0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-17 23:40:57 +01:00
Commit graph

123 commits

Author SHA1 Message Date
Simon Arlott
762468f85d
authd: wait until the ssl connection is "open" before reading
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.

Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
2016-04-25 21:43:21 +01:00
Simon Arlott
53789fddda
sslproc: simplify ssl open callback
Don't use the librb callback type as we're always passing client_p.

Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
2016-04-25 21:12:44 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage 2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts 2016-04-11 20:02:09 +03:00
Elizabeth Myers
ce58d2dc61 Remove extraneous whitespace [ci skip] 2016-04-10 09:23:14 -05:00
Elizabeth Myers
154dc91ef0 Wrap up authd preclient stuff in its own struct 2016-04-10 09:20:51 -05:00
Elizabeth Myers
66f7fe673b Get rid of flags2.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.

This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
William Pitcock
c53ca1e029 ircd: integrate ircd side of wsockd support 2016-04-02 02:56:22 -05:00
Elizabeth Myers
d3f6b80867 Replace s_auth/blacklist stuff with authd calls
This also does a lot of surgery on the conf system to reconfigure authd.

/!\ WARNING! ACHTUNG! ADVERTENCIA! ATTENTION! AVVERTIMENTO! /!\
This code has not been run-time tested yet (though it compiles)!
2016-03-28 02:11:16 -05:00
William Pitcock
de7cf7e009 ircd: client: substantially rework the connid registry system
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
2016-03-25 19:50:29 -05:00
Elizabeth Myers
9b8e9eb321 config.h delenda est 2016-03-19 19:14:26 -05:00
Elizabeth Myers
638d286293 Change some RATBOX_FOO defines to CHARYBDIS_FOO. 2016-03-07 05:01:31 -06:00
Elizabeth Myers
cbeab4bc34 Remove $Id tags from everything.
These are obsolete and none have changed since 10 years gao...
2016-03-06 02:47:27 -06:00
William Pitcock
ddf62b10f9 m_cap: add support for CAP LS 302 2016-02-28 01:13:08 -06:00
William Pitcock
32df5e96a6 cap: substantial rewrite leveraging the ircd capabilities framework for client caps 2016-02-27 01:41:36 -06:00
William Pitcock
ddedc60398 cap: register the account-tag capability 2016-02-20 17:26:35 -06:00
William Pitcock
b47f8a4fda ircd: import modified version of ratbox 3.1 whowas code 2016-01-23 11:16:34 -05:00
William Pitcock
999fab778c Revert "LIST: use new sendq system to reimplement SAFELIST differently."
This reverts commit e835592cfc.
2016-01-20 22:26:55 -05:00
William Pitcock
a4721f5e9f ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd) 2016-01-11 23:32:23 -06:00
William Pitcock
730b914c17 LIST: more cleanups 2016-01-09 23:34:52 -06:00
William Pitcock
1eeb046930 ircd: remove internal resolver, no longer used 2016-01-08 06:39:51 -06:00
William Pitcock
1d02144f8b ircd: move DNS resolution over to authd 2016-01-08 06:31:08 -06:00
Jilles Tjoelker
2d28539c68 Reduce clean_nick() code duplication further.
Side effect: hurt and monitor now allow nicks starting with a digit.
2015-12-13 00:22:21 +01:00
William Pitcock
72dee03d50 clean up some code duplication when checking nicks for validity 2015-12-12 08:41:09 -06:00
William Pitcock
b5b4a0e79b client: use sequential connection ids for ssld connections in ssld RPC, instead of the file descriptor
this avoids race conditions when a file descriptor is reused and an ssld worker has not acked that the previous
connection was closed, which results in the new client being kicked.
2015-12-12 05:20:51 -06:00
William Pitcock
ebe33dbfab sslproc: set Client.localClient.cipher_string if sent by ssld 2015-12-11 08:19:50 -06:00
William Pitcock
4a5330bb4d cap: implement ircv3.2 chghost cap 2015-11-19 22:53:55 -06:00
William Pitcock
13de708352 cap-notify: add cap-notify cap 2015-03-01 00:26:23 -06:00
Max Teufel
1b54aa5c3b src/channel: add support for IRCv3.2 userhost-in-names 2015-02-28 01:06:38 -06:00
William Pitcock
6e3d57dc6b cap: remove SASL_REAUTH capability 2015-02-28 01:01:08 -06:00
William Pitcock
95cce5f358 Revert "m_invite: add support for CAP invite-notify"
This reverts commit 93eb76cc32.
2015-02-16 17:50:51 -06:00
Max Teufel
93eb76cc32 m_invite: add support for CAP invite-notify
Specification:
<https://github.com/ircv3/ircv3-specifications/blob/master/extensions/invite-notify-3.2.md>
2015-02-16 15:40:34 -06:00
William Pitcock
c6bc97fdcd m_sasl: move some struct members around for sasl-reauth 2015-02-16 15:39:36 -06:00
William Pitcock
ef3ab8e3a5 cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103). 2015-02-15 17:11:28 -06:00
Keith Buck
55abcbb20a Remove trailing whitespace from all .c and .h files.
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
2635cc8089 Fix parameter name in header file for show_ip_conf(). 2013-09-14 12:26:24 +02:00
William Pitcock
538d4d6188 m_cap: add 'tls' core capability 2012-09-22 14:15:45 -05:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
Jilles Tjoelker
f8e43a0b8f Remove dummies, given that ratelimit already broke the ABI once.
As with ratelimit, ircd/modules before and after this commit
are incompatible, but not detected as such.
2012-02-21 21:02:20 +01:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Keith Buck
c5bbc60375 Add away-notify client capability. 2012-02-14 14:15:44 +00:00
Jilles Tjoelker
d182b85454 Minor cleanup to command throttling code:
* Deduce allow_read from the client's state (IsFloodDone) rather than
   storing it in LocalUser.
 * Fix the documentation (in oper /info), however strange
   client_flood_burst_rate and client_flood_burst_max may seem, that is
   how they currently work.
2011-10-04 00:46:00 +02:00
Jilles Tjoelker
f9dda63969 Disable LocalUser.actually_read (write-only field). 2011-10-04 00:25:22 +02:00
Keith Buck
ab894d74fe Add target change spam notice. 2011-05-16 15:29:09 -07:00
Keith Buck
096570b9f8 Add topic TS and channel TS constraints for /LIST. 2011-01-05 21:15:36 -08:00
Keith Buck
bb55ebebe9 Implement operspy for /LIST. 2011-01-05 18:57:27 -08:00
William Pitcock
92052a5c24 Add extended-join client capability.
The extended-join client capability extends the JOIN message with information clients typically
query using WHO including accountname, signon TS and realname.
2010-12-16 00:24:54 -06:00