Aaron Jones [Sat, 5 Mar 2022 05:16:23 +0000 (05:16 +0000)]
configure: --enable-warnings: check for -Wno-declaration-after-statement
Clang trunk is issuing dozens of these diagnostics for every single
compilation unit, warning that declaring variables after a statement
is not supported in versions of C before C99.
However, this is a C99 codebase, and we're using AC_PROG_CC_C99.
Disable this diagnostic.
Aaron Jones [Thu, 24 Feb 2022 00:25:04 +0000 (00:25 +0000)]
m4/atheme-featuretest-warnings.m4: check for -Wno-reserved-identifier
Clang 14 with --enable-warnings is emitting several of these
diagnostics for every single compilation unit, due to how
libmowgli names its variables. This is pointlessly annoying.
We're not just called from the periodic commit timer, but also
on rehash, which includes some modreloads too (when reloading a
module that has configuration options).
We should always use a blocking save regardless of what caused
the save to happen, rather than just test in the periodic commit
timer callback.
This makes running under Valgrind much more amenable.
Ed Kellett [Wed, 19 Jan 2022 20:51:53 +0000 (20:51 +0000)]
Don't save last seen times for logged-in nicks
Last seen times are currently updated by, amongst other things, the
expiry check, which has the effect of updating every logged in nick and
user's line in the database every hour. This makes life much harder for
incremental backup systems -- by my very rough measurement, if a DB save
without an expiry check costs 1MB, a save that includes one will cost
10. Atheme databases aren't huge to begin with, but I think a tenfold
reduction is still worth chasing.
Edited by @aaronmdjones: Add NEWS entry and script to migrate back to
the v7.2 database format, should people wish to downgrade.
Aaron Jones [Tue, 18 Jan 2022 12:14:27 +0000 (12:14 +0000)]
libathemecore/ptasks.c: stats c: show uplink host
This is already gated behind PRIV_SERVER_AUSPEX, which OperServ
SPECS describes as "view concealed information about servers".
Also, you can already obtain this information from `stats f`
(shows all active file descriptors associated with connections,
which includes endpoint IP addresses), which is gated behind the
same privilege.
jesopo [Sun, 28 Nov 2021 13:45:48 +0000 (13:45 +0000)]
Allow hooks to force account expire
Edited and committed by @aaronmdjones: Other general code cleanup;
clarify that if a hook forces account expiry, the destructor for
the myuser object will take care of logging them out (if they are
logged in). Also account for the fact that they may be logged in
by having the log message include their login count. Finally, don't
let a hook prevent the expiry of an unverified account.
If passed a list consisting entirely of non-reloadable modules, we would
leak approximately up to 24 bytes of memory each time. Discovered manually
during reading the function.
Ed Kellett [Sun, 17 Oct 2021 17:01:11 +0000 (18:01 +0100)]
saslserv/main: Preserve pending login on abort
The previous patch made SaslServ aware of pending logins (i.e. SASL
sessions which have succeeded and generated a SVSLOGIN). This one
ensures that aborting a SASL authentication attempt does not destroy
that information: if you successfully authenticate as user A, then begin
and abort another authentication attempt as user B, you will log in as
user A.
This is only relevant in the pre-registration case, when SASL logins
cannot be actioned immediately. It's also necessary to avoid a desync in
this case: if we have already sent a SVSLOGIN for a login, the user is
going to be informed that they've logged in, and the ircd is going treat
them as though they're logged in. Other solutions are possible, but I
think the cleanest one is to action the last SVSLOGIN we sent, mirroring
their effect ircd-side.
Ed Kellett [Sun, 17 Oct 2021 13:13:22 +0000 (14:13 +0100)]
saslserv/main: Track EID we're pending login to
The existing model does not remember that we've sent a SVSLOGIN for a
given SASL session, and simply assumes that if a client is introduced
with a SASL session open, that session must have succeeded. The security
of this approach requires ircd to implicitly abort SASL sessions on
client registration.
This also means that if a client successfully authenticates and then
does something else its pending login is forgotten about, even though a
SVSLOGIN has been sent for it, and the ircd is going to think it's
logged in.
This change removes the dependency on ircd's state machine by keeping
explicit track of the pending login, i.e. the one we've most recently
sent a SVSLOGIN for. The next commit will ensure that a client abort
(even an implicit one) doesn't blow that information away.
Aaron Jones [Sat, 7 Aug 2021 18:36:00 +0000 (18:36 +0000)]
libathemecore/connection: connection_add(): make fd non-inheritable
Grumble; Windows compatibility stuff, ew, etc. I just copied the
function below it. Windows compatibility is liable to get ripped
out of services entirely due to WSL being A Thing now, but for
now just follow the convention.
This means we now don't need to call connection_close_all_fds()
when forking to send e-mail.
Aaron Jones [Fri, 16 Jul 2021 15:31:21 +0000 (15:31 +0000)]
modules/saslserv/main: authxid_can_login: check for freeze early
Freezing an account should prevent a login attempt entirely, rather
than allowing the mechanism to succeed first, only for the login
itself to then fail.
Aaron Jones [Sat, 10 Jul 2021 21:05:44 +0000 (21:05 +0000)]
libathemecore/function.c: sendemail_urlencode: cast argument to isalnum(3)
This may avoid diagnostics on systems with signed chars. Not actually a
problem in practice because we do not consider such characters to be
valid in a nickname, which is required for them to be valid account
names.
Aaron Jones [Sat, 10 Jul 2021 18:07:47 +0000 (18:07 +0000)]
libathemecore/function.c: sendemail(): allow for urlencoding account
If one wishes to replace their register email template to prefix the account
name and registration verification token with a URL (to implement a webserver
to verify registrations, so people don't have to copy and paste commands to
execute on IRC), we should allow for the possibility that people will have
non-alphanumeric characters in their account name, and provide a URL-encoded
version of it.
This will ensure that such links are always clickable in various MUAs.
Val Lorentz [Sat, 26 Jun 2021 17:51:59 +0000 (19:51 +0200)]
Explain configuration outside the "Compiling" section
It didn't really make sense as configuration isn't part of the compilation.
Additionally, not everyone installs Atheme by compiling it themselves,
or they may not have the file at hand while reading this document
(eg. reading the documentation before actually doing it)
Val Lorentz [Sat, 26 Jun 2021 17:07:45 +0000 (19:07 +0200)]
INSTALL: Remove unnessarily agressive remark
People who set up their first IRC network will read this documentation,
it seems unnecessary to shame them for... not knowing how to setup
and IRC network.
Aaron Jones [Thu, 24 Jun 2021 09:39:27 +0000 (09:39 +0000)]
email/default/setpass: don't encourage contact for unsolicited receipt
Nothing can be done to the account without the token in this e-mail,
and any competent malicious actor who does have unauthorised access to
a user's e-mail inbox is also just going to delete the e-mail after
compromising the user's account anyway.
Therefore, it doesn't make sense to encourage the user to reach out to
the network administration.
Also clarify that password reset tokens are now automatically
invalidated by a successful login.
Aaron Jones [Sun, 20 Jun 2021 02:32:27 +0000 (02:32 +0000)]
libathemecore/ptasks.c: handle_kill(): don't use slog() if we got killed
If a client on our server is killed, we cannot reliably use slog(),
because the client may be OperServ, and slog() mesages are sent from
OperServ.
It turns out that some IRCds care about receiving messages from UIDs
it doesn't know about (because it just killed them), and will send
KILLs for them over and over again.