Ed Kellett [Sun, 19 Jun 2022 21:07:20 +0000 (22:07 +0100)]
valid_temp_time: simplify/correct overflow check
the logic for trying to detect the maximum value of time_t was broken;
since we target a lower maximum time anyway, just use that for the
overflow check
While working on reproducible builds for openSUSE, I found that
our package varied even when building in clean VMs
with as little non-determinism as possible.
This was because of
Aaron Jones [Fri, 8 Apr 2022 16:47:18 +0000 (16:47 +0000)]
authd/providers/opm.c: include <netinet/tcp.h> (#318)
This header defines the TCP_NODELAY flag, which this compilation
unit uses.
Other C libraries implicitly include this header from some other
header we are using (I have not investigated which), but musl's
system headers do not, which breaks building on musl.
Ed Kellett [Fri, 1 Apr 2022 13:26:47 +0000 (14:26 +0100)]
Remove the subset ban restriction
I think this was always pretty questionable. You can set redundant bans
in various ways anyway, and preventing all of them would only make the
situation worse, as wide temporary bans would destroy narrow permanent
ones, for example.
Ed Kellett [Tue, 19 Oct 2021 22:56:22 +0000 (23:56 +0100)]
m_list: fail on invalid parameters
Loose port of 6ea60b2297948211925e22bd1f284179d680b4ae. I've chosen to
reduce indentation where it's convenient, and I'm allowing >-[0-9] as a
way of specifying a minimum of 0 because... I don't know, it just seems
neater to me.
Ed Kellett [Tue, 19 Oct 2021 12:30:03 +0000 (13:30 +0100)]
m_list: Treat valid names with wildcards as masks
* and ? are valid characters for channel names on IRC, and ELIST M gives
no way to distinguish between `LIST #foo-*` that's meant to search for
channels beginning `#foo-` and `LIST #foo-*` that's meant to list one
channel named literally `#foo-*`.
In order to deal with this, we will always assume a name with wildcards
is a mask. If it's also a channel name, that will be listed first.
Seth Arnold [Thu, 30 Sep 2021 19:46:44 +0000 (19:46 +0000)]
add sqlite3 to build instructions
Quite often people new to Solanum run into trouble in the configure step: the error message if they are lacking either the pkg-config or libsqlite3 packages are identical and discovering the pkg-config dependency is not trivial:
checking for SQLITE... no
configure: error: sqlite3 is required
I can't promise this apt install line is complete, but I know that I've suggested the pkg-config and libsqlite3-dev packages many times in the #solanum channel and they've been very helpful.
jailbird777 [Fri, 25 Jun 2021 07:21:02 +0000 (02:21 -0500)]
(Mostly) exorcise select()
Sadly, this just sends it to purgatory. It's still around for the
socketpair() emulation and the nanosleep() emulation.
socketpair() obviously only selects() on 2 FDs, so not a huge deal.
nanosleep() only uses it for the timeout, so also not a huge deal.
socketpair() is SUSv3 (2001) and nanosleep() is SUSv2 (1997), so maybe
it's OK to remove those emulations. If so, then we can also remove the
sys/select.h check in configure.ac
jailbird777 [Thu, 17 Jun 2021 23:15:11 +0000 (18:15 -0500)]
Remove unneeded ugly hack for 32-bit Solaris
- The official Sun/Oracle solution is to use the extendedFILE(5)
mechanism, which works around the limitation.
https://docs.oracle.com/cd/E18752_01/html/816-5175/extendedfile-5.html
- Add a quick HOWTO to the README.md
Ed Kellett [Sat, 29 May 2021 15:47:17 +0000 (16:47 +0100)]
authd: substitute * if rewritten user is empty
We remove characters like ^ and ~ from the ident string after checking
if it's valid. If it consisted entirely of those, we'd try to send an
empty string to ircd, which would break the protocol, so don't let that
happen.
Aaron Jones [Fri, 4 Jun 2021 22:53:09 +0000 (23:53 +0100)]
modules/m_sasl.c: use IsSecure() instead of IsSSL()
Further to our implementation of the concept of "secure origins", we can
indicate to services that the client is connected securely, rather than
just that the client is using TLS. For example, connections from the
local host (from the IRCd's perspective) can be considered secure
against eavesdropping.
Allow this to factor into services' decision on whether to allow an SASL
negotiation or not. Atheme currently assumes this means the client is
using TLS, but I have changed that in atheme/atheme@412d50103c1d8c2a