Michael Poole [Wed, 13 Mar 2019 00:44:56 +0000 (20:44 -0400)]
s_auth: Replace FLAG_DOID with DoIdentLookups.
Ever since commit bdd001c7946:
s_auth: Let IAuth assign class without connection-limit or password checks.
we have called preregister_user() (and indirectly attach_iline()) after
all the other authorization checks are done. This means that FLAG_DOID
was being set after it was being checked.
There was a Gordian knot:
- We want IAuthd to be able to set a connection class.
- We want to check G-lines before sending enough information to IAuthd
to trigger an XQUERY lookup (meaning network traffic).
- We use clients' usernames to check G-lines.
- We add ~ to the client's username if their connection class needs a
username, but the identd lookup failed for that cilent.
I think the simplest, least-surprising way to break that loop is to add a
~ prefix if *any* class needs a username. Most servers will continue to
behave the same as with u2.10.12.18, and this makes the server's behavior
more consistent across clients who fall into different connection classes.
Michael Poole [Sun, 11 Mar 2018 22:52:58 +0000 (18:52 -0400)]
s_auth: Various bug fixes relating to clients exiting mid-registration.
The IAuth "H" command cannot get a connection class any more, because it
is sent before preregister_user() is called. The User's "host" and
"realhost" fields need to be copied outside of preregister_user().
More code needs to be conditional on res == 0.
Michael Poole [Sat, 5 Aug 2017 00:30:38 +0000 (20:30 -0400)]
ircd.c: Fix diagnostic for missing CPATH (config file).
The check for SPATH has a worse problem: configure.in no longer recognizes
either --with-Spath or --with-spath. However, I am not currently inclined
to fix that.
Michael Poole [Wed, 26 Jul 2017 22:04:08 +0000 (18:04 -0400)]
ircd: Remove unused global variables.
These were set by the pre-event-engine signal handlers, and checked by the
pre-event-engine main loop. They haven't been modified or read in 16+
years, so it is time for them to go.
Michael Poole [Wed, 22 Feb 2017 03:22:43 +0000 (22:22 -0500)]
m_webirc: Don't use the "username" parameter for the client.
At least most of the time, this is apparently meant as the name of the
WebIRC service rather than the user or client, but various WebIRC specs
describe it as a client or user name.
Michael Poole [Sun, 11 Dec 2016 19:13:58 +0000 (14:13 -0500)]
IPcheck: Bugfix for IPv6 /48 rejections from a new /64.
After "IPcheck: Rate-limit connections per IPv6 /48.", if a connection
from a rate-limited /48 came from a /64 that had no current connections,
then `entry` can be null in this path.
Michael Poole [Tue, 29 Nov 2016 04:33:58 +0000 (23:33 -0500)]
s_auth: Properly match against ~<foo>@<whatever> G-lines.
cli_user(auth->client)->username was not being set when identd failed.
To set it properly, we need to assign a Client block (which needs DNS
and identd results). Rearrange code to do that.
Michael Poole [Mon, 24 Oct 2016 03:21:19 +0000 (23:21 -0400)]
Add channel mode +C (no CTCPs except ACTION).
include/channel.h (MODE_NOCTCP): Define.
(infochanmodes): Add +C.
include/supported.h (FEATURESVALUES2): Add +C.
ircd/channel.c (channel_modes): Emit it.
(modebuf_flush_int): Likewise.
(modebuf_mode): Parse it.
(modebuf_extract): Likewise.
(mode_parse): Likewise.
ircd/ircd_relay.c (relay_channel_message): Bail when a message to a +C
channel that contains a CTCP but does not start with CTCP ACTION.
(relay_channel_notice): Likewise.
ircd/m_clearmode.c (do_clearmode): Clear mode +C on /clearmode.
Michael Poole [Sat, 22 Oct 2016 01:41:13 +0000 (21:41 -0400)]
find_conf_exact: Allow empty cli_username() to match tmp->username.
This reverts the behavior of Operator host = "*@192.168.1.1"; to its
previous behavior, where un-idented clients could match. Now, just as
for Client blocks, host = "@192.168.1.1"; will only match un-idented
clients.
Michael Poole [Wed, 19 Oct 2016 03:52:14 +0000 (23:52 -0400)]
check_auth_finished: Fix refactoring bugs.
Early exit until we can (and do) check G-lines.
If the client isn't booted for a G/K-line, tell IAuth what we know.
Call auth_set_username() just before registering user, like we did before
the (buggy) refactoring in commit a22917fd ("s_auth: Check G-lines before
IAuth.").
Michael Poole [Sun, 9 Oct 2016 01:11:06 +0000 (21:11 -0400)]
s_auth: Check G-lines before IAuth.
Add a new function, iauth_notify(), that sends the appropriate message
to the IAuth service when some information about a client is updated.
check_auth_finished() now calls this function, and as a result needs to
know what information was just updated. However, it also calls
register_user() before sending the last required information to IAuth,
so that a G-line keeps the IAuth service from performing full checks.
The syntax for the U message to IAuth is updated to remove fields that
ircu interprets as mode requests.