If gai_strerror() isn't available, use a macro that simply returns
a static error message (regardless of the real error code).
For example, GNU libc 2.0.7 doesn't implement gai_strerror().
This fixes the problem that ngIRCd can't do any IDENT lookups because
of the socket has already been closed in the child process.
The bug has been introduced starting with ngIRCd 17 ... :-(
(commit ID 6ebb31ab35)
- User mode "R": indicates that the nick name of this user is "registered".
This mode isn't handled by ngIRCd itself, but must be set and unset by
IRC services like Anope.
- Channel mode "R": only registered users (having the user mode "R" set)
are allowed to join this channel.
DEBUG_BUFFER is off by default and therefore disables these messages:
- "Handle_Write() called for connection XX, YY bytes pending ..."
- "Connection XX: ZZ bytes left in read buffer."
* ServerMode:
Handle channel user modes 'a', 'h', and 'q' from remote servers
Handle unknown channel modes on server links
Handle unknown user modes on server links
IRC_MODE(), Client_Mode(): code cleanup [2/2]
Enlarge client user mode buffer, reduce client flags buffer
Infom clients when other servers change their user modes
IRC_MODE(), Client_Mode(): code cleanup [1/2]
These channel user modes aren't used for anything at the moment, but
ngIRCd knows that these three modes are "channel user modes" and not
"channel modes", that is that these modes take an "nick name" argument.
Like unknown user and channel modes, these modes are saved and forwarded,
but ignored otherwise.
We have to enlage our user mode buffer, so we can handle even unknown
user modes in the future; and reduce the client flags buffer, because
I can't imagine why we ever would need ~100 flags!?
Now we support up to 15 user modes (was: 8) and up to 15 flags (was: 99).
So in the end, we even save 99-15+8-15=77 bytes for each client structure!
Use ps(1) flag "-a" (as well as "-f"):
"Select all processes except both session leaders (see getsid(2)) and
processes not associated with a terminal."
Thanks to Götz Hoffart for reporting this problem!
On server-links, spoofed prefixes can happen because of the asynchronous
nature of the IRC protocol. So don't break server-links, only log a message
and ignore the command.
This fixes bug 113, see:
<https://arthur.barton.de/bugzilla/show_bug.cgi?id=113>
Citing an email from Florian to the ngIRCd mailing list:
"I wonder what the expected behaviour is when Conf_MorePrivacy is changed
from 'yes' to 'no' and the config is reloaded.
At the moment, WHOWAS will start giving out information on Users that
were connected during Conf_MorePrivacy=yes period. If this is not
wanted, Client_RegisterWhowas() should be changed to not store a record
when Conf_MorePrivacy is enabled."
And I think it is "not wanted" :-)
For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e.
This patch enables ngIRCd to accept incoming connections from other servers
and clients that use at least 1024 bits (and no longer requires 2048 for
incoming connections, too).
Patch proposed by Florian Westphal.
this patch contains:
* Fix for Conf_CloakUserToNick to make it conceal user details
* Adds MorePrivacy-feature
MorePrivacy censors some user information from being reported by the
server. Signon time and idle time is censored. Part and quit messages
are made to look the same. WHOWAS requests are silently dropped. All
of this is useful if one wish to conceal users that access the ngircd
servers from TOR or I2P.
This patch makes it possible to scrub incomming CTCP commands from
other servers and clients alike. The ngircd oper can enable it from
the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is
default off.
CTCP can be used to profile IRC users (get user clients name and
version, and also their IP addresses). This is not something we like
to happen when user pseudonymity/secrecy is important.
The server silently drops incomming CTCP requests from both other
servers and from users. The server that scrubs CTCP will not forward
the CTCP requests to other servers in the network either, which can
spell trouble if not every oper knows about the CTCP-scrubbing.
Scrubbing CTCP commands also means that it is not possible to send
files between users.
There is one exception to the CTCP scrubbing performed: ACTION ("/me
commands") requests are not scrubbed. ACTION is not dangerous to users
(unless they use OTR, which does not encrypt CTCP requests) and most
users would be confused if they were just dropped.
A CTCP request looks like this:
ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char
ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.)
They are sent as part of a message and can be delivered to channels
and users alike.
The intention of this restructuring is to make the [Global] section much
cleaner, so that it only contains variables that most installations must
adjust to the local requirements.
All the optional variables are moved to [Limits], for configurable limits
and timers of ngIRCd, and [Options], for optional features.
The old variables in the [Global] section are deprecated now, but still
recognized.
The io_event_create error handling seems to miss a 'return'
statement.
Fix this by moving io_event_create() call around so we do not
need the Conn_Close/Init calls in the error case.
problem is that some clients refuse to connect to severs that only offer
1024. For interoperability it would be best to just use 4096, but that
takes minutes, even on current hardware.
parse.c:284: warning: suggest parentheses around operand of '!' or
change '&' to '&&' or '!' to '~'
The expression looks dubious, this should probably be
an if-not-set, then... test.
When the write buffer space grows too large, ngircd has to disconnect
the client to avoid wasting too much memory.
ngircd logs this with a scary 'write buffer overflow' message.
Change this to a more descriptive wording.
Not all servers (and services!) using the RFC1459 protocol style send
prefixes on all commands; so don't require them to do so.
This relaxes the requirements introduced by commit 15775e679.
We re-use the same helper function for both forward lookups
(when we want to connect to a peer server) and for validation of reverse
loopups (where we make a lookup on the hostname returned
by a reverse lookup on the IP address that connected).
Problem:
When ConnectIPv6=no, the forward lookup helper sets the adderss family
to AF_INET, and, if out client connected via ipv6, we fail to validate
the result.
Thus move the ConnectIPvX check out of the helper.
we do not need this for cryptographic purposes, but we can do better
than plain srandom(getpid()).
Also, keep in mind that rng state is inherited across fork(), so re-init
it in the child.
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.
This is used by QuakeNet for example (ircu/snircd), and looks like this:
NICK nick
:irc.example.net PING :1858979527
USER user . . :real name
PONG 1858979527
:irc.example.net 001 nick :Welcome to the Internet Relay Network ...
Make sure that all commands received from other servers do have
valid prefixes.
Only exceptions are PING and ERROR commands that can occure without
prefixes when generated by the remote peer itself.
* CloakUserHost:
Add a note not to use a percent sign ("%") in CloakHost variable
Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick
Don't use "the.net" in sample-ngircd.conf, use "example.net"
ngircd.conf.5: document "ClientHost" and "ClientUserNick"
Move "ClientHost" and "ClientUserNick" to end of [Global] section
ClientUserNick setting
ClientHost setting
* QuitOnHTTP:
Only "handle" HTTP commands on unregistered connections
Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd
IRC_QUIT_HTTP(): enhance error message
Move IRC_QUIT_HTTP() below IRC_QUIT()
quit on HTTP commands: GET & POST
* bug72-WHOIS-List:
Add "whois-test" to testsuite and distribution archive
Add support for up to 3 targets in WHOIS queries.
also allow up to one wildcard query from local hosts.
Follows ircd 2.10 implementation rather than RFC 2812.
At most 10 entries are returned per wildcard expansion.
WHOIS test cases by Dana Dahlstrom.
previously, any client could join in this configuration:
[Channel]
Name = #test
Modes = tnk
KeyFile = /tmp/foobar
fix this by checking for zero-length key before comparing
key to channel key.
This fixes the followin GCC warning on modern Linux systems as well:
irc-login.c: In function ‘Hello_User’:
irc-login.c:876: warning: ignoring return value of ‘write’,
declared with attribute warn_unused_result
This patch
- makes the server write buffer bigger: 64k,
- makes the regular write buffer bigger: 32k,
- tries to flush the write buffer starting at 4K.
Before this patch, a client got disconnected if the buffer flushing at 4k
failed, now regular clients can store up to 32k and servers up 64k even
if flushing is not possible at the moment (e.g. on slow links).
Don't do a NULL-pointer dereference when a remote server using the
IRC+ protocol sends an invalid PASS command without the required
<serverversion> parameter ...
Port number 0 marks remote servers that try to connect to this
daemon, but where this daemon never tries to establis a connection
on its own: only incoming connections are allowed.
Don't use isdigit() function any more, because it only checks the
first character of the variable value and because it doesn't know
about the minus sign which is required e.g. for "Group = -1".
The MOTD file is read in Read_Config(), so don't read it when handling
the "MotdFile" configuration variable. Instead make sure that it is
initialized properly when (re-)reading the configuration.
Fix commit 5a34bb203a:
It is not enough to strip the "No" prefix from "Ident" and "PAM",
but we have to introduce the new [Features] section to fix all
warning messages of ngIRCd.
Variables "Ident" and "PAM" in [Global] are completely wrong :-(
This enables other servers, services and IRC operators to change
channel topics, even when the client is not joined to this channel.
Now the handler for TOPIC behaves like the one for MODE.
This generic function tests if a client is allowed to do administrative
tasks to a specific channel:
- servers and services are always truested ("allowed everything"),
- channel operators are allowed,
- IRC operarors are allowed if OperCanUseMode is set in the config.
libc should know better than us.
Also, this helps debugging with tools like valgrind:
When you allocate an array of size x, and then erronoulsy
use x+1 valgrind cannot detect the bug because due to ALIGN_()
made by array.c we might have allocated more than size x...
ngircd unfortunately uses several options using double-negation, e.g.
NoIdent = No, NoPam = No, etc.
This renames all options by dropping the "No" prefix, e.g.
"NoIdent = no" becomes "Ident = yes".
The old options will continue to work, but will cause a warning
message.
Also update man pages and default config.
To prevent silly
'Ident = yes' from appearing in --configtest output in the
'ident support not compiled in and Ident Option not used' case,
make default value depend on feature availability.
If feature is available, enable by default, otherwise disable.
We might consider moving these options to a new
[Feature]
section, or something like that, because none of these options are
essential.
Another possible improvement:
'Ident = yes' option in ngircd.conf causes a warning if ngircd was
built without ident support.
This does not happen with e.g. zeroconf....
Configuration variables "MotdFile" and "MotdPhrase" are mutually
exclusive; so don't display content in both of them when running
"ngircd --configtest": instead remember which one is beeing used.
The information written to the "error file" (/tmp/ngircd-<PID>.err) when
ngIRCd is compiled with debug code enabled isn't that usefule, so don't
create this file at all.
If a hostname resolves to more than one IP address (round-robin DNS,
IPv4 and IPv6) and an attempt to connect to the first address fails,
ngIRCd should try to connect to the 2nd address, 3rd address etc.
But because of a wrong variable used in the call to New_Server(),
the wrong server structure has been used in further connection attemps
which possibly lead to connection attempts to already connected servers.
disable pam_fail_delay() only is available starting with Mac
OS X 10.6; but we use the 10.5 SDK for campatibility, so don't use
this function at all when building using Xcode.
This allows to compile ngIRCd using a pre-ANSI K&R C compiler again:
all source files are automatically converted by the included ansi2knr
program (of GNU automake/autoconf) before compiling them with the
K&R C compiler, but a few coding standards must be met.
Tested on Apple A/UX 3.x.
Regression testing on Linux and Mac OS X.
If ngIRCd is compiled to register its services using ZeroConf (e.g. using
Howl, Avahi or on Mac OS X) this parameter can be used to disable service
registration at runtime.
This fixes the following gcc compiler warning:
tool.c: In function 'ngt_SyslogFacilityName':
tool.c:195: warning: return discards qualifiers from pointer target type
The new option "SyslogFacility" deines the syslog "facility" to which
ngIRCd should send log messages.
Possible values are system dependant, but most probably "auth", "daemon",
"user" and "local1" through "local7" are possible values; see syslog(3).
Default is "local5" for historical reasons.
These both functions translate syslog facility names to ID numbers
and vice versa. On systems that don't define the facilitynames[] array
in syslog.h, we try to build one ourself.
This fixes the following gcc warning, emitted by Xcode:
src/ngircd/sighandlers.c: In function 'Signal_Callback':
src/ngircd/sighandlers.c:239: warning: implicit conversion shortens 64-bit value into a 32-bit value
Signals_Init() must only be called once.
This does not affect any ngircd release version.
Earlier version of this patch moved the io and sighandler
initialization before the while() loop, but as Alexander
Barton noticed that broke all systems without builtin select
support in io.c...
- declare signals_catch[] array not between the function implementations.
- rename now local function NGIRCd_Rehash() to Rehash().
- remove empty and therefore not used "catch SIGHUP; break;".
This patch allows ngIRCd to dump its internal state (connected clients,
actual configuration) when compiled with --enable-debug. The daemon
catches two more signals:
- SIGUSR1: toggle debug mode (on/off),
- SIGUSR2: dump internal state to console/syslog.
now that the main signal handling is done from the dispatcher
loop we can call NGIRCD_Rehash() directly.
the /REHASH handler can queue the Rehash() function for
execution by sending a SIGHUP. It will be run when we
return back to the dispatch loop.
Allows to defer/queue signal processing for execution on the next
event dispatch call, i.e. we can perform any signal action in
normal, non-signal context.
Example uses:
- Reload everything on HUP without writing a global "SIGHUP_received"
variable
- Dump status of internal Lists on SIGUSR1, etc.
Fix synchronization of established connections and configured server
structures after a configuration update:
- Not only test servers that already have a connection, but also check
and update configured servers to which a new connection is beeing
established (SERVER_WAIT state).
- And do the server name comparision case-insensitive.
Let CheckServers() not only skip servers that already have a
connection, but also skip servers to which a new connection is
already beeing established (SERVER_WAIT state).
This fixes PING-PONG lag calculation (which resulted in "0" before).
The "lastping" time is still reset it if a time shift backwards has
been detected to prevent the daemon from miscalculating ping timeouts.
When a client has user mode "x" set, its real hostname is cloaked
by substituting it with the server name (as configured in ngircd.conf).
Restricted clients (user mode "r") aren't allowed to change mode "x".
Please note that hostname cloaking is only in effect in server-client
communication! The server still uses the real hostname for its own
logging and for all server-server communication -- therefore all servers
in the network must support user mode "x" to prevent older servers
from leaking the real hostname of a cloaked client!
These two functions return the cloaked hostname, if the client has
enabled hostname cloaking indicated by the -- still to implement --
user mode "x". See furter patches :-)
previously, the given MotdFile file was read whenever a client
requested it.
Change handling to read the MotdFile contents into memory once
during config file parsing.
Two side effects:
- changes to the MOTD file do not have any effect until ngircds
configuration is reloaded
- MOTD file does no longer have to reside in the chroot directory
(the MOTD contents will then not be re-read on reload in that case)
This avoids a race and potentionally killing the wrong process on
systems that use randomized process IDs; now the child itself is
responsible to exit in a timely manner using SIGALRM.
Some variables are only used when compiling with IDENT or PAM support
or when the debug code is enabled. Mark them as "unused" so that gcc
doesn't generate warnings when neither of these options is enabled.
When the "NoPAM" configuration option is set and ngIRCd is compiled
with support for PAM, ngIRCd will not call any PAM functions: all
connection attemps without password will succeed instead and all
connection attemps with password will fail.
If ngIRCd is compiled without PAM support, this option is a dummy
option and nothing changes: the global server password will still be
in effect.
For each client connection a child process is forked which handles the
actual PAM authentication and reports the result back to the master
process using a pipe for communication.
While the PAM authentication is in process the daemon does not block.
The Client_SetOrigUser() function is used to store the peer-provided
user name (see USER command) in its original form, not changed by
IDENT results, for example.
Rename Log_Init_Resolver, Log_Exit_Resolver, and Log_Resolver to
Log_Init_Subprocess, Log_Exit_Subprocess, and Log_Subprocess and
make it more generic thereby.
The logic isn't as described in the source and intended by this code:
ngIRCd doesn't wait for the asynchronous resolver process until the set
penalty time is over, but until the forked process terminates or the
initial connection timeout (= PongTimeout) triggers.
So don't set the penalty time at all and remove the wrong comment.
We want to use this process status variable not only for the
resolver subprocesses but other asynchronous tasks as well;
so let's name it more generic.
The new "module" proc.c is used for functions dealing with child
processes. At the moment, it is only used by the asynchronous resolver.
All the functions already implemented habe been migrated from the
resolver code base, and the rest of the ngIRCd source code has been
adepted to the new namespace and calling conventions.
The goal is to develop "generic" process handling functions that can
be used for other purposes as well, e.g. running processes on client
connects etc.
The wrongly placed #endif lead to the following compiler warnings:
conn.h:125: warning: redundant redeclaration of ‘Conn_Count’
conn.h:125: warning: previous declaration of ‘Conn_Count’ was here
conn.h:126: warning: redundant redeclaration of ‘Conn_CountMax’
conn.h:126: warning: previous declaration of ‘Conn_CountMax’ was here
conn.h:127: warning: redundant redeclaration of ‘Conn_CountAccepted’
conn.h:127: warning: previous declaration of ‘Conn_CountAccepted’ was here
Users having the user mode "c" set receive NOTICE messages on each
new client connection to the local server as well as disconnects.
Only IRC operators (users having the mode "o" set) are allowed to
set the 'c' user mode.
These connect/disconnect messages can be useful for open proxy
scanners -- BOPM (http://wiki.blitzed.org/BOPM) is now functional
with ngIRCd, for example.
"I've been wanting this for years and finally took the 5 minutes to
patch it in. I took the response code (275) from whatever's running
OFTC's IRC network."
-- Neale Pickett <neale@woozle.org>, Fri, 11 Jun 2010 17:32:41 -0500
(OFTC is running Hybrid ircd.)
It is not possible to call Conn_Close() after Client_Destroy() has been
called, because Conn_Close wants to access the CLIENT structure which
then has been freed already.
Fix IRC_KILL to use Conn_Close() for local clients and Client_Destroy()
for remote clients only (and never both).
When we get there then the ssl handshake has failed, or
we could not create a ssl context because ssl library
initialization failed on startup.
Reflect that in the log message.
When ngIRCd restarts, all the connection counters are preserved now,
as well as the command counters for example.
It's unclear if resetting or not resetting is the "correct" behaviour,
but it's quite clear that the behaviour should be consistent for all the
counters ngIRCd uses ...
And initializing "WCounter", the global but temporary write counter,
is not necessarry at all: it is initialized (reset) before its use in
the command parser (see parse.c).
The RPL_STATSCONN numeric (250) displays information about the
highest simoultaneous connection count and the number of all
accepted connections since the daemon started up.
Used by ircd-Hybrid, Bahamut, and Unreal for example.
This patch enables ngIRCd to count the highest maximum simultaneous
connections and all the connections accepted since startup.
New functions:
- Conn_Count(): get current connections
- Conn_CountMax(): maximum simultaneous connections
- Conn_CountAccepted(): number of connections accepted
This fixes the following error when compiling on e.g. FreeBSD 6.x:
In file included from conn.c:40:
/usr/include/netinet/ip.h:160: error: syntax error before "n_long"
/usr/include/netinet/ip.h:163: error: syntax error before "n_long"
This patch fixes two warnings of gcc 4.4.3 when used with eglibc 2.11.1:
ngircd.c: In function ‘NGIRCd_Init’:
ngircd.c:801: warning: ignoring return value of ‘chdir’, declared with
attribute warn_unused_result
conn.c: In function ‘Simple_Message’:
conn.c:2041: warning: ignoring return value of ‘write’, declared with
attribute warn_unused_result
The first by checking the return code and an appropriate error message,
the second by "better" ignoring it (which is correct there!) ...
The WEBIRC command is used by some Web-to-IRC gateways to set the correct
user name and host name of users instead of their own.
Syntax: WEBIRC <password> <username> <hostname> <ip-address>
The <password> must be set using the new configuration variable "WebircPassword" in the [Global] section of ngircd.conf.
Please note that the <ip-address> is currently not used by ngIRCd (we don't store it in the CLIENT structure, only the resolved hostname).
Only clients using a SSL encrypted connection to the server are
allowed to join such a channel.
But please note three things:
a) already joined clients are not checked when setting this mode,
b) IRC operators are always allowed to join every channel, and
c) remote clients using a server not supporting this mode are not
checked either and therefore always allowed to join.
Now the numeric 004 correctly reports all the supported user and channel
modes (user modes "r" and "w" were missing), e. g.:
:a.irc.net 004 a a.irc.net ngircd-15 aiorsw biIklmnoPstv
Print "SSLOptionVar =" instead of omitting the option when
running --configtest with ssl enabled.
This better matches the behaviour of other options, e.g. ChrootDir.
This patch enables IRC Operators to use the SQUIT command as specified in
RFC 2812, section 3.1.8 "Squit".
When forwarding SQUIT commands, the server connected to the target will
drop the connection (not the target server itself!).
Please note:
- the configuration option "AllowRemoteOper" mus be enabled on the
server disconnecting the target to allow forwarding of SQUIT commands.
- if the remote server is configured to establish the connection, it
will just do this; so the disconnect is not permanent in this case!
The new "module" op.c is used to implement functions related to IRC Ops.
At the moment, these two functions are available:
- Op_Check() to check for a valid IRC Op, and
- Op_NoPrivileges() to generate "permission denied" messages.
The syntax of the CONNECT command now is:
- CONNECT <server-id>
- CONNECT <server-id> <port>
- CONNECT <server-id> <port> <target>
- CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd>
- CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd> <target>
Note: the configuration option "AllowRemoteOper" mus be enabled on the
target server to allow forwarding of CONNECT commands.
Added new configuration option "AllowRemoteOper" to control whether
remote IRC operators are allowed to use administrative commands that
affect this server or not
This commit introduces the configuration variable, but actually no
function is using it. That's up for the next patches to come ...
when building with debugging enabled, but without ipv6 support,
ngircd dumped core when loading a config file that specified an ipv6
listen address.
ngircd: ng_ipaddr.c:45: ng_ipaddr_init: Assertion `sizeof(*addr) >=
res0->ai_addrlen' failed.
Test for sockaddr_in.sin_len and initialize it to the correct value
which some systems (notably Mac OS X) require.
Note: this code path is only relevant when not using getaddrinfo().
A configured server could have been removed while a connection apptempt
is still in progress. So the cb_connserver() callback has to test if the
server configuration record is still valid.
fix the following warning generated by valgrind if ipv6 is enabled:
Syscall param write(buf) points to uninitialised byte(s)
at 0x4000982: (within /lib/ld-2.9.so)
by 0x80681A8: Resolve_Name (resolve.c:477)
by 0x805439F: Conn_Handler (conn.c:1658)
by 0x804AA7C: main (ngircd.c:331)
The warning is because ng_ipaddr_t can be a union, and only the
necessary parts are initialised. The callers know what part
of the union is valid, so this is not a bug.
if more than one ip address is returned for a single host
name, ngircd is supposed to try other addresses in case
connect() to the first address returned fails for some
reason.
Alexander Barton noticed that this did not work at all,
as the additional results were not stored.
Cosmo Kastemaa reported that its impossible to create an ssl-only setup,
as ngircd binds to port 6667 by default, even if setting "Ports =".
Only add the default port if _both_ "Ports" and "SSLPorts" are
unspecified.
Fixes bugzilla #98.
This patch fixes the following silly log messages:
'ID "XXX" already registered (on connection -1)!'
If the ID is already registered on a local connection, the local
connection ID is printed; and if the ID is connected via a remote
server, "via network" is displayed.
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.
This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.
After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.
It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.
- ONLY servers without ssl/tls support compiled in are not affected.
Disabling SSL in the configuration (no ssl listening ports, etc)
does NOT help.
- servers that are running standalone (i.e., not connected to any
other servers) are not affected, either.
This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
When ngircd announces the list of currently known servers
to a new (connecting) server, it sent the introducer of
the servers instead of the top server.
Assuming this network:
irc1.example.com
|--irc2.example.com
| `--irc3.example.com
| `--irc4.example.com
`--irc5.example.com
When irc4 connects to irc3, irc3 tells irc4 that irc5 was
connected to irc2. (irc2 had introduced irc5 to irc3; but thats
not what ngircd should have sent to the new server).
This also placed users on the wrong servers.
that code does not really make sense -- the info
text is freely cofngiureable and des not follow a specific
format.
Also, that "+2" might have caused invalid memory accesses.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
Don't echo multiple syntax error messages (461) on invalid commands,
but break after the first one.
In addition, this solves corrupted 'Unknown mode "+' messages.
When using OpenSSL, the following annoying "error" message was logged whenever
an encrypted connection was shut down in a orderly fashion:
TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error
of course, this isn't an error at all.
commit 6bc2d3d06e
(New connection option CONN_RFC1459) forgot to adjust the ssl bitmasks.
The result is that when a compressed AND encrypted server link goes down
the memory allocated by zlib and the r/w buffers are no longer
free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag
from the flag mask.
Store the file name of channel key files and reopen them on each access
(on each JOIN command) insted of just storing the file handles.
This eliminates the special requirements (no delete) and makes sure
that always the actual file contents are used in all circumstances.
This patch introduces the new configuration variable "KeyFile" for
[Channel] sections in ngircd.conf. Here a file can be configured for each
pre-defined channel which contains individual channel keys for different
users. This file is line-based and must have the following syntax:
<user>:<nick>:<key>
<user> and <nick> can contain the wildcard character "*".
Please not that these channel keys are only in effect, when the channel
has a regular key set using channel mode "k"!
commit 2546a13ad2
('Cumulative Message Patch') broke PRIVMSG to channels
containing dots.
Fix this by switching evaluation order:
Check first if the target matches a existing channel and only do a check
for target masks if that failed.
PRIVMSG with host/server masks is described in RFC 2812, section 3.3.1.
Makes one wonder how a server is _really_ supposed to tell the difference
between hostmasks and channel names.
Sigh.
when ngircd is build without DEBUG enabled, LOG_DEBUG messages
are always discarded.
To avoid the extra code, ngircd has a LogDebug() wrapper which
gets removed by the compiler when compiling without DEBUG defined.
Update a few functings which were using the
Log(LOG_DEBUG, .. interface directly without #ifdef DEBUG guards.
text data bss dec hex filename
127748 1900 28280 157928 268e8 ngircd.before
126836 1896 28280 157012 26554 ngircd.after
Silly bug: the condition of a while() loop in the Channel_Exit() function
used the wrong variable and therefore got never executed ...
This bug is in the code since the beginning (see commit bb19cfda in 2002);
shame on me!
in the same vein as the earlier commit:
cast posix data types (pid_t, ...) to long and use
%ld as format specifier. This will avoid problems
when sizeof(int) != sizeof(type).
We could also cast to int, but this might truncate the value.
Reported by Christoph Biedl:
ngircd[21581]: Running as user irc(39), group irc(39), with PID 140733193409613.
cast pid_t to long to avoid this.
While we are there, cast uid_t and gid_t, too.
- Fix formatting of some log messages, mostly punctuation.
- cb_Connect_to_Server(): don't use string concatenation, because it
is not supported by pre-ANSI C compilers ...
This patch fixes the following warning of GCC (version 4.3.2) in
function pem_passwd_cb() when compiling with OpenSSL support and
without debug code:
conn-ssl.c: In function 'pem_passwd_cb':
conn-ssl.c:122: warning: unused parameter 'rwflag'
The new configuration option "NoIdent" in ngircd.conf can be used to
disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT
lookups enabled.
The IRC command "SERVLIST" lists all the registered services, see RFC 2811, section 3.5.1.
The syntax is "SERVLIST [<mask> [<type>]]". The parameter <type> is not used by ngIRCd at
the moment, all registered services are of type 0 (which is the default when omitted).
ngIRCd now creates a server-local channel &SERVER with channel modes
+mnPt (moderated, no messages from outside the channel, persistent and
with the topic locked) and logs all the messages to it that a user with
mode +s ("server messages") receives.
If an IRC operator withdraws the +P ("persistent") mode and the &SERVER
channel is freed because of no members, nothing special happens. The
channel can be recerated any time later and ngIRCd would begin logging
to it again.
The following bits and bytes were not included in distribution archives:
- contrib: ngindent, ngircd.sh
- contrib/Debian: ngircd.postinst
- contrib/MacOSX: preinstall.sh, postinstall.sh
- doc/src: Doxyfile, header.inc.html, footer.inc.html, ngircd-doc.css
- src/portab: splint.h
I changed the test suite to start two test servers (on port 6789 and 6790),
so server-server links can be tested as well for which I included the new
test script "server-link-test.e".
In addition the documentation of the test suite (src/testsuite/README) has
been updated and is more complete now.
This patch lets ngIRCd count outgoing connections as well as incoming
connections (up to now only outgoing connections have been counted). This
change is required because the Conn_Close() function doesn't know whether
it closes an outgoing connection or not and therefore would decrement the
counter below zero when an outgoing connection existed -- which would
trigger an assert() call ...
Please note that this patch changes the (so far undocumented but now fixed)
behaviour of the "MaxConnections" configuration option to account the sum
of the in- and outbound connections!
Some servers send the numeric 020 ("please wait while we process your
connection") when a client connects. This is no useful information for
this server, so we simply ignore it :-)
This patch enables ngIRCd to use GNUTLS in really old versions, tested
with version 1.0.16, that don't define the "new" data types ending in
xxx_t. LIBGNUTLS_VERSION_MAJOR isn't defined there as well, so we use
it to test if we must define the new types on our own.
Alexander Barton reported a compiler warning on 64-bit platforms:
cc1: warnings being treated as errors
conn-ssl.c: In function 'ConnSSL_Init_SSL':
conn-ssl.c:403: error: cast to pointer from integer of
different size
Unfortunately, I couldn't find a real solution; the GNUTLS
API expects 'gnutls_transport_ptr_t' (which is void*),
but the default push/pull functions (send/recv) expect an int.
The only alternative solution is to pass in an address to the
file descriptor, then add send/recv wrappers that expect a pointer.
What a mess[tm].
This patch fixes the following warning of GCC (version 4.3.2) in
function ForwardLookup():
resolve.c: In function 'ForwardLookup':
resolve.c:282: warning: ISO C90 forbids specifying subobject to initialize
resolve.c:284: warning: ISO C90 forbids specifying subobject to initialize
resolve.c:285: warning: ISO C90 forbids specifying subobject to initialize
This patch fixes the following warning of GCC (version 4.3.2) in
function ConnSSL_LogCertInfo() when compiling with GNUTLS support:
conn-ssl.c: In function 'ConnSSL_LogCertInfo':
conn-ssl.c:542: warning: unused variable 'cred'
This patch
- introduces a new server flag "S" to indicate that the server can handle
the SERVICE command (on server links),
- implements the IRC command "SERVICE" for server-server links,
- uses the "SERVICE" command to announce IRC services when a new
server connects to it,
- and fixes the Send_Message() function to let it send messages to
services using a "target mask".
If the remote server doesn't indicate that it can handle the "SERVICE"
command (it has not set the "S" flag), services are announced as regular
users as before.
This patch enables ngIRCd to handle IRC services as real services, and not
as "fake users":
- Set correct client type CLIENT_SERVICE for services,
- Change log messages to include correct client type,
- PRIVMSG: allow users to send messages to services,
- Send services nick names to other servers (as users).
Please note that this patch doesn't announce services as services in the
network, but as regular users (as before). Only the local server knows
of services as services (see LUSERS command, for example). It is up to
one of the next patches to fix this and to introduce the SERVICE command
in server to server communication.
The propagation of services as regular users between servers doesn't limit
the functionality of the IRC services and will be the fallback for servers
that don't support "real" services propagation in the future.
Client_TypeText() is used to get correct naming ("Client", "Service", ...)
for log messages, and Destroy_UserOrService() is used to correctly destroy
user and services clients.
Introduce a new configuration variable "ServiceMask" in SERVER blocks to
define a mask matching nick names that should be treated as services.
Regular servers don't need this parameter (leave it empty, the default),
but you should set it to "*Serv" when connection ircservices, for example.
This patch allows ngIRCd to detect services, it doesn't change the
functionality: you only get different log messages ;-)
All the required information is already stored in the CLIENT structure
of new new connection, so pass this to Introduce_Client() and don't
invent an unneeded new structure ...
This patch allows ngIRCd to detect right after receiving the SERVER command
from the peer whether the RFC 1459 compatibility mode must be used or not.
And it fixes the announcement of users during establishing new server links
with such peers.
This patch enables ngIRCd to deal with NICK and USER commands following
RFC 1459 to register new clients, and to send these commands instead of one
full NICK command as specified in RFC 2813 on connections that are in RFC
1459 compatibility mode.
Can be useful for e. g. IRC services that simulate a RFC 1459 server.
This new connection option CONN_RFC1459 indicates that the peer on this
link only supports the IRC protocol as defined in RFC 1459 and that the
compatibility mode (e. g. for outgoing commands like NICK) should be used.
This patch allows servers and services to call the NICK command using the
syntax defined in RFC 1459 to register new users, with only two parameters.
See section 4.1.2.
Useful for some services packages, which emulate this protocol.
Config option claimed to be 'number of connections' but in reality this
was treated as 'largest file descriptor allowed'.
This also fixes another bug in New_connection, where the
ng_ipaddr_tostr_r error path was missing a return statement.
Some message targets could lead to a NULL pointer dereference and therefore
could crash the daemon (denial of service).
(cherry picked from commit e493ad2d30ff80bca2556cde2212e367cb006517)
by Steven D. Blackford <kb7sqi@aol.com>:
"I wanted to let you know that I've done a quick port of ngircd-0.12.0 for
NEXTSTEP3.3/OPENSTEP4.2. There wasn't a lot of changes required to get it
to compile clean, but I did make the necessary changes so that I didn't
have to use -posix flag. The NeXT has a pretty buggy POSIX implementation
so I always try to work around it. :-)
Anway, here's the changes required to get it to compile."
This patch fixes the following error message of GCC (tested with version
4.3.0) when not compiling ngIRCd in "strict RFC" mode:
parse.c: In function "Validate_Args":
parse.c:341: error: unused parameter "Idx"
parse.c:341: error: unused parameter "Req"
Some operating systems, for example OpenBSD and OpenSolaris, use
"localhost.<domain>" instead of just "localhost" for 127.0.0.1, so
the "message-test" using "localhost" failed on such systems.
Don't have an idee how to make this work on all platforms ... :-/
So I simply disabled the two affected tests to make the testsuite
run on OpenBSD and OpenSolaris again.
This patch fixes the following warning of GCC 4.3.1:
irc.c: In function "Send_Message":
irc.c:315: error: "lastCurrentTarget" may be used uninitialized in
this function
This closes Bug #88.
Patch proposed by Eric <egrunow@ucsd.edu>, but with wrong length
comparision: please note that Channel_IsValidName() checks the name
INCLUDING the prefix, so the test must be length<=1!
Up to this patch ngIRCd did not return any result (GIT master) or a badly
formated 403 (":irc.server 403 test :No such channel" [note the two
spaces!], branch-0-12-x) on the above commands, this patch changes the
behaviour to reflect ircd 2.11 which returns 461 in both cases.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
(Please see 149859c5fecc..., which fixes this for the who-test already)
This patch fixes the following two warnings of GCC 4.2.4:
irc-channel.c: In function "IRC_JOIN":
irc-channel.c:185:
warning: "lastkey" may be used uninitialized in this function
irc-channel.c:185:
warning: "lastchan" may be used uninitialized in this function
Up to now ngIRCd accepted CR+LF as well as a single CR or LF in "non RFC
compliant" mode (the default). But ngIRCd became confused when it received
data containing mixed line endings (e. g. "111\r222\n333\r\n").
This patch enables ngIRCd (in "non RFC compliant" mode) to detect CR+LF,
CR, and LF as equally good line termination sequences and to always end the
command after the first one detected.
Some clients (for exmaple Trilian) are that ... broken to send such mixed
line terminations ...
First patch proposed by Scott Perry <scperry@ucsd.edu>,
Thanks to Ali Shemiran <ashemira@ucsd.edu> for testing!
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n",
"arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead
to output like:
:ngircd.test.server 322 nick #chan 1 :
topicwithprecedingnewline
:ngircd.test.server 322 nick #nxtchan 1 :
[..]
Worse, this allows clients to piggyback irc commands, e.g.
"TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which
causes the client to receive a JOIN command during /LIST output.
Bug reported by Scott Perry, first patch by Florian Westphal.
In addition, the "timeout" variable has been removed because it is
unnecessary today: Handle_Buffer() handles all the data it can handle,
and io_dispatch() returns immediately when new data is available. So
we don't have to double-check but better sleep. Pointed out by Florian.
This patch does significant cleanup on the join code by using strtok_r
instead of mangling strchr to parse channel names and keys in parallel when
a JOIN command contains a list of channels and keys.
Also adds an strtok_r implementation to libportab.
this also obsoletes ListenIPv4 and ListenIPv6 options.
If Listen is unset, it is treated as Listen="::,0.0.0.0".
Note: ListenIPv4 and ListenIPv6 options are still recognized,
but ngircd will print a warning if they are used in the config file.
Also, some plattforms require that ai_socktype
is set in the getaddrinfo() hints structure.
This patch adds -h and -V short options (to complement the usage).
It is based on a patch attached to Debian bug #466063, see
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466063>.
Idea by Jari Aalto <jari.aalto@cante.net>,
patch adapted by Alexander Barton <alex@barton.de>.
It is hard to test this in the test suite because we 1) shouldn't rely on
previous tests populating WHOWAS and 2) don't connect a user for more than 30
seconds.
Also makes WHOWAS return ERR_NONICKNAMEGIVEN_MSG as implied by RFC.
Some operating systems, for example OpenBSD, use "localhost.<domain>"
instead of "localhost", so the "who-test" expecting "localhost" failed
on such systems.
SERVICE, SERVLIST, and SQUERY are required by RFC 2812 (it states in
section 3 that "all commands described in this section MUST be implemented
by any server for this protocol." -- So we implement them without (much)
actual functionality ...
Brandon Beresini sent me a patch yesterday adding tests for JOIN under
various circumstances, which I believe he worked on with Bryan Caldwell
and Ali Shemiran. I made a few modifications; the result is below.
Code cleanup and fix for Bug #83, "ngIRCd chokes on 1-character messages" in
function Handle_Buffer(): the buffer is now correctly cleared when ngIRCd
receives 1-character messages terminated with either CR or LF (in violation
to RFC 2812, section 2.3 "Messages", 5th paragraph).
Modeless channels (+channels) are described in RFC 2811;
so my modifications to
530112b114
('Add support for modeless channels')
to disable +channels for --strict-rfc configurations
were wrong. This reverts those changes.
Add support for modeless channels (+channels).
[fw@strlen.de:
- integrate test cases
- don't support +channels when compiled with --strict-rfc
- do not set +o mode for channel creator
- force +nt mode when channel is created ]
The config file for ngircds test suite contained obsolete
ConfUID/ConfGID settings, causing ngircd to needlesly complain when
started as non-root (which is hopefully the _normal_ case...)
When trying to part a channel ("PART #channel") the client is not member of
the daemon now correctly reports the numeric ERR_NOTONCHANNEL (442) insted
of ERR_NOSUCHCHANNEL (403).
client.c:72:6: warning: symbol 'Max_Users' was not declared. Should it be static?
client.c:72:21: warning: symbol 'My_Max_Users' was not declared. Should it be static?
ngircd will exit if the config file cannot be opened. While
thats okay if ngircd starts up for the first time, it isn't
when we are re-reading the config file after a /REHASH or SIGHUP.
all references to struct sockaddr/in_addr have been
removed from src/ngircd.
libngipaddr (in src/ipaddr/) hides all the gory details.
See src/ipaddr/ng_ipaddr.h for API description.
This does hit only operators that join a channel with at least 2 servers active in the net
the server the oper connects to sends "channel^Go" to the other servers
the other server first searches for the channel and then strips the modes from the channel name
he has to do the other way round: first strip and then check the channel name.
RPL_WHOREPLY messages generated by IRC_WHO don't include flags (*,@,+)
that should appear according to this description:
http://www.mishscript.de/reference/rawhelp3.htm#raw352
Other IRC servers do include the flags.
Modify who-test.e to expose missing flags,
modify ngircd-test.conf to accommodate who-test.e, and fix
irc-info.c to correct these problems.
Under some circumstances ngIRCd currently issues a channel MODE message
with a trailing space after the last parameter, which isn't permitted by
the grammar in RFC 2812 section 2.3.1:
http://tools.ietf.org/html/rfc2812#section-2.3.1
The following patch modifies mode-test.e to expose this, and modifies
irc-mode.c to correct it.
- put sending of mode and forwarding of JOIN to other clients
into seperate function.
- put sending of topic/channel names into seperate function.
- put access check into seperate function.
- translate/remove remaining german comments.
- stop if JOIN to a channel in a list (JOIN #a,#,b,#c...) fails
(This doesn't change the behaviour: skip-to-next-channel-on-error
did never work as intended)
Dana Dahlstrom reported that IRC_WHO did not follow
RFC 2812, Section 3.6.1. Specifically:
- IRC_WHO did not send "G" flag instead if "H" if client was away
- did not search username/servername/hostname etc. if argument
was not a channel.
Fix all of the above and tidy things up a bit.
Also add IRC_WHO test script contributed by Dana.
The students in my software-engineering class are writing IRC clients in
Java, and I'm running ngIRCd as a sandbox for them to play in. We
noticed ngIRCd doesn't obey the "JOIN 0" command specified in RFC 2812:
JOIN 0 ; Leave all currently joined
channels.
http://tools.ietf.org/html/rfc2812#section-3.2.1
I believe the following patch addresses this. Cheers!
[fw@strlen.de: put it into a seperate function]
parse.c:56:9: warning: symbol 'My_Commands' was not declared. Should it be static?
parse.c:107:9: warning: symbol 'My_Numerics' was not declared. Should it be static?
Also move handling of numerics into a seperate helper function.
struct Conf_Server stored the ip address to connect to
in dotted-decimal notation; but we only need this for connect()
so long-time storage isn't necessary.
- New configuration option "MaxNickLength" to specify the allowed maximum
length of user nick names. Note: must be unique in an IRC network!
- Enhanced the IRC+ protocol to support an enhanced "server handshake" and
enable server to recognice numeric 005 (ISUPPORT) and 376 (ENDOFMOTD).
See doc/Protocol.txt for details.
Alexander Barton