Alexander Barton [Sat, 13 Aug 2011 19:04:01 +0000 (21:04 +0200)]
Merge branch 'ServerMode'
* ServerMode:
Handle channel user modes 'a', 'h', and 'q' from remote servers
Handle unknown channel modes on server links
Handle unknown user modes on server links
IRC_MODE(), Client_Mode(): code cleanup [2/2]
Enlarge client user mode buffer, reduce client flags buffer
Infom clients when other servers change their user modes
IRC_MODE(), Client_Mode(): code cleanup [1/2]
Xcode requires Mac OS X 10.6 or newer; Xcode 4 supports this project
format as well, so effectively you can use Mac OS X 10.6.x or 10.7.x
for building ngIRCd with the Apple Xcode IDE.
Handle channel user modes 'a', 'h', and 'q' from remote servers
These channel user modes aren't used for anything at the moment, but
ngIRCd knows that these three modes are "channel user modes" and not
"channel modes", that is that these modes take an "nick name" argument.
Like unknown user and channel modes, these modes are saved and forwarded,
but ignored otherwise.
Enlarge client user mode buffer, reduce client flags buffer
We have to enlage our user mode buffer, so we can handle even unknown
user modes in the future; and reduce the client flags buffer, because
I can't imagine why we ever would need ~100 flags!?
Now we support up to 15 user modes (was: 8) and up to 15 flags (was: 99).
So in the end, we even save 99-15+8-15=77 bytes for each client structure!
Alexander Barton [Sat, 30 Jul 2011 16:47:58 +0000 (18:47 +0200)]
Testsuite: make getpid.sh work even when run as root
Use ps(1) flag "-a" (as well as "-f"):
"Select all processes except both session leaders (see getsid(2)) and
processes not associated with a terminal."
Thanks to Götz Hoffart for reporting this problem!
Alexander Barton [Tue, 19 Jul 2011 14:00:55 +0000 (16:00 +0200)]
Spoofed prefixes: close connection on non-server links only
On server-links, spoofed prefixes can happen because of the asynchronous
nature of the IRC protocol. So don't break server-links, only log a message
and ignore the command.
This fixes bug 113, see:
<https://arthur.barton.de/bugzilla/show_bug.cgi?id=113>
Alexander Barton [Sun, 10 Jul 2011 12:45:33 +0000 (14:45 +0200)]
MorePrivacy: Don't register WHOWAS information
Citing an email from Florian to the ngIRCd mailing list:
"I wonder what the expected behaviour is when Conf_MorePrivacy is changed
from 'yes' to 'no' and the config is reloaded.
At the moment, WHOWAS will start giving out information on Users that
were connected during Conf_MorePrivacy=yes period. If this is not
wanted, Client_RegisterWhowas() should be changed to not store a record
when Conf_MorePrivacy is enabled."
Alexander Barton [Tue, 28 Jun 2011 11:48:33 +0000 (13:48 +0200)]
GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime
For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e.
This patch enables ngIRCd to accept incoming connections from other servers
and clients that use at least 1024 bits (and no longer requires 2048 for
incoming connections, too).
Alexander Barton [Sun, 26 Jun 2011 13:24:07 +0000 (15:24 +0200)]
Merge branch 'newconfig'
* newconfig:
sample-ngircd.conf: "SyslogFacility" should be commented out
Move SSL-related configuration variables to new [SSL] section
CheckFileReadable(): only check when a filename is given ...
PAM: make clear which "Password" config option is ignored
Really remove [Features] in our manual pages
INSTALL: document changed location of configuration variables
Update sample config file and manual page for new config structure
Testsuite: update configuration files for new config file format
Display configuration errors more prominent on "--configtest"
conf.c: code cleanup
Check for redability of SSL-related files like for MOTD file
Restructure ngIRCd configuration, introduce [Limits] and [Options]
xor [Sun, 19 Jun 2011 04:08:33 +0000 (06:08 +0200)]
New configuration opion "MorePrivacy" to "censor" some user information
this patch contains:
* Fix for Conf_CloakUserToNick to make it conceal user details
* Adds MorePrivacy-feature
MorePrivacy censors some user information from being reported by the
server. Signon time and idle time is censored. Part and quit messages
are made to look the same. WHOWAS requests are silently dropped. All
of this is useful if one wish to conceal users that access the ngircd
servers from TOR or I2P.
xor [Fri, 10 Jun 2011 19:39:01 +0000 (21:39 +0200)]
New option to scrub incoming CTCP commands
This patch makes it possible to scrub incomming CTCP commands from
other servers and clients alike. The ngircd oper can enable it from
the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is
default off.
CTCP can be used to profile IRC users (get user clients name and
version, and also their IP addresses). This is not something we like
to happen when user pseudonymity/secrecy is important.
The server silently drops incomming CTCP requests from both other
servers and from users. The server that scrubs CTCP will not forward
the CTCP requests to other servers in the network either, which can
spell trouble if not every oper knows about the CTCP-scrubbing.
Scrubbing CTCP commands also means that it is not possible to send
files between users.
There is one exception to the CTCP scrubbing performed: ACTION ("/me
commands") requests are not scrubbed. ACTION is not dangerous to users
(unless they use OTR, which does not encrypt CTCP requests) and most
users would be confused if they were just dropped.
Alexander Barton [Sat, 25 Jun 2011 12:45:36 +0000 (14:45 +0200)]
Restructure ngIRCd configuration, introduce [Limits] and [Options]
The intention of this restructuring is to make the [Global] section much
cleaner, so that it only contains variables that most installations must
adjust to the local requirements.
All the optional variables are moved to [Limits], for configurable limits
and timers of ngIRCd, and [Options], for optional features.
The old variables in the [Global] section are deprecated now, but still
recognized.
problem is that some clients refuse to connect to severs that only offer
1024. For interoperability it would be best to just use 4096, but that
takes minutes, even on current hardware.
Alexander Barton [Tue, 26 Apr 2011 10:04:22 +0000 (12:04 +0200)]
Merge branch 'master' of git://arthur.barton.de/ngircd-alex
* 'master' of git://arthur.barton.de/ngircd-alex:
Do reverse lookups using the AF of the incoming connection
resolve: fix reverse lookups of client connections with ConnectIPv6=no
resolve: fix reverse lookups of client connections with ConnectIPv6=no
We re-use the same helper function for both forward lookups
(when we want to connect to a peer server) and for validation of reverse
loopups (where we make a lookup on the hostname returned
by a reverse lookup on the IP address that connected).
Problem:
When ConnectIPv6=no, the forward lookup helper sets the adderss family
to AF_INET, and, if out client connected via ipv6, we fail to validate
the result.
Thus move the ConnectIPvX check out of the helper.
Alexander Barton [Sat, 16 Apr 2011 13:18:43 +0000 (15:18 +0200)]
Mac OS X: install on root volume only, and set correct permissions
Update Mac OS X Installer.app description bundle, so that the ngIRCd
package can only be installed on the root volume ("/"); and make sure
that all installed files and directories have correct ownership and
permissions.
Alexander Barton [Sun, 27 Mar 2011 18:56:50 +0000 (20:56 +0200)]
Merge branch 'NoticeAuth'
* NoticeAuth:
Add documentation for "NoticeAuth" configuration option
Configuration: move "NoticeAuth" to GLOBAL section
New configuration option "NoticeAuth": send NOTICE AUTH on connect
Alexander Barton [Sun, 27 Mar 2011 17:33:48 +0000 (19:33 +0200)]
New configuration option "RequireAuthPing": PING-PONG on login
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.
This is used by QuakeNet for example (ircu/snircd), and looks like this:
NICK nick
:irc.example.net PING :1858979527
USER user . . :real name
PONG 1858979527
:irc.example.net 001 nick :Welcome to the Internet Relay Network ...
Alexander Barton [Sat, 19 Mar 2011 16:16:14 +0000 (17:16 +0100)]
Merge branches 'CloakUserHost', 'QuitOnHTTP' and 'bug72-WHOIS-List'
* CloakUserHost:
Add a note not to use a percent sign ("%") in CloakHost variable
Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick
Don't use "the.net" in sample-ngircd.conf, use "example.net"
ngircd.conf.5: document "ClientHost" and "ClientUserNick"
Move "ClientHost" and "ClientUserNick" to end of [Global] section
ClientUserNick setting
ClientHost setting
* QuitOnHTTP:
Only "handle" HTTP commands on unregistered connections
Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd
IRC_QUIT_HTTP(): enhance error message
Move IRC_QUIT_HTTP() below IRC_QUIT()
quit on HTTP commands: GET & POST
* bug72-WHOIS-List:
Add "whois-test" to testsuite and distribution archive
Add support for up to 3 targets in WHOIS queries.