Commit Graph

2201 Commits

Author SHA1 Message Date
Florian Westphal 643ae1b48b enforce upper limit on maximum number of handled commands
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.

This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.

After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.

It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
2009-05-25 22:25:18 +02:00
Florian Westphal 9b1c47220f conn.c: fix NumConnections imbalance
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
2009-05-17 21:32:53 +02:00
Florian Westphal 8e2c5816ee SSL/TLS: fix error handling when ssl ctx init for outgoing server link fails 2009-05-17 21:27:27 +02:00
Florian Westphal f31c3a3aa2 SSL/TLS: fix error path in gnutls ssl ctx allocation 2009-05-17 21:18:04 +02:00
Florian Westphal b0931f322b manpage: move SSLConnect option to the right section 2009-05-17 01:22:18 +02:00
Florian Westphal 5196e9bcb1 SSL/TLS: remove redundant asserts/ifdefs 2009-05-16 20:48:43 +02:00
Florian Westphal 57aa64e117 SSL/TLS: proper indentation, remove erroneous comment 2009-05-14 00:00:55 +02:00
Alexander Barton fd7e85b798 Update copyright notice, it's 2009 already! 2009-05-05 17:08:48 +02:00
Alexander Barton b1852f3029 Updated Debian "changelog" file for ngIRCd 14.1 2009-05-05 13:14:23 +02:00
Alexander Barton 822c1e9265 ngIRCd release 14.1 2009-05-05 12:58:51 +02:00
Alexander Barton 5b4a3eda08 Added start/stop script for Red Hat based distributions
Script contributed by Naoya Nakazawa <naoya@sanow.net>.
2009-05-05 12:50:55 +02:00
Alexander Barton a83554b572 Renamed contrib/ngircd.sh to contrib/ngircd-bsd.sh 2009-05-05 11:41:26 +02:00
Florian Westphal 627b0b713c security: fix remotely triggerable crash in SSL/TLS code
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.

- ONLY servers without ssl/tls support compiled in are not affected.
  Disabling SSL in the configuration (no ssl listening ports, etc)
  does NOT help.
- servers that are running standalone (i.e., not connected to any
  other servers) are not affected, either.

This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
2009-05-05 10:21:20 +02:00
Alexander Barton 95428a72ff Fixed "Conflicts:" line in debian/control: missing comma 2009-05-04 11:23:19 +02:00
Alexander Barton 6b83d1740e Debian: build ngircd-full-dbg package
In addition to the "ngircd" and "ngircd-full" packages a new package named
"ngircd-full-dbg" is build: this package contains all the features of the
"full" package but includes debug code and both the --debug and --sniffer
options and the resulting binaries are _not_ stripped.
2009-04-29 02:14:17 +02:00
Alexander Barton c8bba8e5c3 debian/rules: whitespace fixes 2009-04-29 02:12:56 +02:00
Tassilo Schweyer 37359799eb Fix server list announcement
When ngircd announces the list of currently known servers
to a new (connecting) server, it sent the introducer of
the servers instead of the top server.

Assuming this network:

irc1.example.com
|--irc2.example.com
|    `--irc3.example.com
|         `--irc4.example.com
`--irc5.example.com

When irc4 connects to irc3, irc3 tells irc4 that irc5 was
connected to irc2. (irc2 had introduced irc5 to irc3; but thats
not what ngircd should have sent to the new server).

This also placed users on the wrong servers.
2009-04-26 00:30:49 +02:00
Alexander Barton 4a14fb252d Doxygen: update source code repository link to GIT 2009-04-25 00:53:47 +02:00
David Kingston 9b59f043c8 allow ping timeout quit messages to show the timeout value 2009-04-23 21:39:45 +02:00
Florian Westphal b545d38ae4 irc-server: do not remove hostnames from info text
that code does not really make sense -- the info
text is freely cofngiureable and des not follow a specific
format.

Also, that "+2" might have caused invalid memory accesses.
2009-04-22 23:15:17 +02:00
Florian Westphal 84eaed6c9a conn-zip: fix error handling
callers of (Un)Zip_Buffer() assume that
the function closes the connection on error.

However, this was not always the case.
2009-04-21 21:00:43 +02:00
Florian Westphal 544b9884f4 remove or translate old comments 2009-04-21 20:58:30 +02:00
Florian Westphal 5e16b6df2d client.c: remove unecessary comments 2009-04-21 20:58:28 +02:00
Florian Westphal ea041b8838 add const qualifier to pointers where possible 2009-04-21 20:58:23 +02:00
Alexander Barton 68835a1d1a ngIRCd release 14 2009-04-20 11:36:27 +02:00
Alexander Barton 54879b432b Display IPv6 addresses as "[<addr>]" when accepting connections.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
2009-04-10 13:22:03 +02:00
Alexander Barton d9355d53f8 Xcode: #define include __DATE__ in VERSION
Change VERSION to include the __DATE__ when compiling from within Xcode.

When building using "make xcode" or "make osxpkg" VERSION already is defined
to the "real" version number set in configure.in.
2009-04-10 13:08:04 +02:00
Alexander Barton 8c0137a6e0 Fix ChangeLog: Local channels are already implemented in Release 13 2009-04-09 15:17:44 +02:00
Alexander Barton 166ab3925e Fix up last Debian changelog entry 2009-03-30 13:44:04 +02:00
Alexander Barton 1f6a5744f6 ngIRCd release 14~rc1 2009-03-29 17:16:02 +02:00
Alexander Barton 156569d263 Updated NEWS and ChangeLog files 2009-03-29 17:05:37 +02:00
Alexander Barton c3a8d6a73e Updated Debian/Linux init script
- PidFile, ServerUID and ServerGID are read from actual server configuration
- Exit code and behaviour is more LSB compliant
- New "status" and "test" sub-functions
2009-03-29 16:37:06 +02:00
Dana Dahlstrom 3a7d59c1ac misspelling in ERR_NORECIPIENT reply 2009-03-25 20:44:40 +01:00
Alexander Barton 51b88b12f3 Add missing contributors to AUTHORS file 2009-03-11 11:51:59 +01:00
Florian Westphal ea35ba74b6 testsuite: add more predefined channels to server config
make sure it creates & and +, and accepts channel names without
a special character (ngircd should treat
'Name = chan' as 'Name = #chan').
2009-03-07 00:30:11 +01:00
Florian Westphal 2d4361d088 allow creation of persistent modeless channels 2009-03-07 00:21:43 +01:00
Florian Westphal e9e7fc33f1 add and use Channel_IsModeless()
avoid "name[0] == '+'" where possible, having Channel_IsModeless()
makes things much more obvious.
2009-03-07 00:13:25 +01:00
Alexander Barton c09742c518 Enhance INFO command to report compile time, if available 2009-03-05 16:04:36 +01:00
Alexander Barton c56ab96270 Update NEWS and ChangeLog files 2009-03-03 17:59:43 +01:00
Alexander Barton 0a9608a26f Channel mode changes: break on error
Don't echo multiple syntax error messages (461) on invalid commands,
but break after the first one.
In addition, this solves corrupted 'Unknown mode "+' messages.
2009-03-03 16:33:40 +01:00
Alexander Barton dee89c2355 Channel_Mode(): code cleanup (no functional changes) 2009-03-03 15:06:34 +01:00
Florian Westphal b8c6dd503f TLS/SSL: remove useless error message when ssl connection is closed
When using OpenSSL, the following annoying "error" message was logged whenever
an encrypted connection was shut down in a orderly fashion:
TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error

of course, this isn't an error at all.
2009-02-05 23:47:28 +01:00
Florian Westphal 66d6c3c84b update ChangeLog. 2009-02-04 23:33:46 +01:00
Florian Westphal 2fce4667a8 SSL/TLS: clear all ssl realted flags on shutdown
one ssl related flags was not cleared on ssl shutdown.
introduce and use CONN_SSL_FLAGS_ALL to zap them all.
2009-02-04 23:23:12 +01:00
Florian Westphal c6a43fbaf0 TLS/SSL: fix memory leak when using compressed server links with ssl
commit 6bc2d3d06e
(New connection option CONN_RFC1459) forgot to adjust the ssl bitmasks.

The result is that when a compressed AND encrypted server link goes down
the memory allocated by zlib and the r/w buffers are no longer
free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag
from the flag mask.
2009-02-04 23:01:53 +01:00
Alexander Barton 3be9c477be Fix spelling of log message: "channek" vs. "channel" ... 2009-01-20 17:20:30 +01:00
Alexander Barton d09094812f Channel key file: store file name and open on each access.
Store the file name of channel key files and reopen them on each access
(on each JOIN command) insted of just storing the file handles.

This eliminates the special requirements (no delete) and makes sure
that always the actual file contents are used in all circumstances.
2009-01-20 17:20:30 +01:00
Alexander Barton c5000694d1 Support individual channel keys for pre-defined channels.
This patch introduces the new configuration variable "KeyFile" for
[Channel] sections in ngircd.conf. Here a file can be configured for each
pre-defined channel which contains individual channel keys for different
users. This file is line-based and must have the following syntax:

  <user>:<nick>:<key>

<user> and <nick> can contain the wildcard character "*".

Please not that these channel keys are only in effect, when the channel
has a regular key set using channel mode "k"!
2009-01-20 17:20:30 +01:00
Alexander Barton 2c1b6280fa RFC 2812, sec. 3.3.1: really check for the last dot
This fixes commit 5a3128243f and makes the test suite ("make check")
run again without errors.
2009-01-20 16:49:34 +01:00
Florian Westphal 5a3128243f irc.c: reject masks with wildcard after last dot
RFC 2812 says in section 3.3.1 ("Private Messages"):

The mask MUST have at least 1 (one) "." in it and no wildcards
following the last ".".
2009-01-18 00:36:38 +01:00