| Age | Commit message (Collapse) | Author |
|---|
|
|
|
The new configuration option "DefaultChannelModes" lists channel modes that
become automatically set on new channels on creation.
Default: set no modes.
Closes #333.
|
|
servers
Ignore passwords sent by clients when not configured/needed.
Closes #332.
|
|
Do not ignore newer configuration value, always use the latest value set.
And do not assert() SSL-related string options and break, but properly
free them and use the latest value set – even in debug mode. In
non-debug mode, this was already the case anyway, but we leaked some
memory ...
|
|
While it is common for IRC servers to use ERR_NOSUCHNICK instead of
ERR_NOSUCHCHANNEL when a target can be either a channel or a nick, it seems
every other IRCd but UnrealIRCd uses ERR_NOSUCHCHANNEL in this particular case.
|
|
This fixes the following compiler warning, for example on OpenSolaris:
conn.c: In function 'Conn_Handler':
conn.c:798:28: warning: format '%ld' expects argument of type 'long int',
but argument 4 has type 'size_t' {aka 'unsigned int'} [-Wformat=]
|
|
References:
- https://modern.ircdocs.horse/#rplnamreply-353
- https://datatracker.ietf.org/doc/html/rfc2812#page-47
- (RFC 1459 is irrelevant here, as
https://datatracker.ietf.org/doc/html/rfc1459#page-51 uses a different
format)
Closes #313.
|
|
Both setgid(2) as well as setuid(2) can fail with EINVAL in addition to
EPERM, their manual pages state "EINVAL: The user/group ID specified in
uid/gid is not valid in this user namespace ".
So not only treat EPERM as an "acceptable error" and continue with
logging the error, but do the same for EINVAL.
This was triggered by the Void Linux xbps-uunshare(1) tool used for
building "XBPS source packages" and reported by luca in #ngircd. Thanks!
|
|
|
|
Thanks for reporting this on IRC, luca!
|
|
The LOGNAME environment variable is not set in GitHub "actions", for
example ...
|
|
Periodically "ping" the service manager (every 3 seconds) and set a
status message showing connection statistics.
This enables using the systemd(8) watchdog functionality for the
"ngircd.service" unit.
|
|
This allows the "ngircd.service" systemd(8) unit to use the "notify"
service type, which allows for better status tracking by the service
manager.
|
|
Wait for the "ERROR :Closing connection" message sent by ngIRCd when
handling the QUIT command, do not wait for "Connection closed" which is
actually output by the telnet(1) command and is implementation
dependant! For example, on Haiku OS, this is not always(!) echoed (the
command seems to hang sometimes?) which results in unpredictable
failures in the test suite ...
|
|
- Try to only search for processes of the current user.
- Prefer using pgrep (in addition to pidof) when available.
- Streamline system overrides.
- Get rid of HEAD_FLAGS: all systems so far support "-1".
- Use "ps -o pid,comm" as the default, which is POSIX.1.
- Use "sort -r" to hopefully get the newest (=highest) PID, which is the
case on older systems not using randomized PIDs at least.
|
|
- Reformat code.
- Cleanup some glitches, streamline scripts ...
- Enable "set -u": Error on unset variables.
- Detect "$srcdir" in prep-server3 script, too.
|
|
Although this is a nice looking solution, it is not that portable: for
example, the "openssl s_client" command of LibreSSL 3.8.2 on OpenBSD 7.4
does not support it.
So let's revert back to the "uglier" but working variant ...
This reverts commit bdb55fb4b322b2c84530855a3b5148a0e387f5b4.
|
|
This completes commit f96966a6.
|
|
The number of possible parallel connections is limited by the process
file descriptor limit (among other things). Therefore try to upgrade the
current "soft" limit to its "hard" maximum (but limit it to 100000), and
show an information or even warning, wenn still less than the configured
"MaxConnections" setting.
Please note that ngIRCd and its linked libraries (like PAM) need file
descriptors not only for incoming and outgoing IRC connections, but for
reading files and inter-process communication, too! Therefore the actual
connection limit is _less_ than the file descriptor limit!
This introduces the new MAX_FD_LIMIT (100000) #define.
|
|
|
|
|
|
|
|
This is already mentioned as the default in the manual page and the
sample configuration file, but was actually not enabled in the code!
|
|
|
|
Show proper certificate information for incoming connections, too, and
not "peer did not present a certificate", regardless if the client sent
a certificate or not.
This change is for GnuTLS and similar to what was implemented in commit
for OpenSSL in "S2S-TLS/OpenSSL: Fix handling of certificate information
for incoming connections".
|
|
Without this, the S2S-TLS-Patch not even compiles with GnuTLS because
of the "new" GnuTLS certificate reload support implemented in commit
eead4a63 ("x509_cred_slot").
|
|
|
|
This includes simplifying cb_connserver_login_ssl() a bit, we do not
have to code for invalid state which was ruled out by an assert() and
therefore can get rid of the goto altogether (and don't log the same
error twice with different messages).
|
|
handshake
The verify callback in OpenSSL is called pretty early, and at that time
it is not possible yet to check which connection it belongs to, and some
connections may have relaxed requirements.
So always return success in the Verify_openssl() callback, and postpone
validation of the TLS session until starting the server handshake in
cb_connserver_login_ssl(), when we know which server this connection
belongs to and which options (like "SSLVerify") are in effect.
The code doing this was already present in cb_connserver_login_ssl(),
but this patch adds a more prominent comment to the function.
|
|
connections
Show proper certificate information for incoming connections, too, and
not "peer did not present a certificate", regardless if the client sent
a certificate or not.
And free the client certificate structure "peer_cert" on incoming
connections as well!
|
|
Set the verification flags in the ConnSSL_SetVerifyProperties_openssl
function only, don't override them in ConnSSL_InitLibrary() afterwards.
No functional changes, now ConnSSL_SetVerifyProperties_openssl() sets
exactly the parameters which ConnSSL_InitLibrary() always overwrote ...
|
|
Setup host name verification even when the "SSLVerify" option is
disabled, because even then the peer can present a valid certificate and
validation would always(!) fail because of the missing host name
verification setup.
|
|
|
|
|
|
This patch provides code to validate the server certificate in
server links, defeating nasty man-in-the-middle attacks on server
links.
Features:
- Check whether the certificate is signed by a trusted certificate
authority (CA).
- Check the host name, including wildcard certificates and Subject
Alternative Names.
- Optionally check against a certificate revocation list (CRL).
- Implementation for both OpenSSL and GnuTLS linkage.
Left for another day:
- Parameterize the TLS parameter of an outbound connection. Currently,
it's hardcoded to disable all versions before TLSv1.1.
- Using certificate as CA-certificate. They work for GnuTLS only but
perhaps this should rather raise an error there, too.
- Optional OCSP checking.
- Checking client certificates. Code is there but this first needs some
consideration about the use cases. This could replace all other
authentication methods, for both client-server and server-server
connections.
This patch is based on a patch by Florian Westphal from 2009, which
implemented this for OpenSSL only:
From: Florian Westphal <fw@strlen.de>
Date: Mon, 18 May 2009 00:29:02 +0200
Subject: SSL/TLS: Add initial certificate support to OpenSSL backend
Commit message modified by Alex Barton.
Closes #120, "Server links using TLS/SSL need certificate validation".
Supersedes PR #8, "Options for verifying and requiring SSL client
certificates", which had (incomplete?) code for OpenSSL, no GnuTLS.
|
|
Correctly re-generate the "cloaked hostname" when removing the
"cloakhost" using an empty string by passing down NULL instead of the
empty string, which results in protocol violations (for example on
WHOIS).
|
|
|
|
The default value for the -nameopt option changed in OpenSSL 3.2 from
`oneline' to `utf8'. The `oneline' option also included a space around
the fields which is not the case for `utf8'. This means that
CN = my.first.domain.tld
changed to
CN=my.first.domain.tld
and is now longer recognized, leading to test failure.
This can be fixed by either going back to `oneline' or keeping `utf8'
and adding additionally `space_eq'. Anoter way would be to teach the
expect that the space is optional.
Add explicit -nameopt option with `utf8,space_eq' which is understood by
by OpenSSL 3.2 and earlier to make explicit. Remove the wildcard.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
|
|
But we are getting there!
|
|
And skip the tests calling it instead of failing!
|
|
|
|
The configuration can be set in drop-in files in the include directory,
too, so it is not clear in which file it is actually missing.
|
|
No longer use a default built-in value for the "IncludeDir" directive
when a configuration file was explicitly specified on the command line
using "--config"/"-f": This way no default include directory is scanned
when a possibly non-default configuration file is used which
(intentionally) did not specify an "IncludeDir" directive.
With this patch you now can use "-f /dev/null" for checking all built-in
defaults, regardless of any local configuration files in the default
drop-in directory (which would have been read in until this change).
|
|
|
|
The server "Name" in the "[Global]" section of the configuration file is
optional now: When not set (or empty), ngIRCd now tries to deduce a
valid IRC server name from the local host name ("node name"), possibly
adding a ".host" extension when the host name does not contain a dot
(".") which is required in an IRC server name ("ID").
This new behaviour, with all configuration parameters now being
optional, allows running ngIRCd without any configuration file at all.
|
|
Basically this is unnecessary, as Channel_UserModes() always returns a
valid pointer and strchr() can deal with an empty (NULL-terminated)
string perfectly fine, bit it makes the code a bit more obvious and
silences the following warning:
In function ‘Channel_UserHasMode’,
inlined from ‘Channel_Kick’ at channel.c:384:7:
channel.c:784:16: warning: ‘strchr’ reading 1 or more bytes from a region
of size 0 [-Wstringop-overread]
784 | return strchr(Channel_UserModes(Chan, Client), Mode) != NULL;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This was seen with "gcc (Debian 12.2.0-14) 12.2.0" at least.
|
|
Add a "/* fall through */" annotation to "case" statements which
actually should "fall through" to silences GCC warning like this:
hash.c: In function ‘jenkins_hash’:
hash.c:110:27: warning: this statement may fall through
[-Wimplicit-fallthrough=]
110 | case 12: c+=((UINT32)k[11])<<24;
| ~^~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Without this patch, disabling DNS in the configuration disabled IDENT
lookups as well (for no good reason).
This patch allows enabling/disabling DNS lookups and IDENT requests
completely separately and enhances the messages sent to the client when
"NoticeBeforeRegistration" is enabled, too.
Thanks for reporting this, Miniontoby!
Closes #291.
|
|
This was reported back in April 2021, thanks Sarah!
Subject: NGIRCD bug report
Date: April 28 2021, 14:30:08 MESZ
To: alex@barton.de
Hello,
I am writing to you to report a bug in ngircd.
In any give channel, if an user is with mode +a (admin), he/she can
sets mode +/-q(owner) to any other user. This is not inline with the
documentation.
I've looked into the code irc-mode.c, apparently an if block is
missing. Below are the code snippets that I believe fixes the bug.
This patch is what Sarah sent in. Thanks a lot!
|