Aaron Jones [Sat, 5 Mar 2022 05:16:23 +0000 (05:16 +0000)]
configure: --enable-warnings: check for -Wno-declaration-after-statement
Clang trunk is issuing dozens of these diagnostics for every single
compilation unit, warning that declaring variables after a statement
is not supported in versions of C before C99.
However, this is a C99 codebase, and we're using AC_PROG_CC_C99.
Disable this diagnostic.
Aaron Jones [Thu, 24 Feb 2022 00:25:04 +0000 (00:25 +0000)]
m4/atheme-featuretest-warnings.m4: check for -Wno-reserved-identifier
Clang 14 with --enable-warnings is emitting several of these
diagnostics for every single compilation unit, due to how
libmowgli names its variables. This is pointlessly annoying.
We're not just called from the periodic commit timer, but also
on rehash, which includes some modreloads too (when reloading a
module that has configuration options).
We should always use a blocking save regardless of what caused
the save to happen, rather than just test in the periodic commit
timer callback.
This makes running under Valgrind much more amenable.
Ed Kellett [Wed, 19 Jan 2022 20:51:53 +0000 (20:51 +0000)]
Don't save last seen times for logged-in nicks
Last seen times are currently updated by, amongst other things, the
expiry check, which has the effect of updating every logged in nick and
user's line in the database every hour. This makes life much harder for
incremental backup systems -- by my very rough measurement, if a DB save
without an expiry check costs 1MB, a save that includes one will cost
10. Atheme databases aren't huge to begin with, but I think a tenfold
reduction is still worth chasing.
Edited by @aaronmdjones: Add NEWS entry and script to migrate back to
the v7.2 database format, should people wish to downgrade.
Aaron Jones [Tue, 18 Jan 2022 12:14:27 +0000 (12:14 +0000)]
libathemecore/ptasks.c: stats c: show uplink host
This is already gated behind PRIV_SERVER_AUSPEX, which OperServ
SPECS describes as "view concealed information about servers".
Also, you can already obtain this information from `stats f`
(shows all active file descriptors associated with connections,
which includes endpoint IP addresses), which is gated behind the
same privilege.
jesopo [Sun, 28 Nov 2021 13:45:48 +0000 (13:45 +0000)]
Allow hooks to force account expire
Edited and committed by @aaronmdjones: Other general code cleanup;
clarify that if a hook forces account expiry, the destructor for
the myuser object will take care of logging them out (if they are
logged in). Also account for the fact that they may be logged in
by having the log message include their login count. Finally, don't
let a hook prevent the expiry of an unverified account.
If passed a list consisting entirely of non-reloadable modules, we would
leak approximately up to 24 bytes of memory each time. Discovered manually
during reading the function.
Ed Kellett [Sun, 17 Oct 2021 17:01:11 +0000 (18:01 +0100)]
saslserv/main: Preserve pending login on abort
The previous patch made SaslServ aware of pending logins (i.e. SASL
sessions which have succeeded and generated a SVSLOGIN). This one
ensures that aborting a SASL authentication attempt does not destroy
that information: if you successfully authenticate as user A, then begin
and abort another authentication attempt as user B, you will log in as
user A.
This is only relevant in the pre-registration case, when SASL logins
cannot be actioned immediately. It's also necessary to avoid a desync in
this case: if we have already sent a SVSLOGIN for a login, the user is
going to be informed that they've logged in, and the ircd is going treat
them as though they're logged in. Other solutions are possible, but I
think the cleanest one is to action the last SVSLOGIN we sent, mirroring
their effect ircd-side.
Ed Kellett [Sun, 17 Oct 2021 13:13:22 +0000 (14:13 +0100)]
saslserv/main: Track EID we're pending login to
The existing model does not remember that we've sent a SVSLOGIN for a
given SASL session, and simply assumes that if a client is introduced
with a SASL session open, that session must have succeeded. The security
of this approach requires ircd to implicitly abort SASL sessions on
client registration.
This also means that if a client successfully authenticates and then
does something else its pending login is forgotten about, even though a
SVSLOGIN has been sent for it, and the ircd is going to think it's
logged in.
This change removes the dependency on ircd's state machine by keeping
explicit track of the pending login, i.e. the one we've most recently
sent a SVSLOGIN for. The next commit will ensure that a client abort
(even an implicit one) doesn't blow that information away.
Aaron Jones [Sat, 7 Aug 2021 18:36:00 +0000 (18:36 +0000)]
libathemecore/connection: connection_add(): make fd non-inheritable
Grumble; Windows compatibility stuff, ew, etc. I just copied the
function below it. Windows compatibility is liable to get ripped
out of services entirely due to WSL being A Thing now, but for
now just follow the convention.
This means we now don't need to call connection_close_all_fds()
when forking to send e-mail.
Aaron Jones [Fri, 16 Jul 2021 15:31:21 +0000 (15:31 +0000)]
modules/saslserv/main: authxid_can_login: check for freeze early
Freezing an account should prevent a login attempt entirely, rather
than allowing the mechanism to succeed first, only for the login
itself to then fail.
Aaron Jones [Sat, 10 Jul 2021 21:05:44 +0000 (21:05 +0000)]
libathemecore/function.c: sendemail_urlencode: cast argument to isalnum(3)
This may avoid diagnostics on systems with signed chars. Not actually a
problem in practice because we do not consider such characters to be
valid in a nickname, which is required for them to be valid account
names.
Aaron Jones [Sat, 10 Jul 2021 18:07:47 +0000 (18:07 +0000)]
libathemecore/function.c: sendemail(): allow for urlencoding account
If one wishes to replace their register email template to prefix the account
name and registration verification token with a URL (to implement a webserver
to verify registrations, so people don't have to copy and paste commands to
execute on IRC), we should allow for the possibility that people will have
non-alphanumeric characters in their account name, and provide a URL-encoded
version of it.
This will ensure that such links are always clickable in various MUAs.
Val Lorentz [Sat, 26 Jun 2021 17:51:59 +0000 (19:51 +0200)]
Explain configuration outside the "Compiling" section
It didn't really make sense as configuration isn't part of the compilation.
Additionally, not everyone installs Atheme by compiling it themselves,
or they may not have the file at hand while reading this document
(eg. reading the documentation before actually doing it)
Val Lorentz [Sat, 26 Jun 2021 17:07:45 +0000 (19:07 +0200)]
INSTALL: Remove unnessarily agressive remark
People who set up their first IRC network will read this documentation,
it seems unnecessary to shame them for... not knowing how to setup
and IRC network.
Aaron Jones [Thu, 24 Jun 2021 09:39:27 +0000 (09:39 +0000)]
email/default/setpass: don't encourage contact for unsolicited receipt
Nothing can be done to the account without the token in this e-mail,
and any competent malicious actor who does have unauthorised access to
a user's e-mail inbox is also just going to delete the e-mail after
compromising the user's account anyway.
Therefore, it doesn't make sense to encourage the user to reach out to
the network administration.
Also clarify that password reset tokens are now automatically
invalidated by a successful login.
Aaron Jones [Sun, 20 Jun 2021 02:32:27 +0000 (02:32 +0000)]
libathemecore/ptasks.c: handle_kill(): don't use slog() if we got killed
If a client on our server is killed, we cannot reliably use slog(),
because the client may be OperServ, and slog() mesages are sent from
OperServ.
It turns out that some IRCds care about receiving messages from UIDs
it doesn't know about (because it just killed them), and will send
KILLs for them over and over again.
Aaron Jones [Sun, 13 Jun 2021 07:59:31 +0000 (07:59 +0000)]
modules/operserv/modmanager: account for an entire list of non-reloadables
When recursing a given module's reverse dependencies, it is
possible that we run into a permanent module that is depended
upon by a semi-permanent (reload-only) module. This will result
in the reload of that module being skipped (as there is a
permanent module in its reverse dependency chain), but the
mod_recurse_revdeps() function will still set the r_dep pointer
to the semi-permanent one.
We then test if r_dep is set to perform a database save (in case
reloading of the reload-only module fails). However, if our
entire list of modules to reload has recursive non-reloadability
status, we will be saving the database for nothing, as we then
go on to ignore every module in the list.
Exit early if this is the case, avoiding a pointless wallops and
database save.
Listing the same module twice in the list of MODRELOAD parameters, or
listing a module that would already be unloaded for depending on a
module given earlier in the list, would attempt to unload a module that
had already been unloaded.
Instead of storing the module pointer when initially processing the
list, we now call module_find_published() again just before unloading
the module. (We do remember the unload capability value computed during
the initial processing to avoid having to recurse again.)
Module A can end up with this reverse dependency graph (as represented
in the modules' required_by lists):
A -> B -> C
A -> C
Given B is listed first in required_by, it will be unloaded;
recursively, C will be unloaded. However, unloading a module also
removes it from its dependencies' required_by lists, thus removing C
from A's required_by list. While the _SAFE variant of the list iteration
macro is designed to handle the current element being removed, it is not
able to handle an arbitrary number of following elements being removed
as well.
As unloading a module will always remove it from the required_by list,
we can instead keep unloading the first element of the list until the
list is empty.
Aaron Jones [Fri, 4 Jun 2021 22:57:45 +0000 (23:57 +0100)]
modules/saslserv/main.c: rename flag for secure client connection
Hooks should be able to judge whether to allow an SASL negotiation
based on whether the client is connected to the network securely or
not; not just whether it is using TLS. Some IRCds have the concept
of "secure origins", and can treat e.g. connections from localhost
as secure against eavesdropping. Rename the flag appropriately.
Aaron Jones [Sat, 29 May 2021 21:12:23 +0000 (21:12 +0000)]
libathemecore/ptasks.c: STATS:T: make nonsensitive data available
The statistics for server, user, and chan can already be obtained via
the LUSERS command on IRC, so it does not make sense for services to
prevent accessing these by requiring services privileges.
Furthermore, the number of registered accounts, nicknames, and channels
should also not be considered sensitive data. The Atheme project does
not condone hiding such basic and non-sensitive data from network users.
Finally, put missing mynicks count in default MOTD file.
Aaron Jones [Sun, 30 May 2021 15:34:57 +0000 (15:34 +0000)]
modules/chanserv/access: re-arrange empty check order
Discovered while I was about to merge #784. Didn't want to trip CI again
twice with the fix and merge, so I'll merge and fix it in one shot. The
rest of the pull request establishes the check order as permissions,
closure, and then emptiness.
projects / irc / atheme / atheme.git / log
