0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-27 01:02:46 +01:00
Commit graph

3106 commits

Author SHA1 Message Date
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds 2016-04-23 22:46:25 +01:00
Simon Arlott
7da82465a8
librb: mbedtls: fix rb_get_ssl_certfp()
Add missing break statements.
Return the hash length on success.
2016-04-23 22:45:13 +01:00
Simon Arlott
bf3bcbb5b2
librb: fix mbedtls library order
libmbedtls depends on libmbedx509 and libmbedcrypto
libmbedx509 depends on libmbedcrypto

They have to be specified in the correct order for the GNU linker to work.
2016-04-23 22:13:03 +01:00
Simon Arlott
0ae7a89d78
ircd: sslproc: certfp commands have a 9 byte header, not 5 bytes
SHA512 hashes were being ignored because the message was too large
2016-04-23 20:52:20 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds 2016-04-23 20:46:26 +01:00
William Pitcock
c6098ed357 client: fix up client_release_connids() too, pointed out by lp0 2016-04-23 14:26:01 -05:00
William Pitcock
5c63bfe8b1 client: connid_get() should check MyConnect(), not MyClient(). 2016-04-23 14:17:36 -05:00
Simon Arlott
84e3e445aa
mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-04-23 17:37:05 +01:00
Simon Arlott
b49efe577c
mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-04-23 17:37:04 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip] 2016-04-23 17:57:07 +03:00
Simon Arlott
e7c4cf63bc
authproc: set GOT_ID flag when an ident response is received 2016-04-23 15:41:27 +01:00
staticfox
1729f46eab
authd: Avoid negative array indices 2016-04-22 23:06:42 -04:00
Elizabeth Myers
7445ece1d1
Revert "Implement the netsplit batch type."
This needs more work, see
https://github.com/ircv3/ircv3-specifications/issues/253

This reverts commit 2373891299.
2016-04-16 11:05:00 -05:00
Elizabeth Myers
2373891299
Implement the netsplit batch type.
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...

Compile tested, needs more testing.
2016-04-15 16:50:43 -05:00
Elizabeth Myers
4f2b9a4fd1
Don't use key member of dictionary iter objects after deletion 2016-04-12 09:43:50 -05:00
Elizabeth Myers
9e5c31ea0d
authproc: fix a typo 2016-04-12 09:37:56 -05:00
Elizabeth Myers
5e9a3f8674
Change the way authd configures opm
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
2016-04-12 09:36:09 -05:00
Mantas Mikulėnas
5eb8ce0679 Merge pull request #183 from grawity/sasl-fail-throttle-v3
limit failed SASL authentication attempts
2016-04-11 22:28:33 +03:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage 2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
834579cecd
m_sasl: fix coding style 2016-04-11 20:12:31 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts 2016-04-11 20:02:09 +03:00
Elizabeth Myers
ed5e1d1e41 send: trim a blank line [ci skip] 2016-04-11 11:52:01 -05:00
Elizabeth Myers
a2b7ef92a1 Make directions more clear for disabling OPM 2016-04-11 11:26:15 -05:00
Elizabeth Myers
c9b6f58349 Name the fallback strncasecmp properly [ci skip] 2016-04-10 17:28:20 -05:00
Elizabeth Myers
ea3168fff8 whoops, fix a typo 2016-04-10 17:26:09 -05:00
Elizabeth Myers
8b813d3060 Replace my shitty fallbacks with those from FreeBSD 2016-04-10 17:25:32 -05:00
Elizabeth Myers
3eb5fee4f1 README: put git command in backticks [ci skip] 2016-04-10 17:15:46 -05:00
Elizabeth Myers
efc4b18c78 *sigh* comment these out until travis is fixed. 2016-04-10 17:12:42 -05:00
Elizabeth Myers
c5514ce8ee Add these for now until travis actually gets their shit together. 2016-04-10 17:07:33 -05:00
Elizabeth Myers
571b7239ab travis: install shtool. 2016-04-10 16:53:40 -05:00
Elizabeth Myers
238db37776 Get rid of install-sh and use shtoolize to create them.
Contributed by jackal^
2016-04-10 16:49:42 -05:00
Elizabeth Myers
e34368b1bc modules/m_set: booleanify. 2016-04-10 10:11:03 -05:00
Elizabeth Myers
9af0d38291 librb: minor adjustments to rb_strcasestr fallback to avoid warnings. 2016-04-10 10:10:46 -05:00
Elizabeth Myers
7a21fb5b34 s_user: clean up authd checks 2016-04-10 10:02:33 -05:00
Elizabeth Myers
2a104d6641 s_user: enhancements to proxy reporting messages 2016-04-10 09:35:02 -05:00
Elizabeth Myers
ce58d2dc61 Remove extraneous whitespace [ci skip] 2016-04-10 09:23:14 -05:00
Elizabeth Myers
d19aab3375 Fix stupid linux warning 2016-04-10 09:22:34 -05:00
Elizabeth Myers
154dc91ef0 Wrap up authd preclient stuff in its own struct 2016-04-10 09:20:51 -05:00
staticfox
02fa4362cd version.c.SH: Fix build
We need stddef.h mainly for NULL
2016-04-09 06:05:08 -04:00
Elizabeth Myers
b14d2bd6ea Formatting fixes for credits
Contributed from jackal^, but fixed up a bit.
2016-04-09 04:55:57 -05:00
Elizabeth Myers
b376d0fd46 Properly clean up build artifacts.
Author: jackal^ from freenode
2016-04-09 04:55:57 -05:00
Elizabeth Myers
4eafa9e62f ipv4_from_ipv6: move to librb 2016-04-08 03:49:23 -05:00
Elizabeth Myers
0807c97e69 elide messages about not checking blacklists or scanning for proxies 2016-04-07 09:45:12 -05:00
Elizabeth Myers
5a22e9259b Fix overzealotry in flags fixing.
These flags are for oper confs, not for client flags.
2016-04-07 07:48:50 -05:00
Elizabeth Myers
66f7fe673b Get rid of flags2.
It seems to come from an era where long long didn't exist and 64-bit
machines weren't common. 32-bit machines are still common but I can't
imagine this will have much performance impact there.

This "fixes" #179 in title only, but see comments within.
2016-04-07 07:40:55 -05:00
Elizabeth Myers
9057170ce8 Cleanup defaults.h config file.
Clean up spaces/tabs mixing mess (bleh), add some defaults for authd
stuff, and get rid of CHARYBDIS_SOMAXCONN (just define SOMAXCONN if it's
available...).
2016-04-07 04:47:48 -05:00
Elizabeth Myers
e791dc6d5e NEWS: add some more relevant items [ci skip] 2016-04-07 04:47:31 -05:00
Elizabeth Myers
7cc09379ac NEWS: move news element down to code changes [ci skip] 2016-04-07 04:21:16 -05:00
Elizabeth Myers
d1478ff205 NEWS: add module changes 2016-04-07 04:19:24 -05:00