Merge v2.0.23 and v2.0.24 into master.
# allowpattern="Guest* Bot*" #
# killreason="Access denied" #
# verbose="yes" #
-# host="$uid.$ou.inspircd.org"> #
+# host="$uid.$ou.inspircd.org" #
+# useusername="no"> #
# #
# <ldapwhitelist cidr="10.42.0.0/16"> #
# #
# regardless of if they have an account, for example guest and bot #
# users. #
# #
+# The useusername setting chooses whether the user's username or #
+# nickname is used when locating a user account, if a username isn't #
+# provided in PASS. #
+# #
# Killreason indicates the QUIT reason to give to users if they fail #
# to authenticate. #
# #
#
#-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
-# Securelist can be harmful to some IRC search engines such as #
-# netsplit.de and searchirc.com. To prevent securelist blocking these #
-# sites from listing, define exception tags as shown below: #
-#<securehost exception="*@*.searchirc.org">
+# Securelist can be harmful to some IRC search engines. To prevent #
+# securelist blocking these sites from listing, define exception tags #
+# as shown below: #
#<securehost exception="*@*.netsplit.de">
-#<securehost exception="*@echo940.server4you.de">
#<securehost exception="*@*.ircdriven.com">
+#<securehost exception="*@*.irc-source.com">
# #
# Define the following variable to change how long a user must wait #
# before issuing a LIST. If not defined, defaults to 60 seconds. #
# SSL channel mode module: Adds support for SSL-only channels via
# channel mode +z and the 'z' extban which matches SSL client
# certificate fingerprints.
-# Does not do anything useful without a working SSL module (see below).
+# Does not do anything useful without a working SSL module and the
+# sslinfo module (see below).
#<module name="sslmodes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
* Actually no, it does nothing. Never mind.
* @throws Nothing!
*/
- virtual ~CoreException() throw() {};
+ virtual ~CoreException() throw() {}
/** Returns the reason for the exception.
* @return Human readable description of the error
*/
obj/ld-extra.cmd: $core_src
\@\$(SOURCEPATH)/make/unit-cc.pl gen-ld \$\@ \$^ \$>
-bin/inspircd: obj/ld-extra.cmd $core_mk
+bin/inspircd: $core_mk obj/ld-extra.cmd
\@\$(SOURCEPATH)/make/unit-cc.pl static-ld \$\@ \$^ \$>
inspircd: bin/inspircd
bool opt_time;
ChanModeReference secretmode;
ChanModeReference privatemode;
+ UserModeReference hidechansmode;
UserModeReference invisiblemode;
- Membership* get_first_visible_channel(User* u)
+ Membership* get_first_visible_channel(User* source, User* u)
{
for (User::ChanList::iterator i = u->chans.begin(); i != u->chans.end(); ++i)
{
Membership* memb = *i;
- if (!memb->chan->IsModeSet(secretmode))
+
+ /* XXX move the +I check into m_hidechans */
+ bool has_modes = memb->chan->IsModeSet(secretmode) || memb->chan->IsModeSet(privatemode) || u->IsModeSet(hidechansmode);
+ if (source == u || !has_modes || memb->chan->HasUser(source))
return memb;
}
return NULL;
: Command(parent, "WHO", 1)
, secretmode(parent, "secret")
, privatemode(parent, "private")
+ , hidechansmode(parent, "hidechans")
, invisiblemode(parent, "invisible")
{
syntax = "<server>|<nickname>|<channel>|<realname>|<host>|0 [ohurmMiaplf]";
void CommandWho::SendWhoLine(User* user, const std::vector<std::string>& parms, Membership* memb, User* u, std::vector<Numeric::Numeric>& whoresults)
{
if (!memb)
- memb = get_first_visible_channel(u);
+ memb = get_first_visible_channel(user, u);
Numeric::Numeric wholine(RPL_WHOREPLY);
wholine.push(memb ? memb->chan->name : "*").push(u->ident);
realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator)
, realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator)
{
+ allow_empty_last_param = false;
works_before_reg = true;
this->syntax = "password client hostname ip";
}
if(user->registered == REG_ALL)
return CMD_FAILURE;
+ irc::sockets::sockaddrs ipaddr;
+ if (!irc::sockets::aptosa(parameters[3], 0, ipaddr))
+ {
+ IS_LOCAL(user)->CommandFloodPenalty += 5000;
+ ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC but gave an invalid IP address.", user->GetFullRealHost().c_str());
+ return CMD_FAILURE;
+ }
+
for(CGIHostlist::iterator iter = Hosts.begin(); iter != Hosts.end(); iter++)
{
if(InspIRCd::Match(user->host, iter->hostmask, ascii_case_insensitive_map) || InspIRCd::MatchCIDR(user->GetIPString(), iter->hostmask, ascii_case_insensitive_map))
}
}
+ IS_LOCAL(user)->CommandFloodPenalty += 5000;
ServerInstance->SNO->WriteGlobalSno('w', "Connecting user %s tried to use WEBIRC, but didn't match any configured webirc blocks.", user->GetFullRealHost().c_str());
return CMD_FAILURE;
}
if (adding)
{
+ // assume this is more correct
+ if (user->registered != REG_ALL && user->host != user->dhost)
+ return MODEACTION_DENY;
+
std::string* cloak = ext.get(user);
if (!cloak)
{
std::string chost;
+ irc::sockets::sockaddrs hostip;
+ bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
+
switch (mode)
{
case MODE_HALF_CLOAK:
{
- if (ipstr != host)
+ if (!host_is_ip)
chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host);
if (chost.empty() || chost.length() > 50)
chost = SegmentIP(ip, false);
if (!ans_record)
return;
+ // All replies should be in 127.0.0.0/8
+ if (ans_record->rdata.compare(0, 4, "127.") != 0)
+ {
+ ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), ans_record->rdata.c_str());
+ ConfEntry->stats_misses++;
+ return;
+ }
+
int i = countExt.get(them);
if (i)
countExt.set(them, i - 1);
FOREACH_MOD(OnBuildNeighborList, (user, include_chans, exceptions));
+ // Users shouldn't see themselves quitting when host cycling
+ exceptions.erase(user);
for (std::map<User*,bool>::iterator i = exceptions.begin(); i != exceptions.end(); ++i)
{
LocalUser* u = IS_LOCAL(i->first);
data << "<server>";
data << "<servername>" << b->servername << "</servername>";
data << "<parentname>" << b->parentname << "</parentname>";
- data << "<gecos>" << b->gecos << "</gecos>";
+ data << "<gecos>" << Sanitize(b->gecos) << "</gecos>";
data << "<usercount>" << b->usercount << "</usercount>";
// This is currently not implemented, so, commented out.
// data << "<opercount>" << b->opercount << "</opercount>";
if (source->IsOper() && CanOverride(source,"KICK"))
{
// If the kicker's status is less than the target's, or the kicker's status is less than or equal to voice
- if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE))
+ if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE) ||
+ (memb->chan->GetPrefixValue(source) == HALFOP_VALUE && memb->getRank() == HALFOP_VALUE))
{
ServerInstance->SNO->WriteGlobalSno('v',source->nick+" used oper override to kick "+memb->user->nick+" on "+memb->chan->name+" ("+reason+")");
return MOD_RES_ALLOW;
SaslResult result;
bool state_announced;
+ /* taken from m_services_account */
+ static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out)
+ {
+ ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname);
+ if (!wiext)
+ return false;
+
+ if (wiext->creator->ModuleSourceFile != "m_cgiirc.so")
+ return false;
+
+ StringExtItem* stringext = static_cast<StringExtItem*>(wiext);
+ std::string* addr = stringext->get(user);
+ if (!addr)
+ return false;
+
+ out = *addr;
+ return true;
+ }
+
+
+ void SendHostIP()
+ {
+ std::string host, ip;
+
+ if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host))
+ {
+ host = user->host;
+ }
+ if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip))
+ {
+ ip = user->GetIPString();
+ }
+ else
+ {
+ /* IP addresses starting with a : on irc are a Bad Thing (tm) */
+ if (ip.c_str()[0] == ':')
+ ip.insert(ip.begin(),1,'0');
+ }
+
+ parameterlist params;
+ params.push_back(sasl_target);
+ params.push_back("SASL");
+ params.push_back(user->uuid);
+ params.push_back("*");
+ params.push_back("H");
+ params.push_back(host);
+ params.push_back(ip);
+
+ SendSASL(params);
+ }
+
public:
SaslAuthenticator(User* user_, const std::string& method)
: user(user_), state(SASL_INIT), state_announced(false)
{
+ SendHostIP();
+
parameterlist params;
params.push_back(user->uuid);
params.push_back("*");
: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
{
works_before_reg = true;
+ allow_empty_last_param = false;
}
CmdResult Handle (const std::vector<std::string>& parameters, User *user)
if (!cap.get(user))
return CMD_FAILURE;
+ if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+ return CMD_FAILURE;
+
SaslAuthenticator *sasl = authExt.get(user);
if (!sasl)
authExt.set(user, new SaslAuthenticator(user, parameters[0]));
servertracker.Reset();
}
- ModResult OnUserRegister(LocalUser *user) CXX11_OVERRIDE
+ void OnUserConnect(LocalUser *user) CXX11_OVERRIDE
{
SaslAuthenticator *sasl_ = authExt.get(user);
if (sasl_)
sasl_->Abort();
authExt.unset(user);
}
-
- return MOD_RES_PASSTHRU;
}
void OnDecodeMetaData(Extensible* target, const std::string& extname, const std::string& extdata) CXX11_OVERRIDE
#include "exitcodes.h"
#include <sys/epoll.h>
-#include <ulimit.h>
+#include <sys/resource.h>
#include <iostream>
/** A specialisation of the SocketEngine class, designed to use linux 2.6 epoll().
void SocketEngine::Init()
{
- // MAX_DESCRIPTORS is mainly used for display purposes, no problem if ulimit() fails and returns a negative number
- MAX_DESCRIPTORS = ulimit(4, 0);
+ // MAX_DESCRIPTORS is mainly used for display purposes, no problem if getrlimit() fails
+ struct rlimit limit;
+ if (!getrlimit(RLIMIT_NOFILE, &limit))
+ {
+ MAX_DESCRIPTORS = limit.rlim_cur;
+ }
// 128 is not a maximum, just a hint at the eventual number of sockets that may be polled,
// and it is completely ignored by 2.6.8 and later kernels, except it must be larger than zero.
void User::InvalidateCache()
{
/* Invalidate cache */
+ cachedip.clear();
cached_fullhost.clear();
cached_hostip.clear();
cached_makehost.clear();
bool User::SetClientIP(const char* sip, bool recheck_eline)
{
- cachedip.clear();
- cached_hostip.clear();
+ this->InvalidateCache();
return irc::sockets::aptosa(sip, 0, client_sa);
}
install(DIRECTORY ${LOG_DIR} DESTINATION .)
if(EXISTS "${CMAKE_ROOT}/Modules/CPack.cmake")
+ set(CMAKE_INSTALL_SYSTEM_RUNTIME_DESTINATION ".") # place runtime libraries next to InspIRCd binary
include(InstallRequiredSystemLibraries)
set(CPACK_PACKAGE_NAME "InspIRCd IRC Daemon")
projects / user / henk / code / inspircd.git / commitdiff