* Fixes for masked opers as they're already masked anyway.
* Let's make sure m_quit() will only check real users.
Currently, QUIT from un-registered clients (before NICK & USER) can crash the server because we're checking sptr->user->channels and sptr->user doesn't exist.
Add support for eXtended Channel Flags (XCF). (#48)
Extended channel flags will be controlled by servics via the SVSXCF command.
Settings:
JOIN_CONNECT_TIME - Number of seconds the user must be online to be able to join
TALK_CONNECT_TIME - Number of seconds the user must be online to be able to talk on the channel
TALK_JOIN_TIME - Number of seconds the user must be on the channel to be able to tlak on the channel
MAX_BANS - Will let us increase the ban limit for specific channels
1/0 (on/off) options:
NO_NOTICE - no notices can be sent to the channel (on/off)
NO_CTCP - no ctcps can be sent to the channel (on/off)
NO_PART_MSG - no /part messages (on/off)
NO_QUIT_MSG - no /quit messages (on/off)
EXEMPT_OPPED - exempt opped users (on/off)
EXEMPT_VOICED - exempt voiced users (on/off)
EXEMPT_IDENTD - exempt users with identd (on/off)
EXEMPT_REGISTERED - exempt users with umode +r (on/off)
EXEMPT_INVITES - exempt users who are +I'ed (on/off)
Special option:
GREETMSG - A message that will be sent when a user joins the channel
DEFAULT - Reset the channel flags back to the default values
Ryan Smith [Tue, 11 Sep 2018 16:06:38 +0000 (12:06 -0400)]
SSL certificate chain fixes and HUP rehash sanity checks (#54)
* Fix modern compiler warnings and possible buffer overflows
* Need to load the full certificate chain for validation to work properly
* Allow kill -HUP to refresh SSL certificates; add more sanity checking to rehashing SSL to ensure the certificate files still exist on disk and that the certificate belongs to the private key; do not actually swap out the SSL CTX unless all checks pass
crigler [Tue, 28 Aug 2018 02:06:49 +0000 (19:06 -0700)]
Resend the nicklist to a client in auditorium mode. (#50)
When auditorium mode is set and someone is opped or voiced, their client
will start to see messages from previously hidden clients and could get
confused about which window those messages should go to.
Fix this by sending a set of fake KICK/JOIN/NAMES messages to the newly
opped/voiced client to update the client's idea of who is in the
channel.
* Added USER_HOSTMASKING definition to include/config.h.
* Added UMODE +H.
When enabled, the user's host will be masked.
This umode is enabled by default if user host-masking support is defined.
-Kobi.
* Added the foundation for user host-masking support.
* Added user host-masking support to WHOIS (opers can still see the real host/ip).
* Added user host-masking support to USERHOST.
Notes:
- Users can see their own real hosts (to prevent DCC issues on some clients).
- Opers can see real hosts for everyone.
-Kobi.
* Added user host-masking support to WHOWAS (opers can still see the real host/IP).
* Changed SVSHOST to use mhost and propgate it on server connects.
* Added user host-masking support to channel bans/invites/exempts.
* Added user host-masking support to STATS l & p.
* Added user host-masking support to WHO.
* Added user host-masking support to WATCH.
* Added user host-masking support for a few src/send.c functions:
- prefix_buffer()
- send_quit_to_common_channels()
- send_part_to_common_channels()
- sendto_prefix_one()
- vsendto_prefix_one()
-Kobi.
* typo fix!
* Made WATCH L respect umode +H and mask the user's host if needed.
* Made KILL respect umode +H and mask the user's host if needed.
* Made DCCALLOW LIST respect umode +H and mask the user's host if needed.
* Added module hook for WHOIS.
* Added SVSUHM command to let services control what user host-masking type we are using.
* A few user host-masking related changes:
- Added module hook for masking hosts.
- Made mask_host() call the maskhost hook.
- Made mask_host() use uhm_type.
- Changed do_user() to only set & allow UMODE_H if uhm_type is defined.
- Changed m_umode() to only allow umode +H if uhm_type is defined.
* Added WHO +R to let opers choose if they want to see real hosts or not.
* Don't let non-opers see the real hosts/IPs for masked users with TRACE.
* Changed check_dccsend() to show the masked host/IP for umode +H users.
* Added USER_HOSTMASKING define checks to src/channel.c.
* Added USER_HOSTMASKING define checks to src/s_user.c.
* Added USER_HOSTMASKING define check to src/m_stats.c.
* Oops, typo fix.
* Added skill to version.c.SH.
* Let's only mask the host if the masking module returned 1 (Success).
-Kobi.
* Changed call_hooks()'s logic when handling hostmasking modules.
Possible results by the module:
1 = Success, the host has been masked (so don't try other modules).
0 = Failure, the host wasn't masked but try other modules (maybe they will mask the host).
-2 (FLUSH_BUFFER) = Failure, the host wasn't masked but *don't* try other modules.
-Kobi.
* Added defines for the user host-masking module's hooking results.
Ryan Smith [Thu, 22 Feb 2018 03:30:10 +0000 (22:30 -0500)]
Allow bahamut to be compiled against OpenSSL versions >= 1.1.0
while maininting backwards compatability with the 1.0.x series by using the recommended OpenSSL Compatability Layer: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Kobi Shmueli [Fri, 24 May 2013 10:38:13 +0000 (13:38 +0300)]
Fixed a bug on sendto_channel_butserv_me() function (src/send.c)
The bug causes Bahamut to hide mode and topic changes even if the channel isn't in auditorium mode.
Thanks to nt-spki for reporting this and thanks to srd for fixing it.
Changes to deal with bogus akills
- Changed m_akill() to warn about bogus akills and also "fix" them (add them anyway for 30 minutes
as services only sends AKILL commands when it really wants to take out users).
- Added more debugging to m_rakill().
Ned T. Crigler [Tue, 19 Mar 2013 23:31:05 +0000 (16:31 -0700)]
Fix 63 character hostname truncation.
Hostnames with exactly 63 characters were being truncated to 62
characters since register_user was using strncpyzt incorrectly.
The size given to strncpyzt should be the total size of the destination
buffer including the terminating '\0' character. register_user was using
HOSTLEN for the size instead of HOSTLEN + 1.
Added cmode +A (Auditorium mode).
When a channel is in auditorium mode, users can only see ops/voiced users on the channel and messages that are sent to the channel by non-ops/voiced users are being relayed to #channel-relay. Ops and voiced users can see the full user list.
Also, joins/parts/quits of non-ops/voiced users are only sent to ops/voiced users.
This channel mode is intended for network-wide events and currently can only be set by u:lined servers (services).
Ned T. Crigler [Sat, 2 Feb 2013 19:58:44 +0000 (11:58 -0800)]
Don't truncate long hostnames.
When a client connects from an IP address that resolves to a hostname
longer than HOSTLEN characters, the ircd truncates the excess
characters.
Until commit e2004bf0a2c851e7d81fc317b1cc230c9415d3e3, which increased
the resolver's maximum hostname length, this truncation behavior was
masked since the ircd tries to check whether the forward and reverse DNS
for a client's IP address matches. The resolver would try to resolve the
truncated version of the hostname and fail.
Fix this by rejecting a client's resolved hostname if it is too long.
Ned T. Crigler [Sat, 24 Nov 2012 18:38:18 +0000 (10:38 -0800)]
Add the WEBIRC command.
This command is only allowed from trusted clients, and permits the real
hostname of a webirc client be used instead of the hostname of the
webirc gateway they connected through. This can be used to prevent users
from having ircip1.mibbit.com as their hostname, for example.
Trusted clients are added to the ircd.conf by adding special allow
blocks that match ident@host (if an identd response was received), or
webirc@host (if not), and that use a password of the form:
webirc.<password>
For example, in ircd.conf:
allow { ipmask webirc@127.0.0.1; passwd webirc.mypass; class users; };
will allow the command to be used from a non-identd client connecting
from 127.0.0.1 if they use the password mypass in the WEBIRC command.
Opers can also see if a client successfully used this command.
William Pitcock [Tue, 18 Sep 2012 17:52:33 +0000 (12:52 -0500)]
ircd: clean up compiler warnings using -Wall
Remove dead assignments and stalls so that the compiler can remove unnecessary cache misses
in various codepaths caused by unused variables and dead branches.
William Pitcock [Tue, 18 Sep 2012 17:30:51 +0000 (12:30 -0500)]
res: portability improvements for uclibc
This allows building Bahamut on uClibc without any modification. It avoids using
deprecated interfaces in POSIX-2008, such as _getshort(), _getlong() and directly
dereferencing _res (instead, __res_state() should be dereferenced).
Ned T. Crigler [Sun, 29 Jan 2012 19:39:50 +0000 (11:39 -0800)]
Make /who without any flags parse IP addresses and CIDR.
Previously the code for handling /who when not given any flags only
checked for a '.' character to distinguish between a hostname and
nickname. Use the CIDR parsing code to allow it to parse IP addresses
and CIDR too.
Ned T. Crigler [Sun, 8 Jan 2012 02:49:28 +0000 (18:49 -0800)]
Fix identd connections on FreeBSD.
FreeBSD is apparently stricter than Linux with the address length
parameter to the connect system call. The code was using the total
length of the buffer (big enough for either an IPv4 or IPv6 address)
instead of the exact length depending on the kind of address, which
caused FreeBSD to return an error immediately, even though an IPv4
address can still fit in the buffer for an IPv6 address.
Fixed by re-using the address length calculated earlier when binding the
socket.
This was spotted thanks to a user who reported that identd wasn't
working for them.
Ned T. Crigler [Wed, 31 Aug 2011 18:38:50 +0000 (11:38 -0700)]
Fix various problems with non-standard build configurations.
Libraries should be prepended to $LIBS instead of appended, as the
linker only does a single left-to-right pass over the command line.
This sometimes showed up as link errors (such as when shared libraries
are not being used) when -lssl came after -lcrypto, since -lssl depends
on -lcrypto.
Also, we were not actually using the include path for zlib detected by
configure, as it was setting $CPPFLAGS, which wasn't being used in the
Makefiles.