diff options
| -rw-r--r-- | docs/conf/helpop-full.conf.example | 10 | ||||
| -rw-r--r-- | docs/conf/inspircd.conf.example | 41 | ||||
| -rw-r--r-- | docs/conf/modules.conf.example | 18 | ||||
| -rw-r--r-- | docs/conf/opers.conf.example | 13 | ||||
| -rw-r--r-- | src/coremods/core_oper/cmd_die.cpp | 6 | ||||
| -rw-r--r-- | src/coremods/core_oper/cmd_restart.cpp | 4 | ||||
| -rw-r--r-- | src/coremods/core_oper/core_oper.cpp | 2 | ||||
| -rw-r--r-- | src/modules/m_cgiirc.cpp | 6 | ||||
| -rw-r--r-- | src/modules/m_chanlog.cpp | 2 | ||||
| -rw-r--r-- | src/modules/m_shun.cpp | 3 | ||||
| -rw-r--r-- | src/server.cpp | 5 |
11 files changed, 44 insertions, 66 deletions
diff --git a/docs/conf/helpop-full.conf.example b/docs/conf/helpop-full.conf.example index b9a3392e6..d8af395ad 100644 --- a/docs/conf/helpop-full.conf.example +++ b/docs/conf/helpop-full.conf.example @@ -621,17 +621,15 @@ The duration may be specified in seconds, or in the format 1y2w3d4h5m6s - meaning one year, two weeks, three days, 4 hours, 5 minutes and 6 seconds. All fields in this format are optional."> -<helpop key="die" value="/DIE <password> +<helpop key="die" value="/DIE <server> This command shuts down the local server. A single parameter is -required, which must match the password in the configuration for the -command to function."> +required, which must match the name of the local server."> -<helpop key="restart" value="/RESTART <password> +<helpop key="restart" value="/RESTART <server> This command restarts the local server. A single parameter is -required, which must match the password in the configuration for the -command to function."> +required, which must match the name of the local server."> <helpop key="commands" value="/COMMANDS diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index d56ac55ac..e7eea0210 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -187,33 +187,6 @@ <bind address="1.2.3.4" port="7005" type="servers" ssl="openssl"> -#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # -# You can configure the passwords here which you wish to use for # -# the /DIE and /RESTART commands. Only trusted ircops who will # -# need this ability should know the die and restart password. # -# # - -<power - # hash: what hash these passwords are hashed with. - # Requires the module for selected hash (md5, sha256, or - # ripemd160) be loaded and the password hashing module - # (password_hash) loaded. - # Options here are: "md5", "sha256" and "ripemd160", or one of - # these prefixed with "hmac-", e.g.: "hmac-sha256". - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd <hash> <password> - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" - - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> - - #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # This is where you can configure which connections are allowed # @@ -255,12 +228,14 @@ # allow: What IP addresses/hosts to allow for this block. allow="203.0.113.*" - # hash: what hash this password is hashed with. requires the module - # for selected hash (md5, sha256 or ripemd160) be loaded and the - # password hashing module (password_hash) loaded. - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd <hash> <password> - #hash="sha256" + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, sha256, or + # ripemd160) and the password hashing module (password_hash) to be + # loaded. + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). + # Create hashed passwords with: /mkpasswd <hash> <password> + #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 8d5251aec..4352b0a09 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -653,7 +653,7 @@ # #<title name="foo" password="bar" title="Official Chat Helper"> #<title name="bar" password="foo" host="ident@test.org" title="Official Chat Helper" vhost="helper.test.org"> -#<title name="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" title="Official Chat Helper"> +#<title name="foo" password="$2a$10$UYZ4OcO8NNTCCGyCdY9SK.2GHiqGgxZfHFPOPmWuxEVWVQTtoDC7C" hash="bcrypt" title="Official Chat Helper"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DCCALLOW module: Adds the /DCCALLOW command. @@ -1385,7 +1385,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Password hash module: Allows hashed passwords to be used. -# To be useful, a hashing module like sha256 also needs to be loaded. +# To be useful, a hashing module like bcrypt also needs to be loaded. #<module name="password_hash"> # #-#-#-#-#-#-#-#-#-# PASSWORD HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# @@ -1395,12 +1395,14 @@ # # <oper name="Brain" # host="ident@dialup15.isp.test.com" -# hash="sha256" -# password="01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" +# hash="bcrypt" +# password="$2a$10$Mss9AtHHslZTLBrXqM0FB.JBwD.UTSu8A48SfrY9exrpxbsRiRTbO" # type="NetAdmin"> # -# Starting from 2.0, you can use a more secure salted hash that prevents simply -# looking up the hash's value in a rainbow table built for the hash. +# If you are using a hash algorithm which does not perform salting you can use +# HMAC to salt your passwords in order to prevent them from being looked up in +# a rainbow table. +# # hash="hmac-sha256" password="lkS1Nbtp$CyLd/WPQXizsbxFUTqFRoMvaC+zhOULEeZaQkUJj+Gg" # # Generate hashes using the /MKPASSWD command on the server. @@ -1939,7 +1941,7 @@ # # # See also: http://wiki.inspircd.org/Modules/sqloper # # # -#<sqloper dbid="1" hash="md5"> +#<sqloper dbid="1" hash="bcrypt"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Implements STARTTLS, which allows clients # @@ -2014,7 +2016,7 @@ # host - Vhost to set. # # #<vhost user="some_username" pass="some_password" host="some.host.test.cc"> -#<vhost user="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" host="some.other.host.example.com"> +#<vhost user="foo" password="$2a$10$iTuYLT6BRhRlOgzfsW9oPe62etW.oXwSpyKw5rJit64SGZanLXghO" hash="bcrypt" host="some.other.host.example.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Watch module: Adds the WATCH command, which is used by clients to diff --git a/docs/conf/opers.conf.example b/docs/conf/opers.conf.example index 3ede475f6..5e1ec28f5 100644 --- a/docs/conf/opers.conf.example +++ b/docs/conf/opers.conf.example @@ -141,13 +141,14 @@ # Remember: This is case sensitive. name="Adam" - # hash: What hash this password is hashed with. - # Requires the module for selected hash (md5, sha256 or ripemd160) - # be loaded and the password hashing module (password_hash) loaded. - # Options here are: "md5", "sha256" and "ripemd160", or one of - # these prefixed with "hmac-", e.g.: "hmac-sha256". + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, sha256, or + # ripemd160) and the password hashing module (password_hash) to be + # loaded. + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). # Create hashed passwords with: /mkpasswd <hash> <password> - hash="hmac-sha256" + hash="bcrypt" # password: A hash of the password (see above option) hashed # with /mkpasswd <hash> <password>. See the password_hash module diff --git a/src/coremods/core_oper/cmd_die.cpp b/src/coremods/core_oper/cmd_die.cpp index 4bc6c25db..5fe643520 100644 --- a/src/coremods/core_oper/cmd_die.cpp +++ b/src/coremods/core_oper/cmd_die.cpp @@ -26,7 +26,7 @@ CommandDie::CommandDie(Module* parent) : Command(parent, "DIE", 1) { flags_needed = 'o'; - syntax = "<password>"; + syntax = "<server>"; } static void QuitAll() @@ -64,7 +64,7 @@ CmdResult CommandDie::Handle (const std::vector<std::string>& parameters, User * { { std::string diebuf = "*** DIE command from " + user->GetFullHost() + ". Terminating."; - ServerInstance->Logs->Log("COMMAND", LOG_SPARSE, diebuf); + ServerInstance->Logs->Log(MODNAME, LOG_SPARSE, diebuf); DieRestart::SendError(diebuf); } @@ -73,7 +73,7 @@ CmdResult CommandDie::Handle (const std::vector<std::string>& parameters, User * } else { - ServerInstance->Logs->Log("COMMAND", LOG_SPARSE, "Failed /DIE command from %s", user->GetFullRealHost().c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_SPARSE, "Failed /DIE command from %s", user->GetFullRealHost().c_str()); ServerInstance->SNO->WriteGlobalSno('a', "Failed DIE Command from %s.", user->GetFullRealHost().c_str()); return CMD_FAILURE; } diff --git a/src/coremods/core_oper/cmd_restart.cpp b/src/coremods/core_oper/cmd_restart.cpp index 3e219727f..f76fd098d 100644 --- a/src/coremods/core_oper/cmd_restart.cpp +++ b/src/coremods/core_oper/cmd_restart.cpp @@ -25,12 +25,12 @@ CommandRestart::CommandRestart(Module* parent) : Command(parent, "RESTART", 1, 1) { flags_needed = 'o'; - syntax = "<password>"; + syntax = "<server>"; } CmdResult CommandRestart::Handle (const std::vector<std::string>& parameters, User *user) { - ServerInstance->Logs->Log("COMMAND", LOG_DEFAULT, "Restart: %s",user->nick.c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Restart: %s", user->nick.c_str()); if (DieRestart::CheckPass(user, parameters[0], "restartpass")) { ServerInstance->SNO->WriteGlobalSno('a', "RESTART command from %s, restarting server.", user->GetFullRealHost().c_str()); diff --git a/src/coremods/core_oper/core_oper.cpp b/src/coremods/core_oper/core_oper.cpp index 0fc82df8f..a6b2abd81 100644 --- a/src/coremods/core_oper/core_oper.cpp +++ b/src/coremods/core_oper/core_oper.cpp @@ -27,7 +27,7 @@ namespace DieRestart ConfigTag* tag = ServerInstance->Config->ConfValue("power"); // The hash method for *BOTH* the die and restart passwords const std::string hash = tag->getString("hash"); - const std::string correctpass = tag->getString(confentry); + const std::string correctpass = tag->getString(confentry, ServerInstance->Config->ServerName); return ServerInstance->PassCompare(user, correctpass, inputpass, hash); } } diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index 721d6ba08..09d6e5fdf 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -255,7 +255,7 @@ public: { if (type == "webirc" && password.empty()) { - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "m_cgiirc: Missing password in config: %s", hostmask.c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Missing password in config: %s", hostmask.c_str()); } else { @@ -271,7 +271,7 @@ public: else { cgitype = PASS; - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "Invalid <cgihost:type> value in config: %s, setting it to \"pass\"", type.c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Invalid <cgihost:type> value in config: %s, setting it to \"pass\"", type.c_str()); } cmd.Hosts.push_back(CGIhost(hostmask, cgitype, password)); @@ -279,7 +279,7 @@ public: } else { - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "Invalid <cgihost:mask> value in config: %s", hostmask.c_str()); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Invalid <cgihost:mask> value in config: %s", hostmask.c_str()); continue; } } diff --git a/src/modules/m_chanlog.cpp b/src/modules/m_chanlog.cpp index 0624b4a86..f618a539c 100644 --- a/src/modules/m_chanlog.cpp +++ b/src/modules/m_chanlog.cpp @@ -44,7 +44,7 @@ class ModuleChanLog : public Module if (channel.empty() || snomasks.empty()) { - ServerInstance->Logs->Log("CONFIG", LOG_DEFAULT, "Malformed chanlog tag, ignoring"); + ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Malformed chanlog tag, ignoring"); continue; } diff --git a/src/modules/m_shun.cpp b/src/modules/m_shun.cpp index 5388bb485..022726524 100644 --- a/src/modules/m_shun.cpp +++ b/src/modules/m_shun.cpp @@ -44,6 +44,9 @@ public: if (InspIRCd::Match(u->GetFullHost(), matchtext) || InspIRCd::Match(u->GetFullRealHost(), matchtext) || InspIRCd::Match(u->nick+"!"+u->ident+"@"+u->GetIPString(), matchtext)) return true; + if (InspIRCd::MatchCIDR(u->GetIPString(), matchtext, ascii_case_insensitive_map)) + return true; + return false; } diff --git a/src/server.cpp b/src/server.cpp index 932be319e..2feb08f96 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -165,13 +165,13 @@ void ISupportManager::Build() tokens["AWAYLEN"] = ConvToStr(ServerInstance->Config->Limits.MaxAway); tokens["CASEMAPPING"] = "rfc1459"; + tokens["CHANLIMIT"] = InspIRCd::Format("#:%u", ServerInstance->Config->MaxChans); tokens["CHANMODES"] = ServerInstance->Modes->GiveModeList(MODETYPE_CHANNEL); tokens["CHANNELLEN"] = ConvToStr(ServerInstance->Config->Limits.ChanMax); tokens["CHANTYPES"] = "#"; tokens["ELIST"] = "MU"; tokens["KICKLEN"] = ConvToStr(ServerInstance->Config->Limits.MaxKick); tokens["MAXBANS"] = "64"; // TODO: make this a config setting. - tokens["MAXCHANNELS"] = ConvToStr(ServerInstance->Config->MaxChans); tokens["MAXTARGETS"] = ConvToStr(ServerInstance->Config->MaxTargets); tokens["MODES"] = ConvToStr(ServerInstance->Config->Limits.MaxModes); tokens["NETWORK"] = ServerInstance->Config->Network; @@ -179,8 +179,7 @@ void ISupportManager::Build() tokens["PREFIX"] = ServerInstance->Modes->BuildPrefixes(); tokens["STATUSMSG"] = ServerInstance->Modes->BuildPrefixes(false); tokens["TOPICLEN"] = ConvToStr(ServerInstance->Config->Limits.MaxTopic); - - tokens["FNC"] = tokens["VBANLIST"]; + tokens["VBANLIST"]; // Modules can add new tokens and also edit or remove existing tokens FOREACH_MOD(On005Numeric, (tokens)); |