Alexander Barton [Sun, 26 Jun 2011 13:24:07 +0000 (15:24 +0200)]
Merge branch 'newconfig'
* newconfig:
sample-ngircd.conf: "SyslogFacility" should be commented out
Move SSL-related configuration variables to new [SSL] section
CheckFileReadable(): only check when a filename is given ...
PAM: make clear which "Password" config option is ignored
Really remove [Features] in our manual pages
INSTALL: document changed location of configuration variables
Update sample config file and manual page for new config structure
Testsuite: update configuration files for new config file format
Display configuration errors more prominent on "--configtest"
conf.c: code cleanup
Check for redability of SSL-related files like for MOTD file
Restructure ngIRCd configuration, introduce [Limits] and [Options]
xor [Fri, 10 Jun 2011 19:39:01 +0000 (21:39 +0200)]
New option to scrub incoming CTCP commands
This patch makes it possible to scrub incomming CTCP commands from
other servers and clients alike. The ngircd oper can enable it from
the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is
default off.
CTCP can be used to profile IRC users (get user clients name and
version, and also their IP addresses). This is not something we like
to happen when user pseudonymity/secrecy is important.
The server silently drops incomming CTCP requests from both other
servers and from users. The server that scrubs CTCP will not forward
the CTCP requests to other servers in the network either, which can
spell trouble if not every oper knows about the CTCP-scrubbing.
Scrubbing CTCP commands also means that it is not possible to send
files between users.
There is one exception to the CTCP scrubbing performed: ACTION ("/me
commands") requests are not scrubbed. ACTION is not dangerous to users
(unless they use OTR, which does not encrypt CTCP requests) and most
users would be confused if they were just dropped.
Alexander Barton [Sat, 25 Jun 2011 12:45:36 +0000 (14:45 +0200)]
Restructure ngIRCd configuration, introduce [Limits] and [Options]
The intention of this restructuring is to make the [Global] section much
cleaner, so that it only contains variables that most installations must
adjust to the local requirements.
All the optional variables are moved to [Limits], for configurable limits
and timers of ngIRCd, and [Options], for optional features.
The old variables in the [Global] section are deprecated now, but still
recognized.
problem is that some clients refuse to connect to severs that only offer
1024. For interoperability it would be best to just use 4096, but that
takes minutes, even on current hardware.
Alexander Barton [Tue, 26 Apr 2011 10:04:22 +0000 (12:04 +0200)]
Merge branch 'master' of git://arthur.barton.de/ngircd-alex
* 'master' of git://arthur.barton.de/ngircd-alex:
Do reverse lookups using the AF of the incoming connection
resolve: fix reverse lookups of client connections with ConnectIPv6=no
resolve: fix reverse lookups of client connections with ConnectIPv6=no
We re-use the same helper function for both forward lookups
(when we want to connect to a peer server) and for validation of reverse
loopups (where we make a lookup on the hostname returned
by a reverse lookup on the IP address that connected).
Problem:
When ConnectIPv6=no, the forward lookup helper sets the adderss family
to AF_INET, and, if out client connected via ipv6, we fail to validate
the result.
Thus move the ConnectIPvX check out of the helper.
Alexander Barton [Sat, 16 Apr 2011 13:18:43 +0000 (15:18 +0200)]
Mac OS X: install on root volume only, and set correct permissions
Update Mac OS X Installer.app description bundle, so that the ngIRCd
package can only be installed on the root volume ("/"); and make sure
that all installed files and directories have correct ownership and
permissions.
Alexander Barton [Sun, 27 Mar 2011 18:56:50 +0000 (20:56 +0200)]
Merge branch 'NoticeAuth'
* NoticeAuth:
Add documentation for "NoticeAuth" configuration option
Configuration: move "NoticeAuth" to GLOBAL section
New configuration option "NoticeAuth": send NOTICE AUTH on connect
Alexander Barton [Sun, 27 Mar 2011 17:33:48 +0000 (19:33 +0200)]
New configuration option "RequireAuthPing": PING-PONG on login
When enabled, this configuration option lets ngIRCd send a PING with an
numeric "token" to clients logging in; and it will not become registered
in the network until the client responds with the correct PONG.
This is used by QuakeNet for example (ircu/snircd), and looks like this:
NICK nick
:irc.example.net PING :1858979527
USER user . . :real name
PONG 1858979527
:irc.example.net 001 nick :Welcome to the Internet Relay Network ...
Alexander Barton [Sat, 19 Mar 2011 16:16:14 +0000 (17:16 +0100)]
Merge branches 'CloakUserHost', 'QuitOnHTTP' and 'bug72-WHOIS-List'
* CloakUserHost:
Add a note not to use a percent sign ("%") in CloakHost variable
Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick
Don't use "the.net" in sample-ngircd.conf, use "example.net"
ngircd.conf.5: document "ClientHost" and "ClientUserNick"
Move "ClientHost" and "ClientUserNick" to end of [Global] section
ClientUserNick setting
ClientHost setting
* QuitOnHTTP:
Only "handle" HTTP commands on unregistered connections
Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd
IRC_QUIT_HTTP(): enhance error message
Move IRC_QUIT_HTTP() below IRC_QUIT()
quit on HTTP commands: GET & POST
* bug72-WHOIS-List:
Add "whois-test" to testsuite and distribution archive
Add support for up to 3 targets in WHOIS queries.
Florian Westphal [Mon, 18 Feb 2008 14:24:01 +0000 (15:24 +0100)]
Add support for up to 3 targets in WHOIS queries.
also allow up to one wildcard query from local hosts.
Follows ircd 2.10 implementation rather than RFC 2812.
At most 10 entries are returned per wildcard expansion.
Alexander Barton [Sat, 12 Feb 2011 22:24:56 +0000 (23:24 +0100)]
Make write buffers bigger, but flush early
This patch
- makes the server write buffer bigger: 64k,
- makes the regular write buffer bigger: 32k,
- tries to flush the write buffer starting at 4K.
Before this patch, a client got disconnected if the buffer flushing at 4k
failed, now regular clients can store up to 32k and servers up 64k even
if flushing is not possible at the moment (e.g. on slow links).
Alexander Barton [Sun, 23 Jan 2011 17:38:36 +0000 (18:38 +0100)]
Better check for invalid IRC+ PASS command
Don't do a NULL-pointer dereference when a remote server using the
IRC+ protocol sends an invalid PASS command without the required
<serverversion> parameter ...
Alexander Barton [Tue, 18 Jan 2011 21:45:01 +0000 (22:45 +0100)]
Allow "Port = 0" in [Server] blocks
Port number 0 marks remote servers that try to connect to this
daemon, but where this daemon never tries to establis a connection
on its own: only incoming connections are allowed.
Alexander Barton [Tue, 18 Jan 2011 21:41:27 +0000 (22:41 +0100)]
conf: fix 'Value of "..." is not a number!' for negative values
Don't use isdigit() function any more, because it only checks the
first character of the variable value and because it doesn't know
about the minus sign which is required e.g. for "Group = -1".
Alexander Barton [Tue, 18 Jan 2011 21:01:27 +0000 (22:01 +0100)]
Don't read MOTD file twice
The MOTD file is read in Read_Config(), so don't read it when handling
the "MotdFile" configuration variable. Instead make sure that it is
initialized properly when (re-)reading the configuration.