Simon Arlott
5ad62c80ee
librb: remove socklen parameter from rb_connect_tcp
2016-04-24 17:11:20 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
...
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.
Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.
Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
65f43a4fc4
ircd: Don't try to connect to servers that we know have an invalid fingerprint
...
This just causes an unnecessary link/squit on the other server.
2016-04-24 11:49:21 +01:00
Simon Arlott
4fbb736202
ssld: add a callback when the connection is opened
...
This allows us to wait until we have the fingerprint information before
continuing with a server connect process.
2016-04-24 11:48:35 +01:00
Simon Arlott
fbbc6aeb00
ssld: send cipher/certfp before proxying any plaintext traffic
2016-04-24 10:39:16 +01:00
Simon Arlott
3085734104
m_stats: display certificate fingerprint in STATS C
2016-04-24 01:06:51 +01:00
Simon Arlott
00039dcddd
m_alias: store a copy of alias->name as it will be freed on a rehash
2016-04-24 00:09:12 +01:00
Simon Arlott
5c317f1313
ircd: parse: add asserts for improper use of mod_add_cmd/mod_del_cmd
2016-04-23 23:56:41 +01:00
Simon Arlott
e8de2bfaf0
modules: add missing break
2016-04-23 23:37:38 +01:00
Simon Arlott
558744e520
ircd: do nothing in client_release_connids if !MyConnect
2016-04-23 23:25:25 +01:00
Simon Arlott
cc02bdf3a6
ircd: fix assert in client_release_connids
...
The connection may have already been closed and MyConnect cleared.
It's only a bug if the connection somehow has connids but is not
our connection.
2016-04-23 23:22:01 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
...
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.
(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Simon Arlott
9e98a842e3
ssld: cipher commands don't have any fds
2016-04-23 22:46:25 +01:00
Simon Arlott
7da82465a8
librb: mbedtls: fix rb_get_ssl_certfp()
...
Add missing break statements.
Return the hash length on success.
2016-04-23 22:45:13 +01:00
Simon Arlott
bf3bcbb5b2
librb: fix mbedtls library order
...
libmbedtls depends on libmbedx509 and libmbedcrypto
libmbedx509 depends on libmbedcrypto
They have to be specified in the correct order for the GNU linker to work.
2016-04-23 22:13:03 +01:00
Simon Arlott
0ae7a89d78
ircd: sslproc: certfp commands have a 9 byte header, not 5 bytes
...
SHA512 hashes were being ignored because the message was too large
2016-04-23 20:52:20 +01:00
Simon Arlott
5a9fa2e2fa
ssld: certfp change commands don't have any fds
2016-04-23 20:46:26 +01:00
William Pitcock
c6098ed357
client: fix up client_release_connids() too, pointed out by lp0
2016-04-23 14:26:01 -05:00
William Pitcock
5c63bfe8b1
client: connid_get() should check MyConnect(), not MyClient().
2016-04-23 14:17:36 -05:00
Simon Arlott
84e3e445aa
mr_server: Report certificate fingerprint mismatches
...
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-04-23 17:37:05 +01:00
Simon Arlott
b49efe577c
mr_server: Handle unknown error codes
...
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-04-23 17:37:04 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip]
2016-04-23 17:57:07 +03:00
Simon Arlott
e7c4cf63bc
authproc: set GOT_ID flag when an ident response is received
2016-04-23 15:41:27 +01:00
staticfox
1729f46eab
authd: Avoid negative array indices
2016-04-22 23:06:42 -04:00
Elizabeth Myers
7445ece1d1
Revert "Implement the netsplit batch type."
...
This needs more work, see
https://github.com/ircv3/ircv3-specifications/issues/253
This reverts commit 2373891299
.
2016-04-16 11:05:00 -05:00
Elizabeth Myers
2373891299
Implement the netsplit batch type.
...
This also lays the groundwork for the netjoin batch type, but that isn't
implemented yet. I don't like how some of this is implemented but it'll
have to do for now...
Compile tested, needs more testing.
2016-04-15 16:50:43 -05:00
Elizabeth Myers
4f2b9a4fd1
Don't use key member of dictionary iter objects after deletion
2016-04-12 09:43:50 -05:00
Elizabeth Myers
9e5c31ea0d
authproc: fix a typo
2016-04-12 09:37:56 -05:00
Elizabeth Myers
5e9a3f8674
Change the way authd configures opm
...
It's a bit of a hack, but better than before. Rather than rehashing
(which could get us into an endless loop), we now segregate the
configuration phase (creating entries ircd-side in case we restart authd
later) and sending phases (when configure_authd() is called). Since we
have to call configure_authd() no matter what (to send timeouts etc.)
and we have to send this data to configure authd anyway, and sending
duplicate data is bad, this is the only way I can think of for now.
2016-04-12 09:36:09 -05:00
Mantas Mikulėnas
5eb8ce0679
Merge pull request #183 from grawity/sasl-fail-throttle-v3
...
limit failed SASL authentication attempts
2016-04-11 22:28:33 +03:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage
2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
834579cecd
m_sasl: fix coding style
2016-04-11 20:12:31 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts
2016-04-11 20:02:09 +03:00
Elizabeth Myers
ed5e1d1e41
send: trim a blank line [ci skip]
2016-04-11 11:52:01 -05:00
Elizabeth Myers
a2b7ef92a1
Make directions more clear for disabling OPM
2016-04-11 11:26:15 -05:00
Elizabeth Myers
c9b6f58349
Name the fallback strncasecmp properly [ci skip]
2016-04-10 17:28:20 -05:00
Elizabeth Myers
ea3168fff8
whoops, fix a typo
2016-04-10 17:26:09 -05:00
Elizabeth Myers
8b813d3060
Replace my shitty fallbacks with those from FreeBSD
2016-04-10 17:25:32 -05:00
Elizabeth Myers
3eb5fee4f1
README: put git command in backticks [ci skip]
2016-04-10 17:15:46 -05:00
Elizabeth Myers
efc4b18c78
*sigh* comment these out until travis is fixed.
2016-04-10 17:12:42 -05:00
Elizabeth Myers
c5514ce8ee
Add these for now until travis actually gets their shit together.
2016-04-10 17:07:33 -05:00
Elizabeth Myers
571b7239ab
travis: install shtool.
2016-04-10 16:53:40 -05:00
Elizabeth Myers
238db37776
Get rid of install-sh and use shtoolize to create them.
...
Contributed by jackal^
2016-04-10 16:49:42 -05:00
Elizabeth Myers
e34368b1bc
modules/m_set: booleanify.
2016-04-10 10:11:03 -05:00
Elizabeth Myers
9af0d38291
librb: minor adjustments to rb_strcasestr fallback to avoid warnings.
2016-04-10 10:10:46 -05:00
Elizabeth Myers
7a21fb5b34
s_user: clean up authd checks
2016-04-10 10:02:33 -05:00
Elizabeth Myers
2a104d6641
s_user: enhancements to proxy reporting messages
2016-04-10 09:35:02 -05:00
Elizabeth Myers
ce58d2dc61
Remove extraneous whitespace [ci skip]
2016-04-10 09:23:14 -05:00
Elizabeth Myers
d19aab3375
Fix stupid linux warning
2016-04-10 09:22:34 -05:00
Elizabeth Myers
154dc91ef0
Wrap up authd preclient stuff in its own struct
2016-04-10 09:20:51 -05:00