0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-18 07:50:57 +01:00
Commit graph

311 commits

Author SHA1 Message Date
Aaron Jones
9d6b870d7b
[Documentation] Increase bitlength recommendation for DH parameters
Also clarify the behaviour of TLS backends and the consequences for
not providing any parameters at all.

[ci skip]
2016-05-05 04:20:16 +00:00
Aaron Jones
70a70462e5
[Documentation] Reflect that ssl_private_key is now optional
[ci skip]
2016-05-05 04:20:07 +00:00
Simon Arlott
7380ded584
ircd.conf.example: use certfp_method = spki_sha256
SHA1 is insecure. SHA2-512 is a bit long. Hashes of the full certificate
are really impractical and people need to stop using them.
2016-04-25 23:52:18 +01:00
Simon Arlott
dc986b5468
sslproc: prefix SPKI certfp types to distinguish them from CERT 2016-04-25 20:12:27 +01:00
Simon Arlott
d4214e9445
ircd: server connection configuration
Fix the server connection configuration so that it can simultaneously
handle a hostname/IPv4/IPv6 for connecting and a hostname/IPv4/IPv6
for binding. Maintains backwards compatibility for matching a hostname
with a mask.

Multiple host/vhost entries can be specified and the last value for
each address family is stored. Hostnames that resolve automatically
overwrite the IP address.

Server connections can now be made to either IPv4 or IPv6 at random
as well as preferring a specific address family.
2016-04-24 17:06:24 +01:00
Simon Arlott
cf430c1a40
ssld: Add new certfp_methods spki_sha256 and spki_sha512
These operate on the SubjectPublicKeyInfo of the certificate, which does
change unless the private key is changed. This allows the fingerprint to
stay constant even if the certificate is reissued.

(The same fingerprint is also used by DANE)
2016-04-23 22:51:05 +01:00
Mantas Mikulėnas
3bb3dcf7f5
doc: fix whitespace in example configs [ci skip] 2016-04-23 17:57:07 +03:00
Elizabeth Myers
a2b7ef92a1 Make directions more clear for disabling OPM 2016-04-11 11:26:15 -05:00
Elizabeth Myers
cfb9253671 Update warnings in the opm default configs [ci skip] 2016-04-02 23:42:23 -05:00
Elizabeth Myers
4dbed1ed61 conf: in OPM, it's listen_port, not port. [ci skip] 2016-04-02 19:53:24 -05:00
Elizabeth Myers
eb0814b3cb opm: add support for HTTPS CONNECT proxies.
TBD: do we need an SSL listener for these?
2016-04-02 18:38:21 -05:00
Elizabeth Myers
0ed0a9fe0a Move m_locops module to extensions.
Many networks do not use local ops and therefore should not be required
to have this around all the time.
2016-04-02 05:20:30 -05:00
Elizabeth Myers
9bba0f6143 opm: add adjustable timeout values 2016-04-02 03:33:27 -05:00
Elizabeth Myers
fabe8b94c5 Add HTTP CONNECT proxy scanning 2016-04-02 03:11:30 -05:00
Elizabeth Myers
81a05933bf add proxy_exempt to conf files 2016-04-02 02:49:38 -05:00
Elizabeth Myers
51fa2ab8a3 opm: allow scanners to be configurable 2016-04-02 02:29:48 -05:00
Elizabeth Myers
8275e2700d Add opm stuff to default configs 2016-04-01 04:11:04 -05:00
Elizabeth Myers
f105844aad StaticBox is dead, so let's not reference it in the conf files. 2016-04-01 03:45:45 -05:00
Matt Ullman
5c0df0e743 doc: Cleanup trailing whitespace 2016-03-29 10:09:52 -04:00
Aaron Jones
ed2efe7664
Add extb_usermode module to example configuration files
[ci skip]
2016-03-28 03:29:57 +01:00
Aaron Jones
6c5fa2f6b3
Document extb_usermode module
[ci skip]
2016-03-28 03:28:12 +01:00
William Pitcock
1859e9d7d7 ircd: remove basically entirely pointless ServerInfo.hub (closes #167) 2016-03-19 23:05:07 -05:00
Elizabeth Myers
0e1f366732 reference.conf: fix me being an incompetent fuckwit.
Blind search and replace ruined this file. Remember to check your
regexes, people.
2016-03-12 20:27:37 -06:00
Elizabeth Myers
9abdcf1c64 modules: can .la suffix.
.la archives are prohibited by most Linux distributions because they
clutter up the linker. They may get caught up as victims in scripts that
purge .la files. Besides, .la files don't matter for simple loadable
modules on most systems.

So, what we do now instead is just use the platform suffix detected by
libtool.
2016-03-12 20:10:46 -06:00
William Pitcock
f2d5cea00a modules: remove explicit CPRIVMSG/CNOTICE, this has been obsolete for a long time 2016-03-10 02:13:43 -06:00
Elizabeth Myers
a5c46d31e4 Ginormous docs cleanup.
Purge a lot of really old and obsolete documents, and merge some together
where possible. Lots of efnet docs and the old ircd-ratbox manpage (lol)
was purged.

Reorganise everything nice and neatly as possible. Things describing
features can be found in features/, and some more technical documents
were moved to techinical/.

Old credits file was consolidated into credits-past.txt, and a reference
was added to it in the credits.
2016-03-05 22:39:50 -06:00
William Pitcock
9ea48ec30a remove presupplied autotools files 2016-03-05 17:47:48 -06:00
William Pitcock
c678fbc08b ircd: remove broken USE_IODEBUG_HOOKS knob and related code 2016-02-20 12:02:49 -06:00
Valerii Iatsko
5203cba5ce Remove libratbox's snprintf.c, update related ircd code 2016-02-10 02:25:32 +01:00
William Pitcock
71c955336e ircd: add general::hide_opers_in_whois to simulate ircd-seven operhide 2016-01-15 13:38:40 -06:00
William Pitcock
4d21f1e8e0 extensions/helpops: new module, implementing a helpops system.
if loaded, this module takes over /stats p, and displays people who are umode +H.
to get umode +H, one must have the "usermode:helpops" permission.
2016-01-14 08:08:40 -06:00
William Pitcock
14482679ce ircd: channel: implement an option to strip color codes from channel topics 2016-01-13 17:05:41 -06:00
William Pitcock
e118f2d431 extensions/chm_operpeace: new module which disallows kicking of operators on select channels 2016-01-13 16:52:56 -06:00
William Pitcock
88c48be58c extensions/sno_globalnickchange: import from ircd-seven 2016-01-12 07:10:39 -06:00
William Pitcock
15feac531c ircd: implement support for remote module load/unload/etc commands 2016-01-12 00:37:54 -06:00
William Pitcock
cc7ae51cdc Allow remote DIE and RESTART (from ircd-seven) 2016-01-12 00:04:54 -06:00
William Pitcock
a4721f5e9f ircd: implement EXTENDCHANS, based on ircd-seven (with some improvements from chatircd) 2016-01-11 23:32:23 -06:00
William Pitcock
fe749d3709 ircd: implement GRANT subsystem based on ircd-seven 2016-01-11 23:02:03 -06:00
William Pitcock
9e45a5ca19 buildsystem: further cleanup 2016-01-08 07:01:00 -06:00
William Pitcock
f0718c93d5 configure: use correct path for libltdl 2016-01-08 06:50:01 -06:00
William Pitcock
5164a68650 buildsystem: update Makefile.in's 2016-01-08 05:20:32 -06:00
Aaron Jones
d8c4154da2 Fix LTDL conditional, remove some unnecessary and/or ugly configure tests 2016-01-07 17:15:55 +00:00
William Pitcock
d76258f559 modules: revert lt_dlopenext() change 2016-01-06 01:57:24 -06:00
William Pitcock
79b525052b doc: fix make install 2016-01-06 01:34:41 -06:00
William Pitcock
30da589e9e modules: use lt_dlopenext() to make the config look nicer 2016-01-06 01:33:33 -06:00
William Pitcock
2a19fc3f57 general: remove last vestiges of static modules support (this hasn't ever actually worked...) 2016-01-06 01:28:20 -06:00
William Pitcock
0fa09b8024 documentation updates for libltdl 2016-01-05 21:41:03 -06:00
William Pitcock
c52df12552 buildsystem: convert to automake + libtool 2016-01-05 21:20:25 -06:00
William Pitcock
d513218a9e LIST: allow channel display threshold to be configured (closes #109) 2015-12-26 22:23:28 -06:00
William Pitcock
c1725bda3c ssl: allow cipher list to be overridden (closes #67) 2015-12-12 07:50:48 -06:00
William Pitcock
63eb8567cb implement configurable channel modes (closes #31)
While functionally compatible with the implementation in ElementalIRCd, our approach is different,
specifically pre-calculating the bitmask at config load time.  This is more efficient, and allows us
to report errors as part of the configuration phase.
2015-12-11 15:36:53 -06:00
William Pitcock
98c645cadb document extb_combi and extb_hostmask bans (closes #74) 2015-12-10 02:27:08 -06:00
William Pitcock
7801d174d7 Revert "extban: implement helper functions for stackable extbans (part 1) (ref #74)"
This reverts commit 304bd0d095.
2015-12-10 02:19:21 -06:00
William Pitcock
304bd0d095 extban: implement helper functions for stackable extbans (part 1) (ref #74) 2015-12-10 01:33:30 -06:00
William Pitcock
13d8f0edba allow certfp method to be configured 2015-12-07 01:49:30 -06:00
Andrew Wilcox
5f8fb56d02 Revert "remove MONITOR for now pending a complete rewrite"
This reverts commit 87fa262fec.
2015-10-15 17:31:55 -05:00
William Pitcock
87fa262fec remove MONITOR for now pending a complete rewrite 2015-10-15 09:39:48 -05:00
Aaron Jones
c9b5cd623b Remove network_desc configuration option, never actually used anywhere 2015-03-26 14:46:54 -05:00
William Pitcock
c021aafd66 ircd manpage: remove references to ircd.conf(5) (closes #91) 2015-03-22 16:42:11 -05:00
rnjohnson18
3514f17e98 Change example.conf to ircd.conf.example 2015-03-08 19:16:36 -05:00
William Pitcock
bb2a50509a config: further EGD removal 2015-03-01 01:06:58 -06:00
William Pitcock
654caa84fb ircd.conf.example: explain DH parameters size better (closes #68) 2015-02-18 12:36:00 -06:00
Max Teufel
7d33cce8ef m_sasl: add configuration option for the nick of the SASL agent
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Mantas Mikulėnas
423d875b7f doc/sasl.txt: forgot to wrap lines and sort references 2014-09-08 22:37:40 +03:00
Mantas Mikulėnas
f3319b3b2e doc/sasl.txt: drop dead links, add links to IRCv3 spec and relevant SASL RFCs 2014-09-08 22:27:36 +03:00
Max Teufel
b3c4dfd7f2 example configs: change ssl_cert to etc/ssl.pem
The genssl script writes to etc/ssl.pem by default.
2014-07-13 18:12:54 +02:00
Jilles Tjoelker
f6b62c59bb Chase change from example.conf to ircd.conf.example in various places. 2014-06-12 23:43:05 +02:00
Jilles Tjoelker
d0c2fc8266 server: Require EX and IE capabilities (+e and +I cmodes).
The code to send each channel mode only to servers supporting it was
broken a while ago and was not very useful anyway. Therefore, require
all connecting servers to support all standard channel modes.
2014-05-29 16:24:42 +02:00
Jilles Tjoelker
a0998bcdd7 example confs: Remove AHBL blacklists, which are no longer available. 2014-04-06 12:34:03 +02:00
Jilles Tjoelker
4229cef34c doc/extban: Correct description of EXTBAN token in 005.
The change from EXTBAN=$:<types> to EXTBAN=$,<types> was made later on
and the documentation was not adjusted.
2014-03-01 18:16:40 +01:00
Jilles Tjoelker
a5de4edefd doc/ts6-protocol: Document ETB message (EOPMOD capab). 2014-02-22 17:45:42 +01:00
Mantas Mikulėnas
9337f5ce45 doc/ts6-protocol: Correct the mode letter for termination 2014-01-12 21:17:52 +02:00
Jilles Tjoelker
cba8bbc3fc Use RFC5737 and RFC3849 addresses in example confs.
There are IPv4 and IPv6 ranges reserved for documentation and example code;
use these to minimize the risk if someone accidentally uses an unmodified
example conf.
2013-10-06 19:39:30 +02:00
Jilles Tjoelker
364e59f82a whowas: Use the normal rules for IP visibility.
Add the flags (auth{} spoof, dynamic spoof) to struct Whowas and add a
show_ip_whowas().

Normal users now see IPs of unspoofed users, and remote opers can see IPs
behind dynamic spoofs. Also, general::hide_spoof_ips is now applied when
the IP is shown, not when the client exits.
2013-09-14 12:26:32 +02:00
Jilles Tjoelker
7a9a9000b7 Enable remote WHOWAS queries.
On ircd-seven, this will allow remote opers to see certain hidden IPs.
2013-09-13 22:29:26 +02:00
Quora Dodrill
792ddf977e doc: fix name of sample config again 2013-08-24 09:41:00 -05:00
Quora Dodrill
e3b534df81 doc: Example configuration renamed to ircd.conf.example
This is to follow the precident set by Atheme's atheme.conf.example file. Since the ircd now fails to start on a non-existant configuration file, seeing that message would make one know where to look.
2013-07-09 20:01:16 -07:00
Alex Iadicicco
ef861b0567 Mention channel name parameter to SJOIN in ts6-protocol.txt 2013-05-15 00:27:40 -07:00
Jilles Tjoelker
0ef5377a36 Rename m_nokillservices.so to no_kill_services.so per the naming scheme. 2013-04-27 17:00:10 +02:00
Elizabeth Myers
f0bce9d95d Tweak docs.
Also, last commit fixes #16. :p
2013-04-20 20:52:34 -05:00
Elizabeth Myers
3c93d380e0 Add support for multiple forms of blacklist queries using matches.
It supports both literal and last octet matches from the dnsbl.
If matches is not present, the old behaviour is used.
2013-04-20 20:49:11 -05:00
Elizabeth Myers
15d7a31134 Add m_nokillservices to documentation 2013-04-20 01:14:54 -05:00
Jilles Tjoelker
f09c28e18f reference.conf: Correct description of general::client_exit.
It prefixes with "Quit: ", not "Client exit: ".
2013-01-01 18:07:37 +01:00
William Pitcock
f0c778d701 Merge pull request #2 from TheChrisAM/patch-1
Adding auth_user documentation for auth {} blocks.
2012-07-30 10:00:49 -07:00
Jilles Tjoelker
2b121c81f5 reference.conf: Extend documentation for max_number in server classes. 2012-07-28 15:31:44 +02:00
TheChrisAM
f9bb3e0d72 Adding auth_user documentation for auth {} blocks. 2012-05-31 21:26:52 -03:00
Jilles Tjoelker
1e23af243b Fix null value for EUID account name in TS6 protocol document. 2012-04-30 18:32:04 +02:00
Jilles Tjoelker
8f5402d369 reference.conf: Remove need_ident from *@* auth block.
Few people want need_ident for everyone these days, so remove it from
reference.conf. It was not in example.conf.
2012-03-29 22:41:24 +02:00
Keith Buck
330692a1f2 Add option to immediately apply nick RESVs by FNC'ing. 2012-03-25 01:34:45 +00:00
William Pitcock
02270e9602 Add listen::defer_accept option for controlling usage of TCP_DEFER_ACCEPT option. 2012-03-17 10:00:39 -05:00
Jilles Tjoelker
755c144eb6 Specify more about IP addresses in TS6 protocol document. 2012-03-13 22:41:39 +01:00
Jilles Tjoelker
eda3590ea0 Fix RSFNC parameter order in TS6 protocol document. 2012-03-07 00:39:03 +01:00
Nathan Phillip Brink
634d4aad72 Fix inconsistency between --sysconfdir and --with-confdir, deprecate --with-confdir.
The inconsistency was created in
c74836dc4a where genssl.sh.in was made
to use sysconfdir while the IRCd and buildsystem still used confdir.
2012-03-02 01:11:42 +00:00
Nathan Phillip Brink
c74836dc4a Add explicit support for being installed into a system triggered with --enable-fhs-paths.
Add two mechanism for avoiding name-collisions in a system-wide
installation of charybdis. The ssld and bandb daemons, intended to be
directly used by ircd and not the user, install into libexec when
--enable-fhs-paths is set. For binaries which are meant to be in PATH
(bindir), such as ircd and viconf, there is now an option
--with-program-prefix=progprefix inspired by automake. If the user
specifies --with-program-prefix=charybdis, the ircd binary is named
charybdisircd when installed.

Add support for saving the pidfile to a rundir and storing the ban
database in localstatedir instead of in sysconfdir. This is, again,
conditional on --enable-fhs-paths.

Fix(?) genssl.sh to always write created SSL key/certificate/dh
parameters to the sysconfdir specified during ./configure. The
previous behavior was to assume that the user ran genssl.sh after
ensuring that his current working directory was either sysconfdir or a
sibling directory of sysconfdir.
2012-03-01 02:41:09 +00:00
Jilles Tjoelker
d42e6915cf Pace aways.
This becomes important because of away-notify sending aways to common
channels much like nick changes (which are also paced).

Marking as unaway is not limited (but obviously only does something if the
user was away before). To allow users to fix typos in away messages, two
aways are allowed in sequence if away has not been used recently.
2012-02-18 16:32:57 +01:00
Keith Buck
e88a1f1b15 Add ratelimit for high-bandwidth commands. 2012-02-18 03:54:44 +00:00
Keith Buck
c5bbc60375 Add away-notify client capability. 2012-02-14 14:15:44 +00:00
Jilles Tjoelker
adcec062ce 'monitor s' output does not end with RPL_ENDOFMONLIST. 2011-12-21 21:29:46 +01:00
Jilles Tjoelker
b225bf93b7 Change default --with-nicklen to 31, like atheme-services. 2011-11-29 23:32:10 +01:00
William Pitcock
b583faf970 Add support for customizing the usable nick length.
This adds a new ISUPPORT token, NICKLEN_USABLE which is strictly an informative value.
NICKLEN is always the maximum runtime NICKLEN supported by the IRCd, as other servers may
have their own usable NICKLEN settings.  As NICKLEN_USABLE is strictly informative, and
NICKLEN is always the maximum possible NICKLEN, any clients which depend on NICKLEN for
memory preallocation will be unaffected by runtime changes to NICKLEN_USABLE.

The default NICKLEN is 50; the default serverinfo::nicklen in the config file is set to
30, which is the NICKLEN presently used on StaticBox.
2011-11-29 16:10:21 -06:00