]>
jfr.im git - irc/DALnet/bahamut.git/log
Emilio A. Escobar [Sun, 3 Dec 2023 02:09:37 +0000 (18:09 -0800)]
Fixing typos and more error checks
Emilio A. Escobar [Sat, 2 Dec 2023 03:32:31 +0000 (19:32 -0800)]
Merge branch 'master' into s-to-s-tls
Emilio A. Escobar [Fri, 1 Dec 2023 22:22:31 +0000 (14:22 -0800)]
Merge pull request #239 from DALnet/issue-238
Send full SVSUHM when server establishes connection
Emilio A. Escobar [Fri, 1 Dec 2023 22:11:48 +0000 (14:11 -0800)]
Send full SVSUHM when server establishes connection
Emilio A. Escobar [Sun, 9 Jul 2023 02:47:53 +0000 (19:47 -0700)]
Merge branch 'master' into s-to-s-tls
Emilio A. Escobar [Sun, 9 Jul 2023 02:34:06 +0000 (19:34 -0700)]
Merge pull request #212 from DALnet/hostmasking-fixes
Check bans (AKILLs/KLINEs) against the masked hostname too.
Emilio A. Escobar [Sun, 9 Jul 2023 02:32:53 +0000 (19:32 -0700)]
Merge branch 'master' into hostmasking-fixes
Emilio A. Escobar [Sun, 9 Jul 2023 02:32:42 +0000 (19:32 -0700)]
Merge pull request #220 from ryandesign/patch-1
Fix sys_errlist configure check in newer compilers
Emilio A. Escobar [Sun, 9 Jul 2023 02:22:54 +0000 (19:22 -0700)]
Merge branch 'master' into patch-1
Emilio A. Escobar [Fri, 7 Jul 2023 03:35:56 +0000 (20:35 -0700)]
Merge pull request #223 from ryandesign/patch-2
Add bahamut -I flags before user CPPFLAGS
Emilio A. Escobar [Fri, 7 Jul 2023 03:34:18 +0000 (20:34 -0700)]
Merge branch 'master' into patch-2
Emilio A. Escobar [Fri, 7 Jul 2023 03:32:31 +0000 (20:32 -0700)]
Merge branch 'master' into hostmasking-fixes
Emilio A. Escobar [Fri, 7 Jul 2023 03:29:24 +0000 (20:29 -0700)]
Merge pull request #219 from crigler/fix-compilation-on-ubuntu-22.04
Fix compilation on Ubuntu 22.04
Ryan Schmidt [Thu, 6 Jul 2023 18:39:14 +0000 (13:39 -0500)]
Add bahamut -I flags before user CPPFLAGS
The user's CPPFLAGS may contain -I flags pointing to directories that
contains files having the same names as bahamut headers which may cause
build failures. For example, bahamut contains channel.h, but NDSClient
installs $prefix/include/channel.h. If the user's CPPFLAGS contain
-I$prefix/include, for example to facilitate the finding of zlib or
other bahamut dependencies, the build will fail. Fix the problem by
looking for includes in bahamut directories first.
Ryan Schmidt [Mon, 3 Jul 2023 13:16:14 +0000 (08:16 -0500)]
Fix sys_errlist configure check in newer compilers
Using "exit" requires "#include <stdlib.h>" first which this configure
check doesn't do. Consequently, newer compilers that default to
"-Werror=implicit-function-declaration" encounter an error like "error:
call to undeclared library function 'exit' with type 'void (int)
__attribute__((noreturn))'; ISO C99 and later do not support implicit
function declarations" (llvm.org clang 16 and later) or "error:
implicitly declaring library function 'exit' with type 'void (int)
__attribute__((noreturn))'" (Apple clang 12 and later) when running this
configure check and thus always think "sys_errlist" is not available
even if it is. Using "return" instead of "exit" is simpler than
including the header.
Also declare the return type of "main". Not doing this causes "error:
type specifier missing, defaults to 'int'; ISO C99 and later do not
support implicit int" in new compilers like llvm.org clang 16 that
default to "-Werror=implicit-int" which, as above, can cause the feature
detection to arrive at the wrong answer.
Ned T. Crigler [Mon, 22 May 2023 22:31:54 +0000 (15:31 -0700)]
Update the dh code to work with OpenSSL 3.0
Ned T. Crigler [Mon, 27 Feb 2023 01:42:29 +0000 (17:42 -0800)]
Fix compilation on Ubuntu 22.04
Starting with glibc 2.34 "The symbols __dn_comp, __dn_expand,
__dn_skipname, __res_dnok, __res_hnok, __res_mailok, __res_mkquery,
__res_nmkquery, __res_nquery, __res_nquerydomain, __res_nsearch,
__res_nsend, __res_ownok, __res_query, __res_querydomain, __res_search,
__res_send formerly in libresolv have been renamed and no longer have a
__ prefix. They are now available in libc."
https://sourceware.org/pipermail/libc-alpha/2021-August/129718.html
The hex_to_string array in include/dh.h also conflicts with OpenSSL,
which OpenSSL 3.0 now complains about.
Emilio A. Escobar [Sat, 26 Nov 2022 04:58:27 +0000 (20:58 -0800)]
Only allowed authorized remote hosts
Emilio A. Escobar [Fri, 25 Nov 2022 22:12:40 +0000 (14:12 -0800)]
added secure runner
Emilio A. Escobar [Wed, 16 Nov 2022 10:45:37 +0000 (05:45 -0500)]
Merge pull request #216 from lgtm-migrator/codeql
Add CodeQL workflow for GitHub code scanning
LGTM Migrator [Thu, 10 Nov 2022 18:26:58 +0000 (18:26 +0000)]
Add CodeQL workflow for GitHub code scanning
Emilio A. Escobar [Tue, 16 Aug 2022 15:40:51 +0000 (08:40 -0700)]
Update patchlevel to 2.2.2
Emilio A. Escobar [Tue, 16 Aug 2022 00:43:58 +0000 (17:43 -0700)]
Merge branch 'master' into s-to-s-tls
Emilio A. Escobar [Mon, 15 Aug 2022 21:36:51 +0000 (14:36 -0700)]
Update CHANGES
Emilio A. Escobar [Mon, 15 Aug 2022 21:35:20 +0000 (14:35 -0700)]
Fix debug formatting for verify_result
Emilio A. Escobar [Mon, 15 Aug 2022 21:32:13 +0000 (14:32 -0700)]
Merge pull request #213 from DALnet/mode-H-propagation
Usermode H propagation bug
Ryan Smith [Thu, 11 Aug 2022 21:52:23 +0000 (17:52 -0400)]
Rework logic so usermode H is propagated through non-enabled hubs; don't penalize the user for flooding if they tried too soon; don't trigger a watch change if the mode is already set/unset.
Ryan Smith [Wed, 10 Aug 2022 03:11:24 +0000 (23:11 -0400)]
Check bans (AKILLs/KLINEs) against the masked hostname too.
Emilio A. Escobar [Sat, 6 Aug 2022 22:45:31 +0000 (15:45 -0700)]
fix formatting for verify_result
Emilio A. Escobar [Sat, 6 Aug 2022 22:10:34 +0000 (15:10 -0700)]
announce TLS connection error if SSL verification fails
Emilio A. Escobar [Sat, 6 Aug 2022 21:49:33 +0000 (14:49 -0700)]
debug verify result
Emilio A. Escobar [Sat, 6 Aug 2022 21:34:23 +0000 (14:34 -0700)]
mycmp returns 1 if match
Emilio A. Escobar [Sat, 6 Aug 2022 21:31:55 +0000 (14:31 -0700)]
verify peer at all times and print cn during mismatch
Emilio A. Escobar [Sat, 6 Aug 2022 21:29:40 +0000 (14:29 -0700)]
return true for chain certs
Emilio A. Escobar [Sat, 6 Aug 2022 21:24:24 +0000 (14:24 -0700)]
return preverification for chain certs
Emilio A. Escobar [Sat, 6 Aug 2022 21:22:34 +0000 (14:22 -0700)]
only validate common name when depth is 0, needs to be tested against self signed certs
Emilio A. Escobar [Sat, 6 Aug 2022 21:18:30 +0000 (14:18 -0700)]
only verify cert once, track depth for aConnect matching
Emilio A. Escobar [Sat, 6 Aug 2022 20:54:03 +0000 (13:54 -0700)]
Getting subject name as an object for debugging
Emilio A. Escobar [Sat, 6 Aug 2022 20:51:12 +0000 (13:51 -0700)]
fix reference to buf
Emilio A. Escobar [Sat, 6 Aug 2022 20:50:04 +0000 (13:50 -0700)]
added debug to get CN part of subject name
Emilio A. Escobar [Sat, 6 Aug 2022 20:46:27 +0000 (13:46 -0700)]
callback needs to return 1 on success
Emilio A. Escobar [Sat, 6 Aug 2022 20:39:11 +0000 (13:39 -0700)]
self signed cert in chain error is stored in err not preverify_ok
Emilio A. Escobar [Sat, 6 Aug 2022 20:32:31 +0000 (13:32 -0700)]
allow self signed cert in chain for now
Emilio A. Escobar [Sat, 6 Aug 2022 20:26:25 +0000 (13:26 -0700)]
fix reference to DEBUG_LEV
Emilio A. Escobar [Sat, 6 Aug 2022 20:25:37 +0000 (13:25 -0700)]
make sure we get the cert before we try to get the subjectName
Emilio A. Escobar [Sat, 6 Aug 2022 20:09:25 +0000 (13:09 -0700)]
fix mistaken use of aConn and removed static definition
Emilio A. Escobar [Sat, 6 Aug 2022 20:07:37 +0000 (13:07 -0700)]
include struct.h for aConn reference
Emilio A. Escobar [Sat, 6 Aug 2022 20:03:52 +0000 (13:03 -0700)]
Add custom TLS verification to compare aconn->name with subject name provided by certificate
Emilio A. Escobar [Tue, 26 Jul 2022 20:07:43 +0000 (22:07 +0200)]
try ssl_verify_none for now
Emilio A. Escobar [Tue, 26 Jul 2022 19:59:24 +0000 (21:59 +0200)]
do not ignore syscall errors
Emilio A. Escobar [Tue, 26 Jul 2022 05:33:51 +0000 (07:33 +0200)]
Revert "check for connecting status first and call safe connect"
This reverts commit
04f4d130386df2a8a5f14d7838bcab6cd95f0843 .
Emilio A. Escobar [Tue, 26 Jul 2022 05:26:13 +0000 (07:26 +0200)]
check for connecting status first and call safe connect
Emilio A. Escobar [Tue, 26 Jul 2022 05:14:20 +0000 (07:14 +0200)]
Revert "Call connect if IsConnecting and accept if IsClient"
This reverts commit
44c54bf82de010f46b564734d1365d5840c3454c .
Emilio A. Escobar [Tue, 26 Jul 2022 05:11:22 +0000 (07:11 +0200)]
Call connect if IsConnecting and accept if IsClient
Emilio A. Escobar [Tue, 26 Jul 2022 04:37:51 +0000 (06:37 +0200)]
ignore self-signed cert error for now
Emilio A. Escobar [Tue, 26 Jul 2022 04:06:42 +0000 (06:06 +0200)]
show verify result
Emilio A. Escobar [Tue, 26 Jul 2022 03:30:26 +0000 (05:30 +0200)]
test with verify none for now
Emilio A. Escobar [Tue, 26 Jul 2022 03:15:19 +0000 (05:15 +0200)]
configure SSL context to do peer verfication and check status during completed_connection
Emilio A. Escobar [Tue, 26 Jul 2022 03:01:49 +0000 (05:01 +0200)]
Revert "Do not retrieve certificate right after connecting, added TLS validation logic"
This reverts commit
1ab1c16934381a66fdc4db0f70910bc18f8f92ba .
Emilio A. Escobar [Tue, 26 Jul 2022 02:56:41 +0000 (04:56 +0200)]
Do not retrieve certificate right after connecting, added TLS validation logic
Emilio A. Escobar [Mon, 25 Jul 2022 20:04:49 +0000 (22:04 +0200)]
adjust formatting and fix syntax error
Emilio A. Escobar [Mon, 25 Jul 2022 20:04:06 +0000 (22:04 +0200)]
fix syntax for stats
Emilio A. Escobar [Mon, 25 Jul 2022 20:02:25 +0000 (22:02 +0200)]
simplify checks to determine which CAPAB to send
Emilio A. Escobar [Mon, 25 Jul 2022 19:56:58 +0000 (21:56 +0200)]
show TLS encrypted in stats ?
Emilio A. Escobar [Mon, 25 Jul 2022 19:48:28 +0000 (21:48 +0200)]
remove debug for Parsing
Emilio A. Escobar [Mon, 25 Jul 2022 19:44:10 +0000 (21:44 +0200)]
debug to check if CONN_DKEY hits no matter what, will remove
Emilio A. Escobar [Mon, 25 Jul 2022 19:35:29 +0000 (21:35 +0200)]
remove debug line and display TLS during connecting message if CONN_SSL
Emilio A. Escobar [Mon, 25 Jul 2022 19:25:21 +0000 (21:25 +0200)]
set socket to non-blocking regardless of SSL
Emilio A. Escobar [Mon, 25 Jul 2022 19:05:48 +0000 (21:05 +0200)]
adding debug
Emilio A. Escobar [Mon, 25 Jul 2022 06:45:17 +0000 (08:45 +0200)]
increase the value of CONN_SSL to avoid any conflicts
Emilio A. Escobar [Mon, 25 Jul 2022 06:44:03 +0000 (08:44 +0200)]
check for IsSSL
Emilio A. Escobar [Mon, 25 Jul 2022 06:35:27 +0000 (08:35 +0200)]
remove error pasting
Emilio A. Escobar [Mon, 25 Jul 2022 06:34:42 +0000 (08:34 +0200)]
fix syntax error
Emilio A. Escobar [Mon, 25 Jul 2022 06:33:53 +0000 (08:33 +0200)]
really do not send DKEY and establish connection if SSL
Emilio A. Escobar [Mon, 25 Jul 2022 06:15:27 +0000 (08:15 +0200)]
add more debugging and do not send DKEY capab if SSL
Emilio A. Escobar [Mon, 25 Jul 2022 05:41:33 +0000 (07:41 +0200)]
fix reference to tmp_serverssl_ctx
Emilio A. Escobar [Mon, 25 Jul 2022 05:40:15 +0000 (07:40 +0200)]
generate a new SSL client ctx and use it when connecting to servers
Emilio A. Escobar [Sun, 24 Jul 2022 20:08:26 +0000 (22:08 +0200)]
add SSL connect function
Emilio A. Escobar [Sun, 24 Jul 2022 20:05:00 +0000 (22:05 +0200)]
declare safe_ssl_connect and fix call to it
Emilio A. Escobar [Sun, 24 Jul 2022 19:59:51 +0000 (21:59 +0200)]
fix reference to ssl ctx
Emilio A. Escobar [Sun, 24 Jul 2022 19:58:32 +0000 (21:58 +0200)]
use safe ssl connect to allow want read and write to happen
Emilio A. Escobar [Sun, 24 Jul 2022 19:49:44 +0000 (21:49 +0200)]
set non blocking after SSL_connect
Emilio A. Escobar [Sun, 24 Jul 2022 19:41:29 +0000 (21:41 +0200)]
return -1 when SSL fails
Emilio A. Escobar [Sun, 24 Jul 2022 19:36:05 +0000 (21:36 +0200)]
fix 509 references
Emilio A. Escobar [Sun, 24 Jul 2022 19:33:07 +0000 (21:33 +0200)]
use SSL_connect when connecting to SSL aconn
Emilio A. Escobar [Sun, 24 Jul 2022 19:15:55 +0000 (21:15 +0200)]
fix fd reference
Emilio A. Escobar [Sun, 24 Jul 2022 19:14:34 +0000 (21:14 +0200)]
allow port flag for SSL and establish SSL context
Emilio A. Escobar [Sun, 24 Jul 2022 18:27:35 +0000 (20:27 +0200)]
Allow server to server communication to be over TLS by not sending DKEY if the connection is already encrypted
Emilio A. Escobar [Thu, 10 Feb 2022 03:14:36 +0000 (19:14 -0800)]
Merge pull request #203 from DALnet/fix-221-core
Fix 221 core
Emilio A. Escobar [Thu, 10 Feb 2022 03:11:20 +0000 (19:11 -0800)]
Moving ! inside parenthesis
Emilio A. Escobar [Thu, 10 Feb 2022 03:06:37 +0000 (19:06 -0800)]
Fix crashes happening on 2.2.1 during rwho
Emilio A. Escobar [Wed, 9 Feb 2022 03:54:58 +0000 (19:54 -0800)]
Modify version to 2.2.1 for final release
Emilio A. Escobar [Mon, 7 Feb 2022 19:21:59 +0000 (11:21 -0800)]
Update patch level to 2.2.1-rc
Ryan Smith [Mon, 7 Feb 2022 19:02:58 +0000 (14:02 -0500)]
Updated CHANGES log for 2.2.1 release
Ryan Smith [Mon, 7 Feb 2022 19:02:38 +0000 (14:02 -0500)]
Updated CHANGES log for 2.2.1 release
Emilio A. Escobar [Mon, 7 Feb 2022 18:53:38 +0000 (10:53 -0800)]
Merge pull request #202 from DALnet/who-fix
/who and /rwho fixes for hostmasking
Ryan Smith [Mon, 31 Jan 2022 06:07:14 +0000 (01:07 -0500)]
Wrap /rwho host checking logic in #ifdef USER_HOSTMASKING
Ryan Smith [Mon, 31 Jan 2022 05:54:51 +0000 (00:54 -0500)]
Fix bug with /rwho -h not hiding hostmasked clients properly
Ryan Smith [Mon, 31 Jan 2022 05:27:26 +0000 (00:27 -0500)]
Remove the old host check code which does not honor hostmasking properly. The block above this one replaces this old logic.
Emilio A. Escobar [Tue, 21 Sep 2021 14:14:52 +0000 (07:14 -0700)]
Merge pull request #198 from DALnet/donotsend-uhmmodeh
Saving this for once all servers are upgraded