Aaron Jones [Sat, 10 Jul 2021 21:05:44 +0000 (21:05 +0000)]
libathemecore/function.c: sendemail_urlencode: cast argument to isalnum(3)
This may avoid diagnostics on systems with signed chars. Not actually a
problem in practice because we do not consider such characters to be
valid in a nickname, which is required for them to be valid account
names.
Aaron Jones [Sat, 10 Jul 2021 18:07:47 +0000 (18:07 +0000)]
libathemecore/function.c: sendemail(): allow for urlencoding account
If one wishes to replace their register email template to prefix the account
name and registration verification token with a URL (to implement a webserver
to verify registrations, so people don't have to copy and paste commands to
execute on IRC), we should allow for the possibility that people will have
non-alphanumeric characters in their account name, and provide a URL-encoded
version of it.
This will ensure that such links are always clickable in various MUAs.
Val Lorentz [Sat, 26 Jun 2021 17:51:59 +0000 (19:51 +0200)]
Explain configuration outside the "Compiling" section
It didn't really make sense as configuration isn't part of the compilation.
Additionally, not everyone installs Atheme by compiling it themselves,
or they may not have the file at hand while reading this document
(eg. reading the documentation before actually doing it)
Val Lorentz [Sat, 26 Jun 2021 17:07:45 +0000 (19:07 +0200)]
INSTALL: Remove unnessarily agressive remark
People who set up their first IRC network will read this documentation,
it seems unnecessary to shame them for... not knowing how to setup
and IRC network.
Aaron Jones [Thu, 24 Jun 2021 09:39:27 +0000 (09:39 +0000)]
email/default/setpass: don't encourage contact for unsolicited receipt
Nothing can be done to the account without the token in this e-mail,
and any competent malicious actor who does have unauthorised access to
a user's e-mail inbox is also just going to delete the e-mail after
compromising the user's account anyway.
Therefore, it doesn't make sense to encourage the user to reach out to
the network administration.
Also clarify that password reset tokens are now automatically
invalidated by a successful login.
Aaron Jones [Sun, 20 Jun 2021 02:32:27 +0000 (02:32 +0000)]
libathemecore/ptasks.c: handle_kill(): don't use slog() if we got killed
If a client on our server is killed, we cannot reliably use slog(),
because the client may be OperServ, and slog() mesages are sent from
OperServ.
It turns out that some IRCds care about receiving messages from UIDs
it doesn't know about (because it just killed them), and will send
KILLs for them over and over again.
Aaron Jones [Sun, 13 Jun 2021 07:59:31 +0000 (07:59 +0000)]
modules/operserv/modmanager: account for an entire list of non-reloadables
When recursing a given module's reverse dependencies, it is
possible that we run into a permanent module that is depended
upon by a semi-permanent (reload-only) module. This will result
in the reload of that module being skipped (as there is a
permanent module in its reverse dependency chain), but the
mod_recurse_revdeps() function will still set the r_dep pointer
to the semi-permanent one.
We then test if r_dep is set to perform a database save (in case
reloading of the reload-only module fails). However, if our
entire list of modules to reload has recursive non-reloadability
status, we will be saving the database for nothing, as we then
go on to ignore every module in the list.
Exit early if this is the case, avoiding a pointless wallops and
database save.
Listing the same module twice in the list of MODRELOAD parameters, or
listing a module that would already be unloaded for depending on a
module given earlier in the list, would attempt to unload a module that
had already been unloaded.
Instead of storing the module pointer when initially processing the
list, we now call module_find_published() again just before unloading
the module. (We do remember the unload capability value computed during
the initial processing to avoid having to recurse again.)
Module A can end up with this reverse dependency graph (as represented
in the modules' required_by lists):
A -> B -> C
A -> C
Given B is listed first in required_by, it will be unloaded;
recursively, C will be unloaded. However, unloading a module also
removes it from its dependencies' required_by lists, thus removing C
from A's required_by list. While the _SAFE variant of the list iteration
macro is designed to handle the current element being removed, it is not
able to handle an arbitrary number of following elements being removed
as well.
As unloading a module will always remove it from the required_by list,
we can instead keep unloading the first element of the list until the
list is empty.
Aaron Jones [Fri, 4 Jun 2021 22:57:45 +0000 (23:57 +0100)]
modules/saslserv/main.c: rename flag for secure client connection
Hooks should be able to judge whether to allow an SASL negotiation
based on whether the client is connected to the network securely or
not; not just whether it is using TLS. Some IRCds have the concept
of "secure origins", and can treat e.g. connections from localhost
as secure against eavesdropping. Rename the flag appropriately.
Aaron Jones [Sat, 29 May 2021 21:12:23 +0000 (21:12 +0000)]
libathemecore/ptasks.c: STATS:T: make nonsensitive data available
The statistics for server, user, and chan can already be obtained via
the LUSERS command on IRC, so it does not make sense for services to
prevent accessing these by requiring services privileges.
Furthermore, the number of registered accounts, nicknames, and channels
should also not be considered sensitive data. The Atheme project does
not condone hiding such basic and non-sensitive data from network users.
Finally, put missing mynicks count in default MOTD file.
Aaron Jones [Sun, 30 May 2021 15:34:57 +0000 (15:34 +0000)]
modules/chanserv/access: re-arrange empty check order
Discovered while I was about to merge #784. Didn't want to trip CI again
twice with the fix and merge, so I'll merge and fix it in one shot. The
rest of the pull request establishes the check order as permissions,
closure, and then emptiness.
Aaron Jones [Sat, 29 May 2021 13:56:09 +0000 (13:56 +0000)]
modules/saslserv/main: downgrade severity of no mechanism log message
It was discovered while testing some improvements to contrib/sasl_blacklist
that clients can trigger this message remotely and at will, just by not
adhering to the SASL specification.
This reflects a similar Solanum PR: solanum-ircd/solanum#150
It might be slightly more proper to have this option apply specifically
to the solanum protocol module once we have one, but we don't, plus
there isn't currently any precedent for config options added from
protocol modules.
The option is deliberately rehashable as the Solanum option is as well,
allowing a synchronized change in configuration across a network without
requiring restarts.
Aaron Jones [Sun, 28 Mar 2021 21:06:53 +0000 (21:06 +0000)]
include/atheme/hooktypes.in: add a hook for password (hash) change
This will allow modules to detect when a user's account password
(or its hash) has been changed (after the fact; use the hook added
in the previous commit if you need to access the plaintext password
for some reason).
Aaron Jones [Sun, 28 Mar 2021 20:30:21 +0000 (20:30 +0000)]
nickserv/set_password: allow a hook to deny a password change
This prevents bypassing nickserv/pwquality, by initially registering
with a password that it does not object to, and then changing it to
a more insecure one.
Aaron Jones [Fri, 26 Mar 2021 12:03:09 +0000 (12:03 +0000)]
libathemecore/connection.c: free vhost_addr after using it.
Caught by Clang's AddressSanitizer, eventually, after a few inexplicable
corrupt addresses were output. I'm not sure why it didn't catch this
immediately.
Fixes: 642759fc2907efe5e0ba ("libathemecore/connection.c: use
connection->name to store addrs & ports")
Aaron Jones [Thu, 25 Mar 2021 17:19:24 +0000 (17:19 +0000)]
libathemecore/connection.c: use connection->name to store addrs & ports
Also obtain IP addresses where the sockets are created, instead of in
connection_add(). This is a better approach than that taken by commit 1bb7e1e587306239ca87, and restores the ability to perform non-blocking
connections.
Finally, since connection_add() creates the mowgli.pollable object for
the fd, don't bother testing if the fd is valid. Add an assertion for a
valid fd being passed, because an invalid fd will only result in
nothing working anyway. Likewise assert that the connection name is
valid, and that at least one I/O handler was supplied.
Aaron Jones [Thu, 18 Mar 2021 21:11:08 +0000 (21:11 +0000)]
modules/contrib/: transition to independent build system
Having to duplicate configure tests in all supported Atheme release and
development branches, to enable contrib modules to be built reliably on
all of our supported platforms, was quickly becoming untenable.
Aaron Jones [Sat, 13 Mar 2021 21:20:55 +0000 (21:20 +0000)]
Build System: Improve handling of enabling and configuring submodules
- When performing the libmowgli test, don't pollute CFLAGS / CPPFLAGS /
LDFLAGS / LIBS variables. Set library-specific variables, just like
the other library tests do
This allows us to configure submodules later without having to save
the environment variables first
- When --with-libmowgli=yes is given, require that pkg-config is
available and that it can detect the library, erroring out otherwise
- Put the logic for handling enabling and configuring submodules into
its own M4 file
Aaron Jones [Sat, 13 Mar 2021 18:31:30 +0000 (18:31 +0000)]
configure.ac: rename autoconf/ to build-aux/
This is the name that a lot of other projects use, the name that is
recommended by the GNU autoconf documentation, and the name that is
used by the upstream buildsys project [1] (though we have diverged
from that significantly).
Aaron Jones [Thu, 11 Mar 2021 20:04:39 +0000 (20:04 +0000)]
configure: put directory macros in a header file, not in CPPFLAGS
This will be necessary for my near-future intention to change the contrib
modules repository to be self-building; i.e. to have its own configure
script and build system.
Also don't try to expand directories like MODDIR for pretty printing,
because it sometimes doesn't work depending on the directory arguments
given to ./configure. Yeah, the config output looks worse, but oh well.
Aaron Jones [Thu, 11 Mar 2021 14:18:23 +0000 (14:18 +0000)]
m4/atheme-*.m4: use autoconf flow control macros exclusively
The AS_IF and AS_CASE macros enable one to write "if" and "case"
shell statements in a portable way. They still generate more or
less the same output, but code which works better on various
obscure platforms.
They also allow autoconf to examine the conditional block bodies
for macro calls, to ensure those macros are available. This will
become more necessary in future versions of autoconf.
Also use these to replace an unguarded grep(1) invocation in the
Perl library testing macro.
Aaron Jones [Thu, 11 Mar 2021 14:02:42 +0000 (14:02 +0000)]
libathemecore/: rename openbsd random backend to arc4random
There may well be platforms in the future that have a secure algorithm
backing their arc4random(3) implementation. For the moment we continue
to support only OpenBSD, but make it easier to adjust in the future.
The buildsys.mk.in and buildsys.module.mk files already add these
variables to CFLAGS and LDFLAGS during execution of CompileModule,
CompilePlugin, and Link steps.
Aaron Jones [Tue, 9 Mar 2021 17:49:41 +0000 (17:49 +0000)]
configure.ac: approach noexecstack differently
This can also be passed as -Wl,-z,noexecstack which saves Clang warning
about it being unused during compilation. Since -Wl arguments are only
used by the linker, take it out of CFLAGS. This continues to work on
GCC.
Aaron Jones [Tue, 9 Mar 2021 17:38:14 +0000 (17:38 +0000)]
configure.ac: prepend LIBPCRE_CFLAGS and LIBPCRE_LIBS
The entire codebase depends on libpcre if it is detected successfully,
so we need to build all of the .c files with the appropriate CFLAGS &
LIBS.
This was taken care of in libathemecore/Makefile, but nowhere else.
It's better to just have configure.ac take care of adding it if they
are non-empty.
Aaron Jones [Tue, 9 Mar 2021 08:37:42 +0000 (08:37 +0000)]
m4/atheme-featuretest-contrib.m4: fix test for res_query(3)
Most platforms have these as enums, which are converted to int (for use
as arguments) by the compiler automatically. However, some platforms do
not have these as enums, and use macros to define their values instead.
The former platforms also have those macros to define them in terms of
the corresponding enum, so use the macros instead of the enums for
broader compatibility, defining them in terms of their enums when they
don't exist.
glibc2 and musl have enums and compatibility macros, uclibc and
uclibc-ng have enums only, and OpenBSD libc has macros only.