection:
- The local server prepares the new outgoing connection ...
- in the meantime the remote server becomes connected and registered.
- Now the new outgoing connection overwrites the (correct) socket handle,
- then the 2nd connection becomes disconnected: "already registered",
- and the 1st connection becomes unhandled ("gets lost") because the
configuration structure is reset because of the wrong socket handle.
This patch hopefully fixes all these problems.
Only alphanumeric characters are allowed in the user name, so ignore
all IDENT replies that would violate this rule and use the one supplied
by the USER command.
This patch updates the limits for handling commands from a remote server:
- "<user count> / 5 + <min>" using "<min>=10" during normal operation,
- the above count multiplied with 5 while servers are syncing.
The intention is to a) make the limit dependent of the number of users
in the network (the more users, the more commands required to sync) and
b) to significantly rise this limit while servers are joining the network
to make the login and synchronization faster.
This allows to use "*!<user>@<host>" or "*!*@<host>" masks to reject
clients even before receiving PASS, NICK and USER commands and before
forking authentication child processes which reduces resource usage.
The assert(client != NULL) got triggered during our tests, so there is
an error path that resulted in the connection being still established
(sock >= 0) but the client structure already freed.
So Conn_Write() should handle it!
This fixes the problem that ngIRCd can't do any IDENT lookups because
of the socket has already been closed in the child process.
The bug has been introduced starting with ngIRCd 17 ... :-(
(commit ID 6ebb31ab35)
DEBUG_BUFFER is off by default and therefore disables these messages:
- "Handle_Write() called for connection XX, YY bytes pending ..."
- "Connection XX: ZZ bytes left in read buffer."
The io_event_create error handling seems to miss a 'return'
statement.
Fix this by moving io_event_create() call around so we do not
need the Conn_Close/Init calls in the error case.
When the write buffer space grows too large, ngircd has to disconnect
the client to avoid wasting too much memory.
ngircd logs this with a scary 'write buffer overflow' message.
Change this to a more descriptive wording.
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.
This is used by QuakeNet for example (ircu/snircd), and looks like this:
NICK nick
:irc.example.net PING :1858979527
USER user . . :real name
PONG 1858979527
:irc.example.net 001 nick :Welcome to the Internet Relay Network ...
This patch
- makes the server write buffer bigger: 64k,
- makes the regular write buffer bigger: 32k,
- tries to flush the write buffer starting at 4K.
Before this patch, a client got disconnected if the buffer flushing at 4k
failed, now regular clients can store up to 32k and servers up 64k even
if flushing is not possible at the moment (e.g. on slow links).
Alexander Barton