Alexander Barton [Sun, 13 Sep 2009 22:25:48 +0000 (00:25 +0200)]
Always use get{addr|name}info() when available
Both getaddrinfo() and getnameinfo() are now used always when available, and
not only when compiling ngIRCd with support for IPv6.
This not only enables ngIRCd to handle multiple addresses per hostname when
compiled without support for IPv6, but fixes binding ngIRCd to IP addresses
on Mac OS X (and probably other BSD-based systems) as well: these systems
require that sockaddr_in is zeroed out and sockaddr_in.sin_len is set to
sizeof(sockaddr_in) like that:
But this would break all the systems not using sockaddr_in.sin_len, for
example Linux -- so we assume that all these systems provide getaddrinfo()
and use that for now.
Alexander Barton [Fri, 11 Sep 2009 22:17:42 +0000 (00:17 +0200)]
Fix cb_connserver() to handle aborted outgoing connections
A configured server could have been removed while a connection apptempt
is still in progress. So the cb_connserver() callback has to test if the
server configuration record is still valid.
the wrong sizeof() usage fixed in d76910ce7b9fad5679b7c614ed086e036560e37d
(conn.c: fix resolver server address backlog) was a bit more
widespread, fix all others, too.
fix the following warning generated by valgrind if ipv6 is enabled:
Syscall param write(buf) points to uninitialised byte(s)
at 0x4000982: (within /lib/ld-2.9.so)
by 0x80681A8: Resolve_Name (resolve.c:477)
by 0x805439F: Conn_Handler (conn.c:1658)
by 0x804AA7C: main (ngircd.c:331)
The warning is because ng_ipaddr_t can be a union, and only the
necessary parts are initialised. The callers know what part
of the union is valid, so this is not a bug.
if more than one ip address is returned for a single host
name, ngircd is supposed to try other addresses in case
connect() to the first address returned fails for some
reason.
Alexander Barton noticed that this did not work at all,
as the additional results were not stored.
This patch fixes --with-openssl and --with-gnutls and enables both to
accept path names, so that you can use "./configure --with-XXX=/path".
All the other --with-XXX parameters support this already.
Alexander Barton [Sun, 16 Aug 2009 14:08:21 +0000 (16:08 +0200)]
Use AM_SILENT_RULES([yes]), if available
Starting with GNU automake 1.11 "AM_SILENT_RULES([yes])" is available to
make the build process less verbose ("Linux 2.6 style") which helps to
spot warning and error messages.
Syslog support: yes Enable debug code: no
zlib compression: yes IRC sniffer: no
Use TCP Wrappers: no Strict RFC mode: no
Zeroconf support: no IRC+ protocol: yes
IDENT support: no I/O backend: "poll()"
IPv6 protocol: no SSL support: no
Alexander Barton [Fri, 17 Jul 2009 14:16:04 +0000 (16:16 +0200)]
Client_CheckID(): fix connection information
This patch fixes the following silly log messages:
'ID "XXX" already registered (on connection -1)!'
If the ID is already registered on a local connection, the local
connection ID is printed; and if the ID is connected via a remote
server, "via network" is displayed.
Florian Westphal [Mon, 25 May 2009 20:25:18 +0000 (22:25 +0200)]
enforce upper limit on maximum number of handled commands
reported on #ngircd: pasting lots of lines into a channel can kill off
many people on the channel if the read buffer is drained quickly enough
and the client-side TCP can't keep up with the incoming data.
This implements a throttling scheme:
- an irc client may send up to 3 commands per second before a one second
pause is enforced.
- an irc client may send up to 256 bytes per second before a one second
pause is enforced.
After discussion with Alexander Barton, server <-> server links are
treated specially: There is no artificial limit on the number of bytes
sent per second, and up to 10 commands are processed per second before
a pause is enforced.
It may be neccessary to make those limits tuneable to accomondate larger
networks, but for now they are compile time values.
Florian Westphal [Sun, 17 May 2009 19:32:53 +0000 (21:32 +0200)]
conn.c: fix NumConnections imbalance
New_Server() can call Conn_Close() in its error paths,
but that function decrements the number of current active
connections. Thus we need to increment it earlier.
security: fix remotely triggerable crash in SSL/TLS code
When a server is running with SSL/TLS support compiled in,
it is trivial to crash the server by sending an MOTD request
via another server in the network.
- ONLY servers without ssl/tls support compiled in are not affected.
Disabling SSL in the configuration (no ssl listening ports, etc)
does NOT help.
- servers that are running standalone (i.e., not connected to any
other servers) are not affected, either.
This affects all ngircd releases since ngircd 13 (earlier versions
have no SSL/TLS support).
Alexander Barton [Wed, 29 Apr 2009 00:13:27 +0000 (02:13 +0200)]
Debian: build ngircd-full-dbg package
In addition to the "ngircd" and "ngircd-full" packages a new package named
"ngircd-full-dbg" is build: this package contains all the features of the
"full" package but includes debug code and both the --debug and --sniffer
options and the resulting binaries are _not_ stripped.
When ngircd announces the list of currently known servers
to a new (connecting) server, it sent the introducer of
the servers instead of the top server.
When irc4 connects to irc3, irc3 tells irc4 that irc5 was
connected to irc2. (irc2 had introduced irc5 to irc3; but thats
not what ngircd should have sent to the new server).
Alexander Barton [Fri, 10 Apr 2009 11:22:03 +0000 (13:22 +0200)]
Display IPv6 addresses as "[<addr>]" when accepting connections.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when
accepting new connections and later, if no successful DNS lookup could
be made (or DNS is disabled altogether).
Alexander Barton [Sun, 29 Mar 2009 14:37:06 +0000 (16:37 +0200)]
Updated Debian/Linux init script
- PidFile, ServerUID and ServerGID are read from actual server configuration
- Exit code and behaviour is more LSB compliant
- New "status" and "test" sub-functions
Don't echo multiple syntax error messages (461) on invalid commands,
but break after the first one.
In addition, this solves corrupted 'Unknown mode "+' messages.
TLS/SSL: remove useless error message when ssl connection is closed
When using OpenSSL, the following annoying "error" message was logged whenever
an encrypted connection was shut down in a orderly fashion:
TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error
The result is that when a compressed AND encrypted server link goes down
the memory allocated by zlib and the r/w buffers are no longer
free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag
from the flag mask.
Support individual channel keys for pre-defined channels.
This patch introduces the new configuration variable "KeyFile" for
[Channel] sections in ngircd.conf. Here a file can be configured for each
pre-defined channel which contains individual channel keys for different
users. This file is line-based and must have the following syntax:
<user>:<nick>:<key>
<user> and <nick> can contain the wildcard character "*".
Please not that these channel keys are only in effect, when the channel
has a regular key set using channel mode "k"!
- Change Copyright to License
- Update URL
- Make BuildRoot use %{_tmppath} macro
- Add basic BuildRequires
- Compile with zlib and openssl
- Install all docs in standard document location
Xcode: get release number dynamically; new make target "xcode-clean".
- make target "xcode" now detects the release number stored in the
configure.in file and passes it to Xcode.
- new make target "xcode-clean" which removes all files generated by
"make xcode" and removes the Xcode build directory.
Florian Westphal [Wed, 17 Dec 2008 22:27:25 +0000 (23:27 +0100)]
use %ld as format specifier for posix data types
in the same vein as the earlier commit:
cast posix data types (pid_t, ...) to long and use
%ld as format specifier. This will avoid problems
when sizeof(int) != sizeof(type).
We could also cast to int, but this might truncate the value.