Commit Graph

2655 Commits

Author SHA1 Message Date
xor f087c68a99 New option to scrub incoming CTCP commands
This patch makes it possible to scrub incomming CTCP commands from
other servers and clients alike. The ngircd oper can enable it from
the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is
default off.

CTCP can be used to profile IRC users (get user clients name and
version, and also their IP addresses). This is not something we like
to happen when user pseudonymity/secrecy is important.

The server silently drops incomming CTCP requests from both other
servers and from users. The server that scrubs CTCP will not forward
the CTCP requests to other servers in the network either, which can
spell trouble if not every oper knows about the CTCP-scrubbing.
Scrubbing CTCP commands also means that it is not possible to send
files between users.

There is one exception to the CTCP scrubbing performed: ACTION ("/me
commands") requests are not scrubbed. ACTION is not dangerous to users
(unless they use OTR, which does not encrypt CTCP requests) and most
users would be confused if they were just dropped.

A CTCP request looks like this:

ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char

ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.)

They are sent as part of a message and can be delivered to channels
and users alike.
2011-06-25 21:37:17 +02:00
Alexander Barton 6aad5a6706 INSTALL: document changed location of configuration variables 2011-06-25 14:59:02 +02:00
Alexander Barton eba14d937d Update sample config file and manual page for new config structure 2011-06-25 14:58:12 +02:00
Alexander Barton c438c227b5 Testsuite: update configuration files for new config file format 2011-06-25 14:57:26 +02:00
Alexander Barton d41f4d6d20 Display configuration errors more prominent on "--configtest" 2011-06-25 14:56:27 +02:00
Alexander Barton 391cf4e2a1 conf.c: code cleanup 2011-06-25 14:55:34 +02:00
Alexander Barton 7ef6cb4584 Check for redability of SSL-related files like for MOTD file
Remove functions ssl_print_configvar() and ConfSSL_Puts(), introduce
new function CheckFileReadable().
2011-06-25 14:50:52 +02:00
Alexander Barton e7256bb8ac Restructure ngIRCd configuration, introduce [Limits] and [Options]
The intention of this restructuring is to make the [Global] section much
cleaner, so that it only contains variables that most installations must
adjust to the local requirements.

All the optional variables are moved to [Limits], for configurable limits
and timers of ngIRCd, and [Options], for optional features.

The old variables in the [Global] section are deprecated now, but still
recognized.
2011-06-25 14:45:36 +02:00
Alexander Barton b1786f309e New documentation: "how to contribute" 2011-06-24 21:01:18 +02:00
Florian Westphal 42b32f8a2a conn: fix error handling when connecting to server
The io_event_create error handling seems to miss a 'return'
statement.

Fix this by moving io_event_create() call around so we do not
need the Conn_Close/Init calls in the error case.
2011-06-05 15:00:32 +02:00
Florian Westphal 49b2d0ec98 ssl: gnutls: bump dh bitsize to 2048
problem is that some clients refuse to connect to severs that only offer
1024.  For interoperability it would be best to just use 4096, but that
takes minutes, even on current hardware.
2011-06-04 22:57:29 +02:00
Alexander Barton dd7d64f577 Mac OS X: split up make targets
New targets are: "have-packagemaker", "osxpkg-dest"
2011-05-12 00:21:18 +02:00
Florian Westphal 605b6a67bc fix clang warning about dead stores
clang 'scan-build':
Value stored to 'r' is never read
Value stored to 'fd' is never read
2011-05-06 20:31:56 +02:00
Alexander Barton 10c7a15687 contrib/platformtest.sh: fix gcc version detection
Now the version of GNU C is detected correctly on SuSE Linux, too ...
2011-04-30 01:03:17 +02:00
Florian Westphal 05748aa5ee parse: fix logical expression testing for non RFC1459 links
parse.c:284: warning: suggest parentheses around operand of '!' or
change '&' to '&&' or '!' to '~'

The expression looks dubious, this should probably be
an if-not-set, then... test.
2011-04-29 23:27:56 +02:00
Florian Westphal 0bb892bb5f conn: avoid needlesly scary 'buffer overflow' messages
When the write buffer space grows too large, ngircd has to disconnect
the client to avoid wasting too much memory.

ngircd logs this with a scary 'write buffer overflow' message.
Change this to a more descriptive wording.
2011-04-29 23:10:01 +02:00
Alexander Barton c26ca7773b Only require server prefixes on non RFC1459 links
Not all servers (and services!) using the RFC1459 protocol style send
prefixes on all commands; so don't require them to do so.

This relaxes the requirements introduced by commit 15775e679.
2011-04-29 12:33:58 +02:00
Alexander Barton 1cb2f5739d Merge branch 'master' of git://arthur.barton.de/ngircd-alex
* 'master' of git://arthur.barton.de/ngircd-alex:
  Do reverse lookups using the AF of the incoming connection
  resolve: fix reverse lookups of client connections with ConnectIPv6=no
2011-04-26 12:04:22 +02:00
Alexander Barton 160f5725a6 Do reverse lookups using the AF of the incoming connection
This fixes errors like this one:
  Address mismatch: 2001🔢abcd:1::1 != 192.168.1.1
2011-04-26 11:10:50 +02:00
Florian Westphal e4e1595bff resolve: fix reverse lookups of client connections with ConnectIPv6=no
We re-use the same helper function for both forward lookups
(when we want to connect to a peer server) and for validation of reverse
loopups (where we make a lookup on the hostname returned
by a reverse lookup on the IP address that connected).

Problem:

When ConnectIPv6=no, the forward lookup helper sets the adderss family
to AF_INET, and, if out client connected via ipv6, we fail to validate
the result.

Thus move the ConnectIPvX check out of the helper.
2011-04-25 18:00:10 +02:00
Alexander Barton 66315cab9a Mac OS X: install on root volume only, and set correct permissions
Update Mac OS X Installer.app description bundle, so that the ngIRCd
package can only be installed on the root volume ("/"); and make sure
that all installed files and directories have correct ownership and
permissions.
2011-04-16 15:18:43 +02:00
Alexander Barton 67a9d994e3 Mac OS X: update installer texts and add logo. 2011-04-14 11:24:07 +02:00
Alexander Barton 1cd8d7f386 Doxygen'ify conf.c 2011-04-12 23:15:29 +02:00
Alexander Barton 9a102ca96b New function Config_Error_Section(); and code cleanup 2011-04-12 21:55:32 +02:00
Alexander Barton e70e81460b Add some type casts to random() and srandom() functions
This fixes two gcc warnings (on Mac OS X):
 "warning: implicit conversion shortens 64-bit value into a 32-bit value"
2011-04-12 21:23:14 +02:00
Florian Westphal 5acb90fafc ngircd: improve rng initialisation
we do not need this for cryptographic purposes, but we can do better
than plain srandom(getpid()).

Also, keep in mind that rng state is inherited across fork(), so re-init
it in the child.
2011-03-28 00:29:58 +02:00
Alexander Barton d61fbfc6e3 Merge branch 'AuthPing'
* AuthPing:
  Add documentation for "RequireAuthPing" configuration option
  New configuration option "RequireAuthPing": PING-PONG on login
2011-03-27 20:58:18 +02:00
Alexander Barton cf7e3b1c02 Merge branch 'NoticeAuth'
* NoticeAuth:
  Add documentation for "NoticeAuth" configuration option
  Configuration: move "NoticeAuth" to GLOBAL section
  New configuration option "NoticeAuth": send NOTICE AUTH on connect
2011-03-27 20:56:50 +02:00
Alexander Barton 1b5d1064de ngircd.conf.5: Add variable type to "CloakHost" and "CloakUserToNick" 2011-03-27 20:46:16 +02:00
Alexander Barton 5b2512c215 Xcode: don't list sample-ngircd.conf, use sample-ngircd.conf.tmpl 2011-03-27 20:41:48 +02:00
Alexander Barton 680db6755b Add documentation for "NoticeAuth" configuration option 2011-03-27 20:40:28 +02:00
Alexander Barton fc0b026149 Add documentation for "RequireAuthPing" configuration option 2011-03-27 20:34:44 +02:00
Alexander Barton 162433398e New configuration option "RequireAuthPing": PING-PONG on login
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.

This is used by QuakeNet for example (ircu/snircd), and looks like this:

  NICK nick
  :irc.example.net PING :1858979527
  USER user . . :real name
  PONG 1858979527
  :irc.example.net 001 nick :Welcome to the Internet Relay Network ...
2011-03-27 19:33:48 +02:00
Alexander Barton f99d33ddd9 Configuration: move "NoticeAuth" to GLOBAL section 2011-03-26 17:11:44 +01:00
Alexander Barton d29e389779 New configuration option "NoticeAuth": send NOTICE AUTH on connect
When enabling "NoticeAuth" in the [Features] section, ngircd will send
"NOTICE AUTH" messages on client connect like e.g. snircd (QuakeNet) does.
2011-03-25 12:15:11 +01:00
Alexander Barton f1a4a4dc88 Warn when unknown variables are found in [Features] section 2011-03-25 12:12:20 +01:00
Alexander Barton 6cb90f399d Update doc/GIT.txt 2011-03-25 11:14:04 +01:00
Alexander Barton d587926eb0 Update INSTALL text 2011-03-23 01:08:49 +01:00
Alexander Barton 770a58ac6d Generate WALLOPS message on SQUIT from IRC operator
So SQUIT now behaves like CONNECT and DISCONNECT commands, when called
by an IRC operator (and not received from an other server).
2011-03-21 23:52:42 +01:00
Alexander Barton 15775e6790 Commands received from other servers must have prefixes
Make sure that all commands received from other servers do have
valid prefixes.

Only exceptions are PING and ERROR commands that can occure without
prefixes when generated by the remote peer itself.
2011-03-21 10:46:09 +01:00
Alexander Barton 62f705f97e Allow servers to send more commands in the first 10 secods
This helps to speed up server login and network synchronisation.
2011-03-21 09:42:01 +01:00
Alexander Barton a39e2f22c9 IRC_CHANINFO(): Code cleanup 2011-03-19 17:29:19 +01:00
Alexander Barton dcb1951efd Handle_GLOBAL(): don't use multi-line strings
They aren't supported by elder C compilers ...
2011-03-19 17:28:38 +01:00
Alexander Barton fa8b83e69b Merge branches 'CloakUserHost', 'QuitOnHTTP' and 'bug72-WHOIS-List'
* CloakUserHost:
  Add a note not to use a percent sign ("%") in CloakHost variable
  Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick
  Don't use "the.net" in sample-ngircd.conf, use "example.net"
  ngircd.conf.5: document "ClientHost" and "ClientUserNick"
  Move "ClientHost" and "ClientUserNick" to end of [Global] section
  ClientUserNick setting
  ClientHost setting

* QuitOnHTTP:
  Only "handle" HTTP commands on unregistered connections
  Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd
  IRC_QUIT_HTTP(): enhance error message
  Move IRC_QUIT_HTTP() below IRC_QUIT()
  quit on HTTP commands: GET & POST

* bug72-WHOIS-List:
  Add "whois-test" to testsuite and distribution archive
  Add support for up to 3 targets in WHOIS queries.
2011-03-19 17:16:14 +01:00
Alexander Barton acd7a5d6d4 Add a note not to use a percent sign ("%") in CloakHost variable
The percent sign is reserved for future extensions, for example to
expand some variables like %H to a hash value of the real host name ...

Idea by kaFux in #ngircd.
2011-03-19 17:04:57 +01:00
Alexander Barton ae7470ceb5 Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick 2011-03-19 16:58:29 +01:00
Alexander Barton d1f604ab89 Add "whois-test" to testsuite and distribution archive
Test script proposed by Dana Dahlstrom, 2008-02-17.
See <https://arthur.barton.de/bugzilla/show_bug.cgi?id=72> ...
2011-03-19 15:03:15 +01:00
Florian Westphal ff2a425ab8 Add support for up to 3 targets in WHOIS queries.
also allow up to one wildcard query from local hosts.
Follows ircd 2.10 implementation rather than RFC 2812.
At most 10 entries are returned per wildcard expansion.

WHOIS test cases by Dana Dahlstrom.
2011-03-19 15:03:15 +01:00
Alexander Barton f419a369bf Doxygen: Remove header.inc.html and ngircd-doc.css from distribution 2011-03-19 15:02:28 +01:00
Alexander Barton 152b529abf ngircd.conf.5: describe types of variables
Describe the possible types of variables in ngircd.conf:
booleans, text strings, integer numbers.

And add type information to each variable description.
2011-03-18 11:15:48 +01:00