* librb is no longer a separately configured subproject.
* charybdis is now a standalone directory with a binary.
* Include path layout now requires a directory ircd/ rb/ etc.
This version leverages a flexible, cleaner key-value strategy
reducing the need to design entire new headers for every feature
addition, change, etc.
* A friendly declaration for the module authors, with minimal
requirements to fill in, and explicit labels of what the fields are.
* Repetition of keys, removing references to (and the requirement to
build) a clist, hlist and hfnlist and caplist and whatever the future
holds.
* Safe deterministic loading and unloading. Keys are evaluated in
order, errors can be recognized, and unloading occurs in reverse
order.
ircd: Refactor internal half of modules.c, with some V3 additions.
Provides better delegation for versions, a cleaner stack with better
error handling, and some functionality deduping. V1 and V2 handlers
are still somewhat unaltered, just factored in.
channel mode classification which is required by RPL_MYINFO indicating arity,
and RPL_ISUPPORT indicating an enumerated class. The content of these replies
had previously been generated by hardcoded strings of some letters.
Channel modes require classification which corresponds to the
CHANMODES= data in RPL_ISUPPORT. Classes A,B,C can then be
listed in the unary column of RPL_MYINFO. cflag_add() is updated
for this. Additional cleanup of chmode.h and channel.h
circularity is also proffered within.
Submitted-by: Jason Volk <jason@zemos.net>
It's useful to allow authd to run in parallel with ssl negotiation,
but if the ssld connection has plaintext data ready for reading
there's a race condition between authd calling read_packet() and
ssl_process_certfp() storing the certificate fingerprint. This
scenario would be bad for a server connecting because fingerprint
verification will fail.
Allow either operation to complete first, but wait until
ssl_process_open_fd() calls the ssl open callback before calling
read_packet().
Don't use the librb callback type as we're always passing client_p.
Provide a return value so that the connect handler can exit_client()
and the accept handler can opt to use the default dead handler.
There's no need to pass information around that sslproc already has access
to, so use ServerInfo directly. Remove the extra NULL checks as these are
already performed before setting ircd_ssl_ok = true.
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.
Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.
Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...
Compile tested, needs more testing.
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.
This "fixes" #179 in title only, but see comments within.
Clean up spaces/tabs mixing mess (bleh), add some defaults for authd
stuff, and get rid of CHARYBDIS_SOMAXCONN (just define SOMAXCONN if it's
available...).
There's no reason to really have these in the main ircd anymore, static
modules are dead and aren't coming back.
To ensure people don't do something hopelessly retarded, this is a core
module.
This also does a lot of surgery on the conf system to reconfigure authd.
/!\ WARNING! ACHTUNG! ADVERTENCIA! ATTENTION! AVVERTIMENTO! /!\
This code has not been run-time tested yet (though it compiles)!
now connid's are allocated on demand and clients may have as many connid's as necessary.
this allows us to build chains of helpers while ensuring the ircd properly tracks and GCs the resources.
Also fix up some return values and stuff to use bool (or void if
nothing). I just did it whilst I was here.
According to jilles, the return value used to signify whether or not the
client had exited. This was error-prone and was fixed a long, long time
ago, but the return value was left int for historical reasons.
Since the return type is not used (and has no clear use case anyway),
it's safe to just get rid of it.
Charybdis requires C99 already, so it's high time we start using
stdbool. I've converted a few pieces of code already.
A lot of the old code that uses YES/NO should probably be updated too
because that's fucking hideous.
This was an asston of pain, and it still feels "dirty" as it introduces
an async call where there normally wouldn't be one. Better
implementation more than welcome.
Due to reversed conditionals, it wasn't being generated properly.
This also actually fixes its generation in librb by just copying the
Charybdis version. Unbundlers will want to take note of this.
MAPI V1 is still supported for legacy modules, but it is highly
recommended to update to MAPI V2. It includes support for capability
tables, module descriptions, and implicit versions.
we do this by removing the uname usage everywhere: it is not actually
used at runtime at all.
we keep the timestamp, because it is actually used in user_welcome()
but allow it to be overriden.
ideally, that timestamp would be completely removed, but I am not sure
what to put in its place, or if it would break some mysterious RFC (or
client!) if we remove that announcement.
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.
Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.
Add STATS S (admins only) to list ssld processes, status, and client
count.
The sendq limit is now soft, now we halt processing if a sendq is exceeded, until it is sufficiently drained.
This allows us to implement SAFELIST and other floody commands without hacks.
RPL_ADMINME is a response the client receives using the ADMIN command.
Charybdis used to implement a non-standard version of this.
The RFC 1459 standard [1] says in section "6.2 Command responses.":
256 RPL_ADMINME
"<server> :Administrative info"
This commit corrects the behavior to follow the standard.
[1]: https://tools.ietf.org/html/rfc1459
this avoids race conditions when a file descriptor is reused and an ssld worker has not acked that the previous
connection was closed, which results in the new client being kicked.
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time. This is more efficient, and allows us
to report errors as part of the configuration phase.
- Implemented changes suggested by Jilles
- Remove some unused parameters in functions
- Remove some unused ssl procs
- 63-bit time_t support in TS deltas
- const char * vs char * cleanup
- struct alignment (void *) casts
- signed vs unsigned fixes
- bad memset() call
- Bad LT_MAIN in libratbox
- char -> unsigned char casts for isdigit/isspace/etc calls
Thanks Jilles!
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
After a change for dynamic server capabilities, the code to send out mode
changes was changed to use the capabilities belonging to the last mode
being sent out. This does not make sense; therefore, just use no
capabilities and remove supporting infrastructure.
Reported by ssbr on freenode:
chmode +c doesn't strip ^O, which turns off all previous formatting.
This can cause clients that internally use mIRC formatting to render messages weirdly,
e.g. highlighted messages in HexChat: <https://i.imgur.com/eDX8Aif.png>.
Charybdis currently leaks about 45-50k per configuration parse,
including every rehash. This change plugs these leaks by properly
iterating through all conf_parm_t structures to seek all strings that
should be freed and also by freeing the conf_parm_t structures
themselves.
These leaks have been present since the original rewrite of the
configuration parsing system in ircd-ratbox r11953.
Additionally, this change also cleans up and documents the parsing code
a bit.
Default values for default_floodcount and default_ident_timeout are set
in s_conf.c. Remove code that checks for missing values in ircd.c.
Additionally, reset default_ident_timeout to 5 if an invalid value (i.e.
0) is provided.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().
Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
s_assert requires some higher-level functionality that shouldn't be
present in ircd_defs.h. ircd_defs.h is used by ssld, which has no notion
of logging or sending IRC messages. Additionally, some of the headers
s_assert depends on result in conflicting definitions in ssld.c.
This change also fixes the compile when using --enable-assert=soft.
With this comes an example module to block the killing of services.
NOTE: this will not cancel remote kills. Those are still accepted, per
the TS 6 specification.
A zero CAP_CAP caused duplicate CAPAB to go undetected, allowing a
mismatch between what is sent out via ENCAP GCAP and what applies locally.
A zero CAP_TS6 allowed server connections without SID (with a valid
connect block).
Currently, the resolver treats SERVFAIL, NOTIMP, and REFUSED queries the
same as NXDOMAIN, but this really should not be the case. Instead, if
the DNS server errors on our request or provides an invalid request, try
another server.
Also, count DNS server errors in addition to timeouts and avoid these
undesirable servers.
This will allow us to modularize message processing, e.g. having new modules to manipulate
channel and private messages in new ways.
Yes: it can be used to intercept messages, but such modules are already out in the wild for
charybdis anyway -- so this doesn't really change anything there.
If you are changing the text, then it is your responsibility to provide a pointer to a new
buffer. This buffer should be statically allocated and stored in your module's BSS segment.
We will not, and cannot, free your buffer in core, so dynamically allocated buffers will
cause a memory leak.
This will allow us to simplify m_message considerably, by moving channel mode logic out to
their own modules.
Add two mechanism for avoiding name-collisions in a system-wide
installation of charybdis. The ssld and bandb daemons, intended to be
directly used by ircd and not the user, install into libexec when
--enable-fhs-paths is set. For binaries which are meant to be in PATH
(bindir), such as ircd and viconf, there is now an option
--with-program-prefix=progprefix inspired by automake. If the user
specifies --with-program-prefix=charybdis, the ircd binary is named
charybdisircd when installed.
Add support for saving the pidfile to a rundir and storing the ban
database in localstatedir instead of in sysconfdir. This is, again,
conditional on --enable-fhs-paths.
Fix(?) genssl.sh to always write created SSL key/certificate/dh
parameters to the sysconfdir specified during ./configure. The
previous behavior was to assume that the user ran genssl.sh after
ensuring that his current working directory was either sysconfdir or a
sibling directory of sysconfdir.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).
Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
Specifically, what this capability manager does, is map keywords to
calculated bitmasks. These bitmasks are allocated at runtime, so that
the any managed capability index can be manipulated by modules.
Modules should call capability_orphan() when orphaning capabilities. This
makes it so that bitmasks aren't reallocated, except for cases where the
capability is the same.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings. As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.
The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
* Deduce allow_read from the client's state (IsFloodDone) rather than
storing it in LocalUser.
* Fix the documentation (in oper /info), however strange
client_flood_burst_rate and client_flood_burst_max may seem, that is
how they currently work.
nenolod gave the thumbs-up to port ircd-seven banfowards to charybdis to spb
for a while, and people have asked about it. Might as well do it since it's a
slow weekend.
Note that as a side effect use_forward is removed from the config and
unconditionally enabled!
While what chanroles are trying to accomplish is a good idea, it is
apparently unclear this is the proper way to do it. Until we figure out
the exact way we wish to do this, it should be reverted for now.
The theory behind this is that services sends an ENCAP * GRANT #channel
UID :+flagspec message specifying the chanroles the user has. They are
mapped into flag bits and applied to the membership of the user. They
then are restricted or permitted to what they can do based on the
permissions mask regardless of rank.
For backwards compatibility, the default permission bit (without a GRANT
statement) allows a user to to anything an existing op can do ONLY if
they are an op.
Todo: make CHANROLE_STATUS work (the ability to apply +ov to people),
which is at the moment controlled by CHANROLE_MODE.
The extended-join client capability extends the JOIN message with information clients typically
query using WHO including accountname, signon TS and realname.
This has a separate enabling option channel::channel_target_change.
It applies to PRIVMSG, NOTICE and TOPIC by unvoiced unopped non-opers.
The same slots are used for channels and users.
The code behind this capability was never implemented, and subsequent
discussions have agreed to approach the problem differently. There seems no
reason to continue advertising a capability that does nothing.
* does not apply to NOTICE (as those may well be automated)
* mirrors +g behaviour so that no useless accept entries are added for services
* respects max_accept, if it would be exceeded the message is dropped with numeric 494
* check moved up so this is checked before floodcount/tgchange
