From 234be2f3cb00735ec07c9df749a0d53effce5f65 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sun, 3 Aug 2014 10:35:31 +0100 Subject: Fix listmodes when the config does not specify a wildcard size entry. --- src/modules/u_listmode.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/src/modules/u_listmode.h b/src/modules/u_listmode.h index 0f5903e53..30bf6a48f 100644 --- a/src/modules/u_listmode.h +++ b/src/modules/u_listmode.h @@ -201,13 +201,13 @@ class ListModeBase : public ModeHandler if (limit.mask.size() && limit.limit > 0) chanlimits.push_back(limit); } - if (chanlimits.empty()) - { - ListLimit limit; - limit.mask = "*"; - limit.limit = 64; - chanlimits.push_back(limit); - } + + // Add the default entry. This is inserted last so if the user specifies a + // wildcard record in the config it will take precedence over this entry. + ListLimit limit; + limit.mask = "*"; + limit.limit = 64; + chanlimits.push_back(limit); } /** Populate the Implements list with the correct events for a List Mode -- cgit v1.2.3 From bc7a3fba087ef8646e93ebda40f344d67f613db5 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sat, 26 Jul 2014 17:57:50 +0100 Subject: Fix pkg-config not being used for OpenSSL on non-FreeBSD systems. --- configure | 1 + 1 file changed, 1 insertion(+) diff --git a/configure b/configure index 27f7e6f1e..33e9b4c50 100755 --- a/configure +++ b/configure @@ -209,6 +209,7 @@ else { chomp($config{HAS_OPENSSL} = `pkg-config --modversion openssl 2>/dev/null`); # Openssl version, others $config{HAS_OPENSSL_PORT} = ""; + $config{USE_FREEBSD_BASE_SSL} = "n"; } } -- cgit v1.2.3 From 4288b2a59959c1693bdbc7cbef849942b721c508 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sun, 10 Aug 2014 17:41:54 +0100 Subject: Add a work around for trampling over PKG_CONFIG_PATH. The extend_pkg_path method will be removed in 2.2 as it causes problems with non-standard pkg-config paths. This commit adds a workaround until that happens. --- make/utilities.pm | 1 + 1 file changed, 1 insertion(+) diff --git a/make/utilities.pm b/make/utilities.pm index 8c8ac0d49..42dd6b547 100644 --- a/make/utilities.pm +++ b/make/utilities.pm @@ -95,6 +95,7 @@ sub make_rpath($;$) sub extend_pkg_path() { + return if defined $ENV{DISABLE_EXTEND_PKG_PATH}; if (!exists $ENV{PKG_CONFIG_PATH}) { $ENV{PKG_CONFIG_PATH} = "/usr/lib/pkgconfig:/usr/local/lib/pkgconfig:/usr/local/libdata/pkgconfig:/usr/X11R6/libdata/pkgconfig"; -- cgit v1.2.3 From 8258232b7beaf48330eb522a78fe320bb636d59b Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Wed, 27 Aug 2014 22:01:54 +0100 Subject: Fix unit-cc not loading configure cache when building files. --- make/unit-cc.pl | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/make/unit-cc.pl b/make/unit-cc.pl index 7474365aa..a494fb74b 100755 --- a/make/unit-cc.pl +++ b/make/unit-cc.pl @@ -30,6 +30,22 @@ my $type = shift; my $out = shift; my $verbose = ($type =~ s/-v$//); +## BEGIN HACK: REMOVE IN 2.2! +sub read_config_cache { + my %cfg = (); + open(CACHE, '../.config.cache') or return %cfg; + while (my $line = ) { + next if $line =~ /^\s*($|\#)/; + my ($key, $value) = ($line =~ /^(\S+)="(.*)"$/); + $cfg{$key} = $value; + } + close(CACHE); + return %cfg; +} + +our %config = read_config_cache(); +## END HACK + if ($type eq 'gen-ld') { do_static_find(@ARGV); } elsif ($type eq 'static-ld') { -- cgit v1.2.3 From 8125a187b17f41a199cc4ebaa99f4d616e930049 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 2 Sep 2014 00:15:59 +0200 Subject: m_sqlite3 Fix cleanup of unsuccessful database connections --- src/modules/extra/m_sqlite3.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/extra/m_sqlite3.cpp b/src/modules/extra/m_sqlite3.cpp index 7f6a53359..1e3a65a18 100644 --- a/src/modules/extra/m_sqlite3.cpp +++ b/src/modules/extra/m_sqlite3.cpp @@ -97,8 +97,11 @@ class SQLConn : public SQLProvider ~SQLConn() { - sqlite3_interrupt(conn); - sqlite3_close(conn); + if (conn) + { + sqlite3_interrupt(conn); + sqlite3_close(conn); + } } void Query(SQLQuery* query, const std::string& q) -- cgit v1.2.3 From df67ab549bcc2cd53519f309110c58c00f2c935b Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 8 Sep 2014 16:58:50 -0400 Subject: Do not use the result of the dns cache when the query type of the result is different from the type of the query. #66 --- include/dns.h | 54 ++++++++++++++++++++++++++++++------------------------ src/dns.cpp | 10 ++++++---- 2 files changed, 36 insertions(+), 28 deletions(-) diff --git a/include/dns.h b/include/dns.h index 27c3c8848..95abaaf80 100644 --- a/include/dns.h +++ b/include/dns.h @@ -43,6 +43,28 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #include "socket.h" #include "hashcomp.h" +/** + * Query and resource record types + */ +enum QueryType +{ + /** Uninitialized Query */ + DNS_QUERY_NONE = 0, + /** 'A' record: an ipv4 address */ + DNS_QUERY_A = 1, + /** 'CNAME' record: An alias */ + DNS_QUERY_CNAME = 5, + /** 'PTR' record: a hostname */ + DNS_QUERY_PTR = 12, + /** 'AAAA' record: an ipv6 address */ + DNS_QUERY_AAAA = 28, + + /** Force 'PTR' to use IPV4 scemantics */ + DNS_QUERY_PTR4 = 0xFFFD, + /** Force 'PTR' to use IPV6 scemantics */ + DNS_QUERY_PTR6 = 0xFFFE +}; + /** * Result status, used internally */ @@ -61,6 +83,9 @@ class CoreExport DNSResult /** The original request, a hostname or IP address */ std::string original; + /** The type of the request + */ + QueryType type; /** Build a DNS result. * @param i The request ID @@ -68,7 +93,7 @@ class CoreExport DNSResult * @param timetolive The request time-to-live * @param orig The original request, a hostname or IP */ - DNSResult(int i, const std::string &res, unsigned long timetolive, const std::string &orig) : id(i), result(res), ttl(timetolive), original(orig) { } + DNSResult(int i, const std::string &res, unsigned long timetolive, const std::string &orig, QueryType qt = DNS_QUERY_NONE) : id(i), result(res), ttl(timetolive), original(orig), type(qt) { } }; /** @@ -84,6 +109,9 @@ class CoreExport CachedQuery /** The cached result data, an IP or hostname */ std::string data; + /** The type of result this is + */ + QueryType type; /** The time when the item is due to expire */ time_t expires; @@ -92,7 +120,7 @@ class CoreExport CachedQuery * @param res The result data, an IP or hostname * @param ttl The time-to-live value of the query result */ - CachedQuery(const std::string &res, unsigned int ttl); + CachedQuery(const std::string &res, QueryType qt, unsigned int ttl); /** Returns the number of seconds remaining before this * cache item has expired and should be removed. @@ -117,28 +145,6 @@ enum ResolverError RESOLVER_FORCEUNLOAD = 5 }; -/** - * Query and resource record types - */ -enum QueryType -{ - /** Uninitialized Query */ - DNS_QUERY_NONE = 0, - /** 'A' record: an ipv4 address */ - DNS_QUERY_A = 1, - /** 'CNAME' record: An alias */ - DNS_QUERY_CNAME = 5, - /** 'PTR' record: a hostname */ - DNS_QUERY_PTR = 12, - /** 'AAAA' record: an ipv6 address */ - DNS_QUERY_AAAA = 28, - - /** Force 'PTR' to use IPV4 scemantics */ - DNS_QUERY_PTR4 = 0xFFFD, - /** Force 'PTR' to use IPV6 scemantics */ - DNS_QUERY_PTR6 = 0xFFFE -}; - /** * Used internally to force PTR lookups to use a certain protocol scemantics, * e.g. x.x.x.x.in-addr.arpa for v4, and *.ip6.arpa for v6. diff --git a/src/dns.cpp b/src/dns.cpp index 63bde0ecc..8ad94e9e1 100644 --- a/src/dns.cpp +++ b/src/dns.cpp @@ -160,7 +160,7 @@ class RequestTimeout : public Timer } }; -CachedQuery::CachedQuery(const std::string &res, unsigned int ttl) : data(res) +CachedQuery::CachedQuery(const std::string &res, QueryType qt, unsigned int ttl) : data(res), type(qt) { expires = ServerInstance->Time() + ttl; } @@ -716,8 +716,9 @@ DNSResult DNS::GetResult() /* Build the reply with the id and hostname/ip in it */ std::string ro = req->orig; + DNSResult result = DNSResult(this_id,resultstr,ttl,ro,req->type); delete req; - return DNSResult(this_id,resultstr,ttl,ro); + return result; } } @@ -945,11 +946,12 @@ Resolver::Resolver(const std::string &source, QueryType qt, bool &cached, Module { ServerInstance->Res->DelCache(source); } - else + else if (CQ->type == qt) { cached = true; return; } + CQ = NULL; } switch (querytype) @@ -1054,7 +1056,7 @@ void DNS::HandleEvent(EventType, int) ServerInstance->stats->statsDnsGood++; if (!this->GetCache(res.original.c_str())) - this->cache->insert(std::make_pair(res.original.c_str(), CachedQuery(res.result, res.ttl))); + this->cache->insert(std::make_pair(res.original.c_str(), CachedQuery(res.result, res.type, res.ttl))); Classes[res.id]->OnLookupComplete(res.result, res.ttl, false); delete Classes[res.id]; -- cgit v1.2.3 From 635cf9590b116eed03f38fc44bcdb96665f81f22 Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 8 Sep 2014 18:27:57 -0400 Subject: Remove IPv6 address compaction. This code is incorrect and can produce addresses with multiple double colons. No other IRCds do this and most systems today will give us the compact version anyway. Issue #914 --- src/dns.cpp | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/dns.cpp b/src/dns.cpp index 8ad94e9e1..977f4bad0 100644 --- a/src/dns.cpp +++ b/src/dns.cpp @@ -678,18 +678,6 @@ DNSResult DNS::GetResult() case DNS_QUERY_AAAA: { inet_ntop(AF_INET6, data.first, formatted, sizeof(formatted)); - char* c = strstr(formatted,":0:"); - if (c != NULL) - { - memmove(c+1,c+2,strlen(c+2) + 1); - c += 2; - while (memcmp(c,"0:",2) == 0) - memmove(c,c+2,strlen(c+2) + 1); - if (memcmp(c,"0",2) == 0) - *c = 0; - if (memcmp(formatted,"0::",3) == 0) - memmove(formatted,formatted + 1, strlen(formatted + 1) + 1); - } resultstr = formatted; /* Special case. Sending ::1 around between servers -- cgit v1.2.3 From aa5a97bfd618d26fe5c082d57557cea20cbe342d Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 26 Sep 2014 20:58:55 +0200 Subject: Don't try to set a mode in Channel::SetDefaultModes() if it needs a parameter but does not have one Thanks to @docwhat for helping to track this down, fixes issue #924 --- src/channels.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/channels.cpp b/src/channels.cpp index 6c9bd7c85..9eee987f1 100644 --- a/src/channels.cpp +++ b/src/channels.cpp @@ -206,6 +206,9 @@ void Channel::SetDefaultModes() else parameter.clear(); + if ((mode->GetNumParams(true)) && (parameter.empty())) + continue; + mode->OnModeChange(ServerInstance->FakeClient, ServerInstance->FakeClient, this, parameter, true); } } -- cgit v1.2.3 From 4343bbb67aea2c2a23844bca1dab6488cd1402f1 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 26 Sep 2014 21:07:24 +0200 Subject: Reject parameters that begin with a colon in Channel::SetDefaultModes() --- src/channels.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/channels.cpp b/src/channels.cpp index 9eee987f1..9f1eafd0c 100644 --- a/src/channels.cpp +++ b/src/channels.cpp @@ -202,7 +202,12 @@ void Channel::SetDefaultModes() if (mode) { if (mode->GetNumParams(true)) + { list.GetToken(parameter); + // If the parameter begins with a ':' then it's invalid + if (parameter.c_str()[0] == ':') + continue; + } else parameter.clear(); -- cgit v1.2.3 From af5e651cc73d0a0d599c03bc95955f8f9c314680 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 3 Oct 2014 23:50:54 +0200 Subject: m_ssl_gnutls Re-set DH params when the gnutls_certificate_credentials_t struct is reallocated --- src/modules/extra/m_ssl_gnutls.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 6a6a7923a..7934c23ab 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -281,8 +281,6 @@ class ModuleSSLGnuTLS : public Module ServerInstance->GenRandom = &randhandler; - // Void return, guess we assume success - gnutls_certificate_set_dh_params(x509_cred, dh_params); Implementation eventlist[] = { I_On005Numeric, I_OnRehash, I_OnModuleRehash, I_OnUserConnect, I_OnEvent, I_OnHookIO }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); @@ -487,6 +485,8 @@ class ModuleSSLGnuTLS : public Module { GenerateDHParams(); } + + gnutls_certificate_set_dh_params(x509_cred, dh_params); } void GenerateDHParams() -- cgit v1.2.3 From 4414d644a163f3906f90b35186e07ce0383161f4 Mon Sep 17 00:00:00 2001 From: Robin Burchell Date: Sat, 4 Oct 2014 15:30:56 +0200 Subject: Fix an off-by-one on registration timeout handling. The use of > instead of >= here added a second onto the configured timeout. We won't be breaking any existing configuration, because users.h explicitly increases the limit if it's 0. --- src/userprocess.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/userprocess.cpp b/src/userprocess.cpp index 9cc2e7df7..fe90e2381 100644 --- a/src/userprocess.cpp +++ b/src/userprocess.cpp @@ -107,7 +107,7 @@ void InspIRCd::DoBackgroundUserStuff() break; } - if (curr->registered != REG_ALL && (Time() > (curr->age + curr->MyClass->GetRegTimeout()))) + if (curr->registered != REG_ALL && (Time() >= (curr->age + curr->MyClass->GetRegTimeout()))) { /* * registration timeout -- didnt send USER/NICK/HOST -- cgit v1.2.3 From d4d907fcb3a98a7d17093c1488666eea6bfd9848 Mon Sep 17 00:00:00 2001 From: Robin Burchell Date: Sun, 5 Oct 2014 01:51:47 +0200 Subject: Revert "Fix an off-by-one on registration timeout handling." This seemingly breaks (occasionally timing users out a second early), possibly due to rounding issues on time (User::age and Time() both return int, but a whole second is comprised of many ms). The root cause needs investigation, but we cannot leave a potentially breaking bug in the tree. This reverts commit 4414d644a163f3906f90b35186e07ce0383161f4. --- src/userprocess.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/userprocess.cpp b/src/userprocess.cpp index fe90e2381..9cc2e7df7 100644 --- a/src/userprocess.cpp +++ b/src/userprocess.cpp @@ -107,7 +107,7 @@ void InspIRCd::DoBackgroundUserStuff() break; } - if (curr->registered != REG_ALL && (Time() >= (curr->age + curr->MyClass->GetRegTimeout()))) + if (curr->registered != REG_ALL && (Time() > (curr->age + curr->MyClass->GetRegTimeout()))) { /* * registration timeout -- didnt send USER/NICK/HOST -- cgit v1.2.3 From e59943c1a5107c7be39e38ade546f8f6c6d06145 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sat, 4 Oct 2014 13:52:21 +0100 Subject: Fix hash_map.h on non-GNU C++ standard library implementations. --- include/hash_map.h | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/include/hash_map.h b/include/hash_map.h index 1b43f0118..e789ea66a 100644 --- a/include/hash_map.h +++ b/include/hash_map.h @@ -29,12 +29,16 @@ * TODO: in 2.2 if we drop support for libstdc++ older than 3.4.7 and GCC older * than 4.1 this can be cleaned up massively. */ - #ifndef _WIN32 - #if __GLIBCXX__ > 20060309 + #if !defined _LIBCPP_VERSION && !defined _WIN32 + #if !defined __GLIBCXX__ || __GLIBCXX__ > 20060309 // GCC4+ has deprecated hash_map and uses tr1. But of course, uses a different include to MSVC. FOR FUCKS SAKE. #include #define HAS_TR1_UNORDERED #define HASHMAP_DEPRECATED + #define hash_map unordered_map + #define nspace std::tr1 + #define BEGIN_HASHMAP_NAMESPACE namespace std { namespace tr1 { + #define END_HASHMAP_NAMESPACE } } #else #include /** Oddball linux namespace for hash_map */ @@ -46,14 +50,10 @@ #include #define HAS_TR1_UNORDERED #define HASHMAP_DEPRECATED - #endif - - // tr1: restoring sanity to our headers. now if only compiler vendors could agree on a FUCKING INCLUDE FILE. - #ifdef HAS_TR1_UNORDERED #define hash_map unordered_map - #define nspace std::tr1 - #define BEGIN_HASHMAP_NAMESPACE namespace std { namespace tr1 { - #define END_HASHMAP_NAMESPACE } } + #define nspace std + #define BEGIN_HASHMAP_NAMESPACE namespace std { + #define END_HASHMAP_NAMESPACE } #endif #endif -- cgit v1.2.3 From 21f99f133e635d19b3a719467bd700a494111cc4 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 8 Oct 2014 02:36:00 +0200 Subject: m_ssl_openssl Clear the error queue before every SSL_* call --- src/modules/extra/m_ssl_openssl.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 33f848798..0398a33c7 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -215,6 +215,7 @@ class ModuleSSLOpenSSL : public Module if (!ciphers.empty()) { + ERR_clear_error(); if ((!SSL_CTX_set_cipher_list(ctx, ciphers.c_str())) || (!SSL_CTX_set_cipher_list(clictx, ciphers.c_str()))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't set cipher list to %s.", ciphers.c_str()); @@ -225,12 +226,14 @@ class ModuleSSLOpenSSL : public Module /* Load our keys and certificates * NOTE: OpenSSL's error logging API sucks, don't blame us for this clusterfuck. */ + ERR_clear_error(); if ((!SSL_CTX_use_certificate_chain_file(ctx, certfile.c_str())) || (!SSL_CTX_use_certificate_chain_file(clictx, certfile.c_str()))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read certificate file %s. %s", certfile.c_str(), strerror(errno)); ERR_print_errors_cb(error_callback, this); } + ERR_clear_error(); if (((!SSL_CTX_use_PrivateKey_file(ctx, keyfile.c_str(), SSL_FILETYPE_PEM))) || (!SSL_CTX_use_PrivateKey_file(clictx, keyfile.c_str(), SSL_FILETYPE_PEM))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read key file %s. %s", keyfile.c_str(), strerror(errno)); @@ -238,6 +241,7 @@ class ModuleSSLOpenSSL : public Module } /* Load the CAs we trust*/ + ERR_clear_error(); if (((!SSL_CTX_load_verify_locations(ctx, cafile.c_str(), 0))) || (!SSL_CTX_load_verify_locations(clictx, cafile.c_str(), 0))) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Can't read CA list from %s. This is only a problem if you want to verify client certificates, otherwise it's safe to ignore this message. Error: %s", cafile.c_str(), strerror(errno)); @@ -264,6 +268,8 @@ class ModuleSSLOpenSSL : public Module #else ret = PEM_read_DHparams(dhpfile, NULL, NULL, NULL); #endif + + ERR_clear_error(); if ((SSL_CTX_set_tmp_dh(ctx, ret) < 0) || (SSL_CTX_set_tmp_dh(clictx, ret) < 0)) { ServerInstance->Logs->Log("m_ssl_openssl",DEFAULT, "m_ssl_openssl.so: Couldn't set DH parameters %s. SSL errors follow:", dhfile.c_str()); @@ -426,6 +432,7 @@ class ModuleSSLOpenSSL : public Module if (session->status == ISSL_OPEN) { + ERR_clear_error(); char* buffer = ServerInstance->GetReadBuffer(); size_t bufsiz = ServerInstance->Config->NetBufferSize; int ret = SSL_read(session->sess, buffer, bufsiz); @@ -496,6 +503,7 @@ class ModuleSSLOpenSSL : public Module if (session->status == ISSL_OPEN) { + ERR_clear_error(); int ret = SSL_write(session->sess, buffer.data(), buffer.size()); if (ret == (int)buffer.length()) { @@ -542,6 +550,7 @@ class ModuleSSLOpenSSL : public Module { int ret; + ERR_clear_error(); if (session->outbound) ret = SSL_connect(session->sess); else -- cgit v1.2.3 From 9179e51e513587cddd4c4171f0ad74c8f5bf052e Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 10 Oct 2014 14:10:24 +0200 Subject: m_ssl_openssl Enable single (EC)DH use and disable SSL v2 Options enabled: - SSL_OP_NO_SSLv2 - SSL_OP_SINGLE_DH_USE - SSL_OP_SINGLE_ECDH_USE (if it exists) Partial backport of #856 by @jvehent --- src/modules/extra/m_ssl_openssl.cpp | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 0398a33c7..081b0153e 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -130,6 +130,15 @@ class ModuleSSLOpenSSL : public Module const unsigned char session_id[] = "inspircd"; SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1); + + long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE; + // Only turn options on if they exist +#ifdef SSL_OP_SINGLE_ECDH_USE + opts |= SSL_OP_SINGLE_ECDH_USE; +#endif + + SSL_CTX_set_options(ctx, opts); + SSL_CTX_set_options(clictx, opts); } void init() -- cgit v1.2.3 From b4dc9d871cd8c7817c6dff17c76b66e989712ffc Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 10 Oct 2014 14:15:37 +0200 Subject: m_ssl_openssl Disable session caching and session tickets --- src/modules/extra/m_ssl_openssl.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 081b0153e..37d2a9cdf 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -128,14 +128,17 @@ class ModuleSSLOpenSSL : public Module SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); SSL_CTX_set_verify(clictx, SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE, OnVerify); - const unsigned char session_id[] = "inspircd"; - SSL_CTX_set_session_id_context(ctx, session_id, sizeof(session_id) - 1); + SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF); + SSL_CTX_set_session_cache_mode(clictx, SSL_SESS_CACHE_OFF); long opts = SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE; // Only turn options on if they exist #ifdef SSL_OP_SINGLE_ECDH_USE opts |= SSL_OP_SINGLE_ECDH_USE; #endif +#ifdef SSL_OP_NO_TICKET + opts |= SSL_OP_NO_TICKET; +#endif SSL_CTX_set_options(ctx, opts); SSL_CTX_set_options(clictx, opts); -- cgit v1.2.3 From 44542c1f1acabbf00f8f468f3bb837c5a8b2736e Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 10 Oct 2014 14:26:09 +0200 Subject: m_ssl_openssl Allow configuring raw OpenSSL context options --- src/modules/extra/m_ssl_openssl.cpp | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 37d2a9cdf..518712c00 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -102,10 +102,29 @@ class ModuleSSLOpenSSL : public Module SSL_CTX* ctx; SSL_CTX* clictx; + long ctx_options; + long clictx_options; + std::string sslports; bool use_sha; ServiceProvider iohook; + + static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag) + { + long setoptions = tag->getInt(ctxname + "setoptions"); + long clearoptions = tag->getInt(ctxname + "clearoptions"); + ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions); + + // Clear everything + SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); + + // Set the default options and what is in the conf + SSL_CTX_set_options(ctx, defoptions | setoptions); + long final = SSL_CTX_clear_options(ctx, clearoptions); + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final); + } + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) @@ -140,8 +159,8 @@ class ModuleSSLOpenSSL : public Module opts |= SSL_OP_NO_TICKET; #endif - SSL_CTX_set_options(ctx, opts); - SSL_CTX_set_options(clictx, opts); + ctx_options = SSL_CTX_set_options(ctx, opts); + clictx_options = SSL_CTX_set_options(clictx, opts); } void init() @@ -223,6 +242,12 @@ class ModuleSSLOpenSSL : public Module throw ModuleException("Unknown hash type " + hash); use_sha = (hash == "sha1"); + if (conf->getBool("customcontextoptions")) + { + SetContextOptions(ctx, ctx_options, "server", conf); + SetContextOptions(clictx, clictx_options, "client", conf); + } + std::string ciphers = conf->getString("ciphers", ""); if (!ciphers.empty()) -- cgit v1.2.3 From 402a1bb010522a35600325c1a3084e092b40ca22 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 6 Oct 2014 13:30:31 +0100 Subject: Fix various warnings when building with LLVM 3.5. - warning: absolute value function 'abs' given an argument of type 'long' but has parameter of type 'int' which may cause truncation of value [-Wabsolute-value] - warning: 'this' pointer cannot be null in well-defined C++ code; pointer may be assumed to always convert to true [-Wundefined-bool-conversion] --- src/commands/cmd_whois.cpp | 2 +- src/configparser.cpp | 9 +++++++++ src/modules/m_spanningtree/idle.cpp | 2 +- src/modules/m_spanningtree/treesocket2.cpp | 6 +++--- src/server.cpp | 11 ++++------- 5 files changed, 18 insertions(+), 12 deletions(-) diff --git a/src/commands/cmd_whois.cpp b/src/commands/cmd_whois.cpp index ba2ad9c15..ab0b82fff 100644 --- a/src/commands/cmd_whois.cpp +++ b/src/commands/cmd_whois.cpp @@ -76,7 +76,7 @@ CmdResult CommandWhois::Handle (const std::vector& parameters, User */ if (IS_LOCAL(dest) && (ServerInstance->Config->HideWhoisServer.empty() || parameters.size() > 1)) { - idle = abs((long)((dest->idle_lastmsg)-ServerInstance->Time())); + idle = labs((long)((dest->idle_lastmsg)-ServerInstance->Time())); signon = dest->signon; } diff --git a/src/configparser.cpp b/src/configparser.cpp index 825dfc966..94192a71b 100644 --- a/src/configparser.cpp +++ b/src/configparser.cpp @@ -390,8 +390,17 @@ bool ParseStack::ParseExec(const std::string& name, int flags, const std::string bool ConfigTag::readString(const std::string& key, std::string& value, bool allow_lf) { +#ifdef __clang__ +# pragma clang diagnostic push +# pragma clang diagnostic ignored "-Wunknown-pragmas" +# pragma clang diagnostic ignored "-Wundefined-bool-conversion" +#endif + // TODO: this is undefined behaviour but changing the API is too risky for 2.0. if (!this) return false; +#ifdef __clang__ +# pragma clang diagnostic pop +#endif for(std::vector::iterator j = items.begin(); j != items.end(); ++j) { if(j->first != key) diff --git a/src/modules/m_spanningtree/idle.cpp b/src/modules/m_spanningtree/idle.cpp index 0ea06a3cc..18aeb0ad5 100644 --- a/src/modules/m_spanningtree/idle.cpp +++ b/src/modules/m_spanningtree/idle.cpp @@ -40,7 +40,7 @@ bool TreeSocket::Whois(const std::string &prefix, parameterlist ¶ms) User* x = ServerInstance->FindNick(params[0]); if ((x) && (IS_LOCAL(x))) { - long idle = abs((long)((x->idle_lastmsg) - ServerInstance->Time())); + long idle = labs((long)((x->idle_lastmsg) - ServerInstance->Time())); parameterlist par; par.push_back(prefix); par.push_back(ConvToStr(x->signon)); diff --git a/src/modules/m_spanningtree/treesocket2.cpp b/src/modules/m_spanningtree/treesocket2.cpp index fb658c9c7..acb822fbf 100644 --- a/src/modules/m_spanningtree/treesocket2.cpp +++ b/src/modules/m_spanningtree/treesocket2.cpp @@ -155,13 +155,13 @@ void TreeSocket::ProcessLine(std::string &line) time_t delta = them - ServerInstance->Time(); if ((delta < -600) || (delta > 600)) { - ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %d seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",abs((long)delta)); - SendError("Your clocks are out by "+ConvToStr(abs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!"); + ServerInstance->SNO->WriteGlobalSno('l',"\2ERROR\2: Your clocks are out by %ld seconds (this is more than five minutes). Link aborted, \2PLEASE SYNC YOUR CLOCKS!\2",labs((long)delta)); + SendError("Your clocks are out by "+ConvToStr(labs((long)delta))+" seconds (this is more than five minutes). Link aborted, PLEASE SYNC YOUR CLOCKS!"); return; } else if ((delta < -30) || (delta > 30)) { - ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %d seconds. Please consider synching your clocks.", abs((long)delta)); + ServerInstance->SNO->WriteGlobalSno('l',"\2WARNING\2: Your clocks are out by %ld seconds. Please consider synching your clocks.", labs((long)delta)); } } diff --git a/src/server.cpp b/src/server.cpp index 4741f942d..d05ece8a4 100644 --- a/src/server.cpp +++ b/src/server.cpp @@ -46,13 +46,10 @@ void InspIRCd::Exit(int status) #ifdef _WIN32 SetServiceStopped(status); #endif - if (this) - { - this->SendError("Exiting with status " + ConvToStr(status) + " (" + std::string(ExitCodes[status]) + ")"); - this->Cleanup(); - delete this; - ServerInstance = NULL; - } + this->SendError("Exiting with status " + ConvToStr(status) + " (" + std::string(ExitCodes[status]) + ")"); + this->Cleanup(); + delete this; + ServerInstance = NULL; exit (status); } -- cgit v1.2.3 From 6935ce2956fed99d5484da90e614b7126e5275d3 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Wed, 8 Oct 2014 16:34:37 +0100 Subject: Avoid calling methods on NULL pointers wherever possible. The trick we use to allow this is undefined behaviour and is not liked by LLVM. We should stop using it but it has the potential to break to many things for a minor release. --- include/configreader.h | 5 +++++ include/modules.h | 2 +- src/commands/cmd_motd.cpp | 2 +- src/commands/cmd_rules.cpp | 2 +- src/configreader.cpp | 10 +++++++++- 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/include/configreader.h b/include/configreader.h index 1edacfe13..b01a979a7 100644 --- a/include/configreader.h +++ b/include/configreader.h @@ -197,6 +197,9 @@ class CoreExport ServerConfig ConfigTagList ConfTags(const std::string& tag); + /** An empty configuration tag. */ + ConfigTag* EmptyTag; + /** Error stream, contains error output from any failed configuration parsing. */ std::stringstream errstr; @@ -527,6 +530,8 @@ class CoreExport ServerConfig */ ServerConfig(); + ~ServerConfig(); + /** Get server ID as string with required leading zeroes */ const std::string& GetSID(); diff --git a/include/modules.h b/include/modules.h index eef8c61c9..cd0d5aad0 100644 --- a/include/modules.h +++ b/include/modules.h @@ -116,7 +116,7 @@ struct ModResult { * and numerical comparisons in preprocessor macros if they wish to support * multiple versions of InspIRCd in one file. */ -#define INSPIRCD_VERSION_API 8 +#define INSPIRCD_VERSION_API 9 /** * This #define allows us to call a method in all diff --git a/src/commands/cmd_motd.cpp b/src/commands/cmd_motd.cpp index 8e227723e..869a9c353 100644 --- a/src/commands/cmd_motd.cpp +++ b/src/commands/cmd_motd.cpp @@ -53,7 +53,7 @@ CmdResult CommandMotd::Handle (const std::vector& parameters, User if (parameters.size() > 0 && parameters[0] != ServerInstance->Config->ServerName) return CMD_SUCCESS; - ConfigTag* tag = NULL; + ConfigTag* tag = ServerInstance->Config->EmptyTag; if (IS_LOCAL(user)) tag = user->GetClass()->config; std::string motd_name = tag->getString("motd", "motd"); diff --git a/src/commands/cmd_rules.cpp b/src/commands/cmd_rules.cpp index 5d41aa4b8..17de9f3f2 100644 --- a/src/commands/cmd_rules.cpp +++ b/src/commands/cmd_rules.cpp @@ -51,7 +51,7 @@ CmdResult CommandRules::Handle (const std::vector& parameters, User if (parameters.size() > 0 && parameters[0] != ServerInstance->Config->ServerName) return CMD_SUCCESS; - ConfigTag* tag = NULL; + ConfigTag* tag = ServerInstance->Config->EmptyTag; if (IS_LOCAL(user)) tag = user->GetClass()->config; std::string rules_name = tag->getString("rules", "rules"); diff --git a/src/configreader.cpp b/src/configreader.cpp index 060f66d16..b5d2fdb16 100644 --- a/src/configreader.cpp +++ b/src/configreader.cpp @@ -48,6 +48,14 @@ ServerConfig::ServerConfig() OperMaxChans = 30; c_ipv4_range = 32; c_ipv6_range = 128; + + std::vector* items; + EmptyTag = ConfigTag::create("empty", "", 0, items); +} + +ServerConfig::~ServerConfig() +{ + delete EmptyTag; } void ServerConfig::Update005() @@ -888,7 +896,7 @@ ConfigTag* ServerConfig::ConfValue(const std::string &tag) { ConfigTagList found = config_data.equal_range(tag); if (found.first == found.second) - return NULL; + return EmptyTag; ConfigTag* rv = found.first->second; found.first++; if (found.first != found.second) -- cgit v1.2.3 From ef335eb2de8e33550661c7dc826f471c3405c25f Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 20 May 2013 20:15:50 +0100 Subject: Replace dodgy use of const char* and memcpy with std::string. This was backported from commit e01df63 in master. --- src/users.cpp | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) diff --git a/src/users.cpp b/src/users.cpp index 91db5200a..418f2c9aa 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -1321,26 +1321,19 @@ void User::SendText(const char *text, ...) void User::SendText(const std::string &LinePrefix, std::stringstream &TextStream) { - char line[MAXBUF]; - int start_pos = LinePrefix.length(); - int pos = start_pos; - memcpy(line, LinePrefix.data(), pos); + std::string line; std::string Word; while (TextStream >> Word) { - int len = Word.length(); - if (pos + len + 12 > MAXBUF) + size_t lineLength = LinePrefix.length() + line.length() + Word.length() + 13; + if (lineLength > MAXBUF) { - line[pos] = '\0'; - SendText(std::string(line)); - pos = start_pos; + SendText(LinePrefix + line); + line.clear(); } - line[pos] = ' '; - memcpy(line + pos + 1, Word.data(), len); - pos += len + 1; + line += " " + Word; } - line[pos] = '\0'; - SendText(std::string(line)); + SendText(LinePrefix + line); } /* return 0 or 1 depending if users u and u2 share one or more common channels -- cgit v1.2.3 From d8fe6df7a7bc385a80ae3fde0e9e4a2ac12d4af3 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sun, 12 Oct 2014 18:38:23 +0100 Subject: Kill some logically dead code detected by Coverity. - m_watch: wl has already been confirmed to not be NULL on L161. --- src/modules/m_watch.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/modules/m_watch.cpp b/src/modules/m_watch.cpp index be05d7d2d..074ce37ad 100644 --- a/src/modules/m_watch.cpp +++ b/src/modules/m_watch.cpp @@ -163,9 +163,6 @@ class CommandWatch : public Command /* Yup, is on my list */ watchlist::iterator n = wl->find(nick); - if (!wl) - return CMD_FAILURE; - if (n != wl->end()) { if (!n->second.empty()) -- cgit v1.2.3 From 1377fabfee72994531df274248ed0ce6de483dd2 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 13 Oct 2014 21:11:14 +0200 Subject: m_nationalchars Rebuild core hashmaps when the national_case_insensitive_map changes Issue #923 --- src/modules/m_nationalchars.cpp | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/modules/m_nationalchars.cpp b/src/modules/m_nationalchars.cpp index b43b6e2b6..20e4eaa9e 100644 --- a/src/modules/m_nationalchars.cpp +++ b/src/modules/m_nationalchars.cpp @@ -228,11 +228,24 @@ class ModuleNationalChars : public Module caller2 rememberer; bool forcequit; const unsigned char * lowermap_rememberer; + unsigned char prev_map[256]; + + void CheckRehash() + { + // See if anything changed + if (!memcmp(prev_map, national_case_insensitive_map, sizeof(prev_map))) + return; + + memcpy(prev_map, national_case_insensitive_map, sizeof(prev_map)); + + ServerInstance->RehashUsersAndChans(); + } public: ModuleNationalChars() : rememberer(ServerInstance->IsNick), lowermap_rememberer(national_case_insensitive_map) { + memcpy(prev_map, national_case_insensitive_map, sizeof(prev_map)); } void init() @@ -265,6 +278,7 @@ class ModuleNationalChars : public Module loadtables(charset, tables, 8, 5); forcequit = tag->getBool("forcequit"); CheckForceQuit("National character set changed"); + CheckRehash(); } void CheckForceQuit(const char * message) @@ -286,6 +300,7 @@ class ModuleNationalChars : public Module ServerInstance->IsNick = rememberer; national_case_insensitive_map = lowermap_rememberer; CheckForceQuit("National characters module unloaded"); + CheckRehash(); } virtual Version GetVersion() -- cgit v1.2.3 From 156c35c91f5c69a77a76f6b60db1ea61581bc13f Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 13 Oct 2014 21:12:55 +0200 Subject: m_nationalchars Rebuild the hash map in m_watch when the national_case_insensitive_map changes Issue #923 --- src/modules/m_nationalchars.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/modules/m_nationalchars.cpp b/src/modules/m_nationalchars.cpp index 20e4eaa9e..e02a946f1 100644 --- a/src/modules/m_nationalchars.cpp +++ b/src/modules/m_nationalchars.cpp @@ -239,6 +239,11 @@ class ModuleNationalChars : public Module memcpy(prev_map, national_case_insensitive_map, sizeof(prev_map)); ServerInstance->RehashUsersAndChans(); + + // The OnGarbageCollect() method in m_watch rebuilds the hashmap used by it + Module* mod = ServerInstance->Modules->Find("m_watch.so"); + if (mod) + mod->OnGarbageCollect(); } public: -- cgit v1.2.3 From 48253b1103dcdcd8252808bd021519772b223143 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 13 Oct 2014 21:16:51 +0200 Subject: m_spanningtree Rebuild serverlist and sidlist when receiving a specific Request Issue #923 --- src/modules/m_spanningtree/main.cpp | 6 ++++++ src/modules/m_spanningtree/main.h | 1 + src/modules/m_spanningtree/utils.cpp | 13 +++++++++++++ src/modules/m_spanningtree/utils.h | 5 +++++ 4 files changed, 25 insertions(+) diff --git a/src/modules/m_spanningtree/main.cpp b/src/modules/m_spanningtree/main.cpp index e7ff3789b..5f06cad58 100644 --- a/src/modules/m_spanningtree/main.cpp +++ b/src/modules/m_spanningtree/main.cpp @@ -930,6 +930,12 @@ ModResult ModuleSpanningTree::OnSetAway(User* user, const std::string &awaymsg) return MOD_RES_PASSTHRU; } +void ModuleSpanningTree::OnRequest(Request& request) +{ + if (!strcmp(request.id, "rehash")) + Utils->Rehash(); +} + void ModuleSpanningTree::ProtoSendMode(void* opaque, TargetTypeFlags target_type, void* target, const parameterlist &modeline, const std::vector &translate) { TreeSocket* s = (TreeSocket*)opaque; diff --git a/src/modules/m_spanningtree/main.h b/src/modules/m_spanningtree/main.h index eb17c4195..17adc9287 100644 --- a/src/modules/m_spanningtree/main.h +++ b/src/modules/m_spanningtree/main.h @@ -178,6 +178,7 @@ class ModuleSpanningTree : public Module void OnLoadModule(Module* mod); void OnUnloadModule(Module* mod); ModResult OnAcceptConnection(int newsock, ListenSocket* from, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server); + void OnRequest(Request& request); CullResult cull(); ~ModuleSpanningTree(); Version GetVersion(); diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp index 3bd0aa2c7..367a3b921 100644 --- a/src/modules/m_spanningtree/utils.cpp +++ b/src/modules/m_spanningtree/utils.cpp @@ -428,3 +428,16 @@ Link* SpanningTreeUtilities::FindLink(const std::string& name) } return NULL; } + +void SpanningTreeUtilities::Rehash() +{ + server_hash temp; + for (server_hash::const_iterator i = serverlist.begin(); i != serverlist.end(); ++i) + temp.insert(std::make_pair(i->first, i->second)); + serverlist.swap(temp); + temp.clear(); + + for (server_hash::const_iterator i = sidlist.begin(); i != sidlist.end(); ++i) + temp.insert(std::make_pair(i->first, i->second)); + sidlist.swap(temp); +} diff --git a/src/modules/m_spanningtree/utils.h b/src/modules/m_spanningtree/utils.h index a0543b6bd..5559b3459 100644 --- a/src/modules/m_spanningtree/utils.h +++ b/src/modules/m_spanningtree/utils.h @@ -173,6 +173,11 @@ class SpanningTreeUtilities : public classbase /** Refresh the IP cache used for allowing inbound connections */ void RefreshIPCache(); + + /** Recreate serverlist and sidlist, this is needed because of m_nationalchars changing + * national_case_insensitive_map which is used by the hash function + */ + void Rehash(); }; #endif -- cgit v1.2.3 From 856d1b422b286dd569a48dd538d3e720ee29fd5d Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 13 Oct 2014 21:18:12 +0200 Subject: m_nationalchars Ask m_spanningtree to rebuild its hashmaps when the national_case_insensitive_map changes Issue #923 --- src/modules/m_nationalchars.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/modules/m_nationalchars.cpp b/src/modules/m_nationalchars.cpp index e02a946f1..bf95f0f9f 100644 --- a/src/modules/m_nationalchars.cpp +++ b/src/modules/m_nationalchars.cpp @@ -244,6 +244,14 @@ class ModuleNationalChars : public Module Module* mod = ServerInstance->Modules->Find("m_watch.so"); if (mod) mod->OnGarbageCollect(); + + // Send a Request to m_spanningtree asking it to rebuild its hashmaps + mod = ServerInstance->Modules->Find("m_spanningtree.so"); + if (mod) + { + Request req(this, mod, "rehash"); + req.Send(); + } } public: -- cgit v1.2.3 From 6f65b7c6ca13c1cee4b5f605d38978224c6edeb7 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 13 Oct 2014 21:44:13 +0100 Subject: Add a workaround for compiling modules with Windows line endings. --- make/configure.pm | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/make/configure.pm b/make/configure.pm index f877846fc..9b8e2d0e4 100644 --- a/make/configure.pm +++ b/make/configure.pm @@ -81,7 +81,7 @@ sub getcompilerflags { my ($file) = @_; open(FLAGS, $file) or return ""; while () { - if ($_ =~ /^\/\* \$CompileFlags: (.+) \*\/$/) { + if ($_ =~ /^\/\* \$CompileFlags: (.+) \*\/\r?$/) { my $x = translate_functions($1, $file); next if ($x eq ""); close(FLAGS); @@ -96,7 +96,7 @@ sub getlinkerflags { my ($file) = @_; open(FLAGS, $file) or return ""; while () { - if ($_ =~ /^\/\* \$LinkerFlags: (.+) \*\/$/) { + if ($_ =~ /^\/\* \$LinkerFlags: (.+) \*\/\r?$/) { my $x = translate_functions($1, $file); next if ($x eq ""); close(FLAGS); @@ -111,7 +111,7 @@ sub getdependencies { my ($file) = @_; open(FLAGS, $file) or return ""; while () { - if ($_ =~ /^\/\* \$ModDep: (.+) \*\/$/) { + if ($_ =~ /^\/\* \$ModDep: (.+) \*\/\r?$/) { my $x = translate_functions($1, $file); next if ($x eq ""); close(FLAGS); @@ -126,7 +126,7 @@ sub nopedantic { my ($file) = @_; open(FLAGS, $file) or return ""; while () { - if ($_ =~ /^\/\* \$NoPedantic \*\/$/) { + if ($_ =~ /^\/\* \$NoPedantic \*\/\r?$/) { my $x = translate_functions($_, $file); next if ($x eq ""); close(FLAGS); -- cgit v1.2.3 From 566904ece4aa15cfc90a4452375b54b5daf3baf2 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 14 Oct 2014 17:40:13 +0200 Subject: m_ssl_openssl Add user-friendly config options for setting a few OpenSSL context options --- src/modules/extra/m_ssl_openssl.cpp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 518712c00..8a575466e 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -113,6 +113,20 @@ class ModuleSSLOpenSSL : public Module static void SetContextOptions(SSL_CTX* ctx, long defoptions, const std::string& ctxname, ConfigTag* tag) { long setoptions = tag->getInt(ctxname + "setoptions"); + // User-friendly config options for setting context options +#ifdef SSL_OP_CIPHER_SERVER_PREFERENCE + if (tag->getBool("cipherserverpref")) + setoptions |= SSL_OP_CIPHER_SERVER_PREFERENCE; +#endif +#ifdef SSL_OP_NO_COMPRESSION + if (!tag->getBool("compression", true)) + setoptions |= SSL_OP_NO_COMPRESSION; +#endif + if (!tag->getBool("sslv3", true)) + setoptions |= SSL_OP_NO_SSLv3; + if (!tag->getBool("tlsv1", true)) + setoptions |= SSL_OP_NO_TLSv1; + long clearoptions = tag->getInt(ctxname + "clearoptions"); ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions); -- cgit v1.2.3 From 6a8e8dae95b9fd74471bd3cef0b6d352426a2973 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Tue, 14 Oct 2014 17:52:41 +0200 Subject: m_ssl_openssl Return an error from the IOHook read and write functions if the handshake returns 0 The meaning of a 0 return value quoted from the manual: The TLS/SSL handshake was not successful but was shut down controlled and by the specifications of the TLS/SSL protocol. --- src/modules/extra/m_ssl_openssl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 8a575466e..e9b5c4052 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -644,7 +644,7 @@ class ModuleSSLOpenSSL : public Module else if (ret == 0) { CloseSession(session); - return true; + return false; } return true; -- cgit v1.2.3 From fba9bbe4cd29744fe30753f63a37102f664e36bc Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 15 Oct 2014 20:07:55 +0200 Subject: m_ssl_openssl Remove bogus errno assignment from CloseSession() --- src/modules/extra/m_ssl_openssl.cpp | 1 - 1 file changed, 1 deletion(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index e9b5c4052..663926c4f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -660,7 +660,6 @@ class ModuleSSLOpenSSL : public Module session->sess = NULL; session->status = ISSL_NONE; - errno = EIO; } void VerifyCertificate(issl_session* session, StreamSocket* user) -- cgit v1.2.3 From 8e3cc7d5d45e598d5c41ac5ae7597cafbfaac888 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 15 Oct 2014 20:10:04 +0200 Subject: m_ssl_openssl Free the ssl_cert object as soon as the session is closed instead of waiting for the next VerifyCertificate() or new connection --- src/modules/extra/m_ssl_openssl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 663926c4f..2c7c67cf1 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -403,7 +403,6 @@ class ModuleSSLOpenSSL : public Module session->sess = SSL_new(ctx); session->status = ISSL_NONE; session->outbound = false; - session->cert = NULL; if (session->sess == NULL) return; @@ -660,6 +659,7 @@ class ModuleSSLOpenSSL : public Module session->sess = NULL; session->status = ISSL_NONE; + session->cert = NULL; } void VerifyCertificate(issl_session* session, StreamSocket* user) -- cgit v1.2.3 From 177304d63763e94d38e15de98d791ab12ef17a75 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 15 Oct 2014 20:13:00 +0200 Subject: m_ssl_openssl Reset data_to_write for new sessions --- src/modules/extra/m_ssl_openssl.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 2c7c67cf1..d9dc47569 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -403,6 +403,7 @@ class ModuleSSLOpenSSL : public Module session->sess = SSL_new(ctx); session->status = ISSL_NONE; session->outbound = false; + session->data_to_write = false; if (session->sess == NULL) return; @@ -428,6 +429,7 @@ class ModuleSSLOpenSSL : public Module session->sess = SSL_new(clictx); session->status = ISSL_NONE; session->outbound = true; + session->data_to_write = false; if (session->sess == NULL) return; -- cgit v1.2.3 From 7b5703b9a22e176ef6a47b405f2b0d5ce122df0a Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 15 Oct 2014 20:16:05 +0200 Subject: m_ssl_openssl Fix debug message --- src/modules/extra/m_ssl_openssl.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index d9dc47569..27cd3a2ae 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -128,7 +128,7 @@ class ModuleSSLOpenSSL : public Module setoptions |= SSL_OP_NO_TLSv1; long clearoptions = tag->getInt(ctxname + "clearoptions"); - ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, clearoptions, setoptions); + ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Setting OpenSSL %s context options, default: %ld set: %ld clear: %ld", ctxname.c_str(), defoptions, setoptions, clearoptions); // Clear everything SSL_CTX_clear_options(ctx, SSL_CTX_get_options(ctx)); -- cgit v1.2.3 From e04ece9061f3b454876a09da9cac018d6aabef9a Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 16 Oct 2014 21:07:25 +0200 Subject: m_ssl_gnutls Refcount GnuTLS objects, free them when they are no longer in use instead of at /rehash ssl time --- src/modules/extra/m_ssl_gnutls.cpp | 176 +++++++++++++++++++++++-------------- 1 file changed, 110 insertions(+), 66 deletions(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 7934c23ab..4135194c5 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -64,8 +64,53 @@ typedef gnutls_dh_params_t gnutls_dh_params; enum issl_status { ISSL_NONE, ISSL_HANDSHAKING_READ, ISSL_HANDSHAKING_WRITE, ISSL_HANDSHAKEN, ISSL_CLOSING, ISSL_CLOSED }; -static std::vector x509_certs; -static gnutls_x509_privkey_t x509_key; +struct SSLConfig : public refcountbase +{ + gnutls_certificate_credentials_t x509_cred; + std::vector x509_certs; + gnutls_x509_privkey_t x509_key; + gnutls_dh_params_t dh_params; +#ifdef GNUTLS_NEW_PRIO_API + gnutls_priority_t priority; +#endif + + SSLConfig() + : x509_cred(NULL) + , x509_key(NULL) + , dh_params(NULL) +#ifdef GNUTLS_NEW_PRIO_API + , priority(NULL) +#endif + { + } + + ~SSLConfig() + { + ServerInstance->Logs->Log("m_ssl_gnutls", DEBUG, "Destroying SSLConfig %p", (void*)this); + + if (x509_cred) + gnutls_certificate_free_credentials(x509_cred); + + for (unsigned int i = 0; i < x509_certs.size(); i++) + gnutls_x509_crt_deinit(x509_certs[i]); + + if (x509_key) + gnutls_x509_privkey_deinit(x509_key); + + if (dh_params) + gnutls_dh_params_deinit(dh_params); + +#ifdef GNUTLS_NEW_PRIO_API + if (priority) + gnutls_priority_deinit(priority); +#endif + } +}; + +static reference currconf; + +static SSLConfig* GetSessionConfig(gnutls_session_t session); + #if(GNUTLS_VERSION_MAJOR < 2 || ( GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR < 12 ) ) static int cert_callback (gnutls_session_t session, const gnutls_datum_t * req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t * sign_algos, int sign_algos_length, gnutls_retr_st * st) { @@ -77,9 +122,11 @@ static int cert_callback (gnutls_session_t session, const gnutls_datum_t * req_c st->cert_type = GNUTLS_CRT_X509; st->key_type = GNUTLS_PRIVKEY_X509; #endif + SSLConfig* conf = GetSessionConfig(session); + std::vector& x509_certs = conf->x509_certs; st->ncerts = x509_certs.size(); st->cert.x509 = &x509_certs[0]; - st->key.x509 = x509_key; + st->key.x509 = conf->x509_key; st->deinit_all = 0; return 0; @@ -108,10 +155,17 @@ public: gnutls_session_t sess; issl_status status; reference cert; + reference config; issl_session() : socket(NULL), sess(NULL) {} }; +static SSLConfig* GetSessionConfig(gnutls_session_t sess) +{ + issl_session* session = reinterpret_cast(gnutls_transport_get_ptr(sess)); + return session->config; +} + class CommandStartTLS : public SplitCommand { public: @@ -163,19 +217,11 @@ class ModuleSSLGnuTLS : public Module { issl_session* sessions; - gnutls_certificate_credentials_t x509_cred; - gnutls_dh_params_t dh_params; gnutls_digest_algorithm_t hash; - #ifdef GNUTLS_NEW_PRIO_API - gnutls_priority_t priority; - #endif std::string sslports; int dh_bits; - bool cred_alloc; - bool dh_alloc; - RandGen randhandler; CommandStartTLS starttls; @@ -263,21 +309,12 @@ class ModuleSSLGnuTLS : public Module sessions = new issl_session[ServerInstance->SE->GetMaxFds()]; gnutls_global_init(); // This must be called once in the program - gnutls_x509_privkey_init(&x509_key); - - #ifdef GNUTLS_NEW_PRIO_API - // Init this here so it's always initialized, avoids an extra boolean - gnutls_priority_init(&priority, "NORMAL", NULL); - #endif - - cred_alloc = false; - dh_alloc = false; } void init() { - // Needs the flag as it ignores a plain /rehash - OnModuleRehash(NULL,"ssl"); + currconf = new SSLConfig; + InitSSLConfig(currconf); ServerInstance->GenRandom = &randhandler; @@ -334,11 +371,30 @@ class ModuleSSLGnuTLS : public Module if(param != "ssl") return; + reference newconf = new SSLConfig; + try + { + InitSSLConfig(newconf); + } + catch (ModuleException& ex) + { + ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls: Not applying new config. %s", ex.GetReason()); + return; + } + + ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls: Applying new config, old config is in use by %d connection(s)", currconf->GetReferenceCount()-1); + currconf = newconf; + } + + void InitSSLConfig(SSLConfig* config) + { + ServerInstance->Logs->Log("m_ssl_gnutls", DEBUG, "Initializing new SSLConfig %p", (void*)config); + std::string keyfile; std::string certfile; std::string cafile; std::string crlfile; - OnRehash(user); + OnRehash(NULL); ConfigTag* Conf = ServerInstance->Config->ConfValue("gnutls"); @@ -369,28 +425,17 @@ class ModuleSSLGnuTLS : public Module int ret; - if (dh_alloc) - { - gnutls_dh_params_deinit(dh_params); - dh_alloc = false; - dh_params = NULL; - } + gnutls_certificate_credentials_t& x509_cred = config->x509_cred; - if (cred_alloc) + ret = gnutls_certificate_allocate_credentials(&x509_cred); + if (ret < 0) { - // Deallocate the old credentials - gnutls_certificate_free_credentials(x509_cred); - - for(unsigned int i=0; i < x509_certs.size(); i++) - gnutls_x509_crt_deinit(x509_certs[i]); - x509_certs.clear(); + // Set to NULL because we can't be sure what value is in it and we must not try to + // deallocate it in case of an error + x509_cred = NULL; + throw ModuleException("Failed to allocate certificate credentials: " + std::string(gnutls_strerror(ret))); } - ret = gnutls_certificate_allocate_credentials(&x509_cred); - cred_alloc = (ret >= 0); - if (!cred_alloc) - ServerInstance->Logs->Log("m_ssl_gnutls",DEBUG, "m_ssl_gnutls.so: Failed to allocate certificate credentials: %s", gnutls_strerror(ret)); - if((ret =gnutls_certificate_set_x509_trust_file(x509_cred, cafile.c_str(), GNUTLS_X509_FMT_PEM)) < 0) ServerInstance->Logs->Log("m_ssl_gnutls",DEBUG, "m_ssl_gnutls.so: Failed to set X.509 trust file '%s': %s", cafile.c_str(), gnutls_strerror(ret)); @@ -407,6 +452,8 @@ class ModuleSSLGnuTLS : public Module std::string key_string = reader.Contents(); gnutls_datum_t key_datum = { (unsigned char*)key_string.data(), static_cast(key_string.length()) }; + std::vector& x509_certs = config->x509_certs; + // If this fails, no SSL port will work. At all. So, do the smart thing - throw a ModuleException unsigned int certcount = 3; x509_certs.resize(certcount); @@ -426,6 +473,14 @@ class ModuleSSLGnuTLS : public Module } x509_certs.resize(ret); + gnutls_x509_privkey_t& x509_key = config->x509_key; + if (gnutls_x509_privkey_init(&x509_key) < 0) + { + // Make sure the destructor does not try to deallocate this, see above + x509_key = NULL; + throw ModuleException("Unable to initialize private key"); + } + if((ret = gnutls_x509_privkey_import(x509_key, &key_datum, GNUTLS_X509_FMT_PEM)) < 0) throw ModuleException("Unable to load GnuTLS server private key (" + keyfile + "): " + std::string(gnutls_strerror(ret))); @@ -433,14 +488,12 @@ class ModuleSSLGnuTLS : public Module throw ModuleException("Unable to set GnuTLS cert/key pair: " + std::string(gnutls_strerror(ret))); #ifdef GNUTLS_NEW_PRIO_API - // It's safe to call this every time as we cannot have this uninitialized, see constructor and below. - gnutls_priority_deinit(priority); - // Try to set the priorities for ciphers, kex methods etc. to the user supplied string // If the user did not supply anything then the string is already set to "NORMAL" const char* priocstr = priorities.c_str(); const char* prioerror; + gnutls_priority_t& priority = config->priority; if ((ret = gnutls_priority_init(&priority, priocstr, &prioerror)) < 0) { // gnutls did not understand the user supplied string, log and fall back to the default priorities @@ -458,10 +511,13 @@ class ModuleSSLGnuTLS : public Module #else gnutls_certificate_set_retrieve_function (x509_cred, cert_callback); #endif + + gnutls_dh_params_t& dh_params = config->dh_params; ret = gnutls_dh_params_init(&dh_params); - dh_alloc = (ret >= 0); - if (!dh_alloc) + if (ret < 0) { + // Make sure the destructor does not try to deallocate this, see above + dh_params = NULL; ServerInstance->Logs->Log("m_ssl_gnutls",DEFAULT, "m_ssl_gnutls.so: Failed to initialise DH parameters: %s", gnutls_strerror(ret)); return; } @@ -478,27 +534,24 @@ class ModuleSSLGnuTLS : public Module { // File unreadable or GnuTLS was unhappy with the contents, generate the DH primes now ServerInstance->Logs->Log("m_ssl_gnutls", DEFAULT, "m_ssl_gnutls.so: Generating DH parameters because I failed to load them from file '%s': %s", dhfile.c_str(), gnutls_strerror(ret)); - GenerateDHParams(); + GenerateDHParams(dh_params); } } else { - GenerateDHParams(); + GenerateDHParams(dh_params); } gnutls_certificate_set_dh_params(x509_cred, dh_params); } - void GenerateDHParams() + void GenerateDHParams(gnutls_dh_params_t dh_params) { // Generate Diffie Hellman parameters - for use with DHE // kx algorithms. These should be discarded and regenerated // once a day, once a week or once a month. Depending on the // security requirements. - if (!dh_alloc) - return; - int ret; if((ret = gnutls_dh_params_generate2(dh_params, dh_bits)) < 0) @@ -507,18 +560,7 @@ class ModuleSSLGnuTLS : public Module ~ModuleSSLGnuTLS() { - for(unsigned int i=0; i < x509_certs.size(); i++) - gnutls_x509_crt_deinit(x509_certs[i]); - - gnutls_x509_privkey_deinit(x509_key); - #ifdef GNUTLS_NEW_PRIO_API - gnutls_priority_deinit(priority); - #endif - - if (dh_alloc) - gnutls_dh_params_deinit(dh_params); - if (cred_alloc) - gnutls_certificate_free_credentials(x509_cred); + currconf = NULL; gnutls_global_deinit(); delete[] sessions; @@ -581,13 +623,14 @@ class ModuleSSLGnuTLS : public Module gnutls_init(&session->sess, me_server ? GNUTLS_SERVER : GNUTLS_CLIENT); session->socket = user; + session->config = currconf; #ifdef GNUTLS_NEW_PRIO_API - gnutls_priority_set(session->sess, priority); + gnutls_priority_set(session->sess, currconf->priority); #else gnutls_set_default_priority(session->sess); #endif - gnutls_credentials_set(session->sess, GNUTLS_CRD_CERTIFICATE, x509_cred); + gnutls_credentials_set(session->sess, GNUTLS_CRD_CERTIFICATE, currconf->x509_cred); gnutls_dh_set_prime_bits(session->sess, dh_bits); gnutls_transport_set_ptr(session->sess, reinterpret_cast(session)); gnutls_transport_set_push_function(session->sess, gnutls_push_wrapper); @@ -809,6 +852,7 @@ class ModuleSSLGnuTLS : public Module session->sess = NULL; session->cert = NULL; session->status = ISSL_NONE; + session->config = NULL; } void VerifyCertificate(issl_session* session, StreamSocket* user) -- cgit v1.2.3 From 3e20f7bd2959fb1f267ba03b0387443b1c30cba1 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 16 Oct 2014 21:15:31 +0200 Subject: Add interface to SSL modules that allows other modules to obtain the raw SSL session of a socket --- src/modules/extra/m_ssl_gnutls.cpp | 6 ++++++ src/modules/extra/m_ssl_openssl.cpp | 6 ++++++ src/modules/ssl.h | 15 +++++++++++++++ 3 files changed, 27 insertions(+) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 4135194c5..cdfe00b9c 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -615,6 +615,12 @@ class ModuleSSLGnuTLS : public Module req.cert = session->cert; } + else if (!strcmp("GET_RAW_SSL_SESSION", request.id)) + { + SSLRawSessionRequest& req = static_cast(request); + if ((req.fd >= 0) && (req.fd < ServerInstance->SE->GetMaxFds())) + req.data = reinterpret_cast(sessions[req.fd].sess); + } } void InitSession(StreamSocket* user, bool me_server) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 27cd3a2ae..9ca92fe52 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -392,6 +392,12 @@ class ModuleSSLOpenSSL : public Module req.cert = session->cert; } + else if (!strcmp("GET_RAW_SSL_SESSION", request.id)) + { + SSLRawSessionRequest& req = static_cast(request); + if ((req.fd >= 0) && (req.fd < ServerInstance->SE->GetMaxFds())) + req.data = reinterpret_cast(sessions[req.fd].sess); + } } void OnStreamSocketAccept(StreamSocket* user, irc::sockets::sockaddrs* client, irc::sockets::sockaddrs* server) diff --git a/src/modules/ssl.h b/src/modules/ssl.h index 9deafb830..4c877551d 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -172,4 +172,19 @@ struct UserCertificateRequest : public Request } }; +class SSLRawSessionRequest : public Request +{ + public: + const int fd; + void* data; + + SSLRawSessionRequest(int FD, Module* srcmod, Module* destmod) + : Request(srcmod, destmod, "GET_RAW_SSL_SESSION") + , fd(FD) + , data(NULL) + { + Send(); + } +}; + #endif -- cgit v1.2.3 From 8cd84786d0b710a60d25e4c9c58fdde2fb0b8211 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 16 Oct 2014 21:18:29 +0200 Subject: Initialize all fields of issl_session on module load in SSL modules --- src/modules/extra/m_ssl_gnutls.cpp | 2 +- src/modules/extra/m_ssl_openssl.cpp | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index cdfe00b9c..21b58f280 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -157,7 +157,7 @@ public: reference cert; reference config; - issl_session() : socket(NULL), sess(NULL) {} + issl_session() : socket(NULL), sess(NULL), status(ISSL_NONE) {} }; static SSLConfig* GetSessionConfig(gnutls_session_t sess) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 9ca92fe52..01bf11678 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -75,6 +75,8 @@ public: bool data_to_write; issl_session() + : sess(NULL) + , status(ISSL_NONE) { outbound = false; data_to_write = false; -- cgit v1.2.3 From a681248b3c989667c2d025758722d2c90b444abe Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 17 Oct 2014 15:40:01 +0200 Subject: m_delayjoin Only send JOIN on mode change if the mode being changed is a prefix mode --- src/modules/m_delayjoin.cpp | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/modules/m_delayjoin.cpp b/src/modules/m_delayjoin.cpp index a9a92e67a..20d4c8e8f 100644 --- a/src/modules/m_delayjoin.cpp +++ b/src/modules/m_delayjoin.cpp @@ -182,6 +182,11 @@ ModResult ModuleDelayJoin::OnRawMode(User* user, Channel* channel, const char mo if (!user || !channel || param.empty()) return MOD_RES_PASSTHRU; + ModeHandler* mh = ServerInstance->Modes->FindMode(mode, MODETYPE_CHANNEL); + // If not a prefix mode then we got nothing to do here + if (!mh || !mh->GetPrefixRank()) + return MOD_RES_PASSTHRU; + User* dest; if (IS_LOCAL(user)) dest = ServerInstance->FindNickOnly(param); -- cgit v1.2.3 From 4e9006c9676f31d0845b1a5062cd36bdd1b8796c Mon Sep 17 00:00:00 2001 From: Adam Date: Sat, 18 Oct 2014 14:28:50 -0400 Subject: Fix watch away numerics, #937 --- src/modules/m_watch.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/m_watch.cpp b/src/modules/m_watch.cpp index 074ce37ad..a86483291 100644 --- a/src/modules/m_watch.cpp +++ b/src/modules/m_watch.cpp @@ -417,7 +417,7 @@ class Modulewatch : public Module { for (std::deque::iterator n = x->second.begin(); n != x->second.end(); n++) { - (*n)->WriteNumeric(inum, numeric); + (*n)->WriteNumeric(inum, (*n)->nick + " " + numeric); } } -- cgit v1.2.3 From cb45d5c3a51eb0e2c625809ee28c618faeb4da78 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 20 Oct 2014 20:42:17 +0200 Subject: Update tag documentation --- docs/conf/modules.conf.example | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 5b79fc2b6..2af84c83b 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1146,7 +1146,8 @@ # # file - filename of existing file in "locales" directory # casemapping - custom value for 005 numeric (if you want it to be -# different from the filename). +# different from the filename). Set this to the name of +# the locale if you are specifying an absolute path. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -- cgit v1.2.3 From 5fe0592bbc049c2e7801ddb59182fa7219427d45 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 20 Oct 2014 20:48:23 +0200 Subject: m_ssl_gnutls Add compile time option for allowing sha256 certificate fingerprints --- src/modules/extra/m_ssl_gnutls.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 21b58f280..228ceb994 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -419,6 +419,10 @@ class ModuleSSLGnuTLS : public Module hash = GNUTLS_DIG_MD5; else if (hashname == "sha1") hash = GNUTLS_DIG_SHA1; +#ifdef INSPIRCD_GNUTLS_ENABLE_SHA256_FINGERPRINT + else if (hashname == "sha256") + hash = GNUTLS_DIG_SHA256; +#endif else throw ModuleException("Unknown hash type " + hashname); -- cgit v1.2.3 From f9a3f7e080ce62eefeb03f7926777e687c169f3b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 15 Oct 2014 18:27:20 +0200 Subject: m_ssl_openssl Add compile time option to enable ECDH --- src/modules/extra/m_ssl_openssl.cpp | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 01bf11678..737dab914 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -141,6 +141,38 @@ class ModuleSSLOpenSSL : public Module ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "OpenSSL %s context options: %ld", ctxname.c_str(), final); } +#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH + void SetupECDH(ConfigTag* tag) + { + std::string curvename = tag->getString("ecdhcurve", "prime256v1"); + if (curvename.empty()) + return; + + int nid = OBJ_sn2nid(curvename.c_str()); + if (nid == 0) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unknown curve: \"%s\"", curvename.c_str()); + return; + } + + EC_KEY* eckey = EC_KEY_new_by_curve_name(nid); + if (!eckey) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Unable to create EC key object"); + return; + } + + ERR_clear_error(); + if (SSL_CTX_set_tmp_ecdh(ctx, eckey) < 0) + { + ServerInstance->Logs->Log("m_ssl_openssl", DEFAULT, "m_ssl_openssl.so: Couldn't set ECDH parameters"); + ERR_print_errors_cb(error_callback, this); + } + + EC_KEY_free(eckey); + } +#endif + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) @@ -334,6 +366,10 @@ class ModuleSSLOpenSSL : public Module #ifndef _WIN32 fclose(dhpfile); #endif + +#ifdef INSPIRCD_OPENSSL_ENABLE_ECDH + SetupECDH(conf); +#endif } void On005Numeric(std::string &output) -- cgit v1.2.3 From cbb699a705d3f3d61fbb223d41e2a1c313c3609b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Fri, 17 Oct 2014 18:46:47 +0200 Subject: m_ssl_openssl Add compile time option that allows disabling renegotiations --- src/modules/extra/m_ssl_openssl.cpp | 61 +++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 737dab914..02f44f2f1 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -51,10 +51,16 @@ /* $NoPedantic */ +class ModuleSSLOpenSSL; + enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; static bool SelfSigned = false; +#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION +static ModuleSSLOpenSSL* opensslmod = NULL; +#endif + char* get_error() { return ERR_error_string(ERR_get_error(), NULL); @@ -173,10 +179,40 @@ class ModuleSSLOpenSSL : public Module } #endif +#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION + static void SSLInfoCallback(const SSL* ssl, int where, int rc) + { + int fd = SSL_get_fd(const_cast(ssl)); + issl_session& session = opensslmod->sessions[fd]; + + if ((where & SSL_CB_HANDSHAKE_START) && (session.status == ISSL_OPEN)) + { + // The other side is trying to renegotiate, kill the connection and change status + // to ISSL_NONE so CheckRenego() closes the session + session.status = ISSL_NONE; + ServerInstance->SE->Shutdown(fd, 2); + } + } + + bool CheckRenego(StreamSocket* sock, issl_session* session) + { + if (session->status != ISSL_NONE) + return true; + + ServerInstance->Logs->Log("m_ssl_openssl", DEBUG, "Session %p killed, attempted to renegotiate", (void*)session->sess); + CloseSession(session); + sock->SetError("Renegotiation is not allowed"); + return false; + } +#endif + public: ModuleSSLOpenSSL() : iohook(this, "ssl/openssl", SERVICE_IOHOOK) { +#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION + opensslmod = this; +#endif sessions = new issl_session[ServerInstance->SE->GetMaxFds()]; /* Global SSL library initialization*/ @@ -235,6 +271,20 @@ class ModuleSSLOpenSSL : public Module ConfigTag* Conf = ServerInstance->Config->ConfValue("openssl"); +#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION + // Set the callback if we are not allowing renegotiations, unset it if we do + if (Conf->getBool("renegotiation", true)) + { + SSL_CTX_set_info_callback(ctx, NULL); + SSL_CTX_set_info_callback(clictx, NULL); + } + else + { + SSL_CTX_set_info_callback(ctx, SSLInfoCallback); + SSL_CTX_set_info_callback(clictx, SSLInfoCallback); + } +#endif + if (Conf->getBool("showports", true)) { sslports = Conf->getString("advertisedports"); @@ -533,6 +583,11 @@ class ModuleSSLOpenSSL : public Module size_t bufsiz = ServerInstance->Config->NetBufferSize; int ret = SSL_read(session->sess, buffer, bufsiz); +#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION + if (!CheckRenego(user, session)) + return -1; +#endif + if (ret > 0) { recvq.append(buffer, ret); @@ -601,6 +656,12 @@ class ModuleSSLOpenSSL : public Module { ERR_clear_error(); int ret = SSL_write(session->sess, buffer.data(), buffer.size()); + +#ifdef INSPIRCD_OPENSSL_ENABLE_RENEGO_DETECTION + if (!CheckRenego(user, session)) + return -1; +#endif + if (ret == (int)buffer.length()) { session->data_to_write = false; -- cgit v1.2.3 From d9b075e182b029fd2e18c0edb28a693da9fb2118 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 22 Oct 2014 00:25:05 +0200 Subject: Set the parameter of -b to the banmask actually removed This is needed because of the case insensitive match --- src/modes/cmode_b.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/src/modes/cmode_b.cpp b/src/modes/cmode_b.cpp index 09df05100..e45f191f7 100644 --- a/src/modes/cmode_b.cpp +++ b/src/modes/cmode_b.cpp @@ -168,6 +168,7 @@ std::string& ModeChannelBan::DelBan(User *user, std::string& dest, Channel *chan dest.clear(); return dest; } + dest = i->data; chan->bans.erase(i); return dest; } -- cgit v1.2.3 From 8a3b2f80919eab18567ad526dae84d80032de4f5 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 22 Oct 2014 19:21:04 +0200 Subject: Check the return value of getnameinfo() on Windows in insp_inet_ntop() and return NULL if it fails --- win/inspircd_win32wrapper.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/win/inspircd_win32wrapper.cpp b/win/inspircd_win32wrapper.cpp index 7707dea0c..d66797f13 100644 --- a/win/inspircd_win32wrapper.cpp +++ b/win/inspircd_win32wrapper.cpp @@ -38,8 +38,8 @@ CoreExport const char *insp_inet_ntop(int af, const void *src, char *dst, sockle memset(&in, 0, sizeof(in)); in.sin_family = AF_INET; memcpy(&in.sin_addr, src, sizeof(struct in_addr)); - getnameinfo((struct sockaddr *)&in, sizeof(struct sockaddr_in), dst, cnt, NULL, 0, NI_NUMERICHOST); - return dst; + if (getnameinfo((struct sockaddr *)&in, sizeof(struct sockaddr_in), dst, cnt, NULL, 0, NI_NUMERICHOST) == 0) + return dst; } else if (af == AF_INET6) { @@ -47,8 +47,8 @@ CoreExport const char *insp_inet_ntop(int af, const void *src, char *dst, sockle memset(&in, 0, sizeof(in)); in.sin6_family = AF_INET6; memcpy(&in.sin6_addr, src, sizeof(struct in_addr6)); - getnameinfo((struct sockaddr *)&in, sizeof(struct sockaddr_in6), dst, cnt, NULL, 0, NI_NUMERICHOST); - return dst; + if (getnameinfo((struct sockaddr *)&in, sizeof(struct sockaddr_in6), dst, cnt, NULL, 0, NI_NUMERICHOST) == 0) + return dst; } return NULL; } -- cgit v1.2.3 From 7571d61a328b3ea75a307a3ff24c38cc02c8d108 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Wed, 22 Oct 2014 19:27:32 +0200 Subject: Fail AAAA DNS queries if inet_ntop() fails --- src/dns.cpp | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/dns.cpp b/src/dns.cpp index 977f4bad0..75e5731fe 100644 --- a/src/dns.cpp +++ b/src/dns.cpp @@ -677,7 +677,13 @@ DNSResult DNS::GetResult() case DNS_QUERY_AAAA: { - inet_ntop(AF_INET6, data.first, formatted, sizeof(formatted)); + if (!inet_ntop(AF_INET6, data.first, formatted, sizeof(formatted))) + { + std::string ro = req->orig; + delete req; + return DNSResult(this_id | ERROR_MASK, "inet_ntop() failed", 0, ro); + } + resultstr = formatted; /* Special case. Sending ::1 around between servers -- cgit v1.2.3 From 9e42a8e8f77b3c9fa65d7d2384b3d145f46e1376 Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 20 Oct 2014 15:14:54 -0400 Subject: Fix m_banredirect causing bans added for hosts being rewritten as nicks --- src/modules/m_banredirect.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/modules/m_banredirect.cpp b/src/modules/m_banredirect.cpp index 2e2592541..1b9e361bf 100644 --- a/src/modules/m_banredirect.cpp +++ b/src/modules/m_banredirect.cpp @@ -75,6 +75,9 @@ class BanRedirect : public ModeWatcher if (param.length() >= 2 && param[1] == ':') return true; + if (param.find('#') == std::string::npos) + return true; + if(adding && (channel->bans.size() > static_cast(maxbans))) { source->WriteNumeric(478, "%s %s :Channel ban list for %s is full (maximum entries for this channel is %ld)", source->nick.c_str(), channel->name.c_str(), channel->name.c_str(), maxbans); @@ -119,6 +122,14 @@ class BanRedirect : public ModeWatcher mask[NICK].swap(mask[IDENT]); } + if (!mask[NICK].empty() && mask[IDENT].empty() && mask[HOST].empty()) + { + if (mask[NICK].find('.') != std::string::npos || mask[NICK].find(':') != std::string::npos) + { + mask[NICK].swap(mask[HOST]); + } + } + for(int i = 0; i < 3; i++) { if(mask[i].empty()) -- cgit v1.2.3 From 6cc3e6be818f8d15c41e32787ba6885d501e8ed4 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Thu, 23 Oct 2014 17:59:44 +0200 Subject: m_delaymsg Add option to disallow NOTICEs too --- docs/conf/modules.conf.example | 2 ++ src/modules/m_delaymsg.cpp | 19 ++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 2af84c83b..30b8181ac 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -695,6 +695,8 @@ # from talking in the channel unless they've been joined for X seconds. # Settable using /MODE #chan +d 30 # +# Set allownotice to no to disallow NOTICEs too. Defaults to yes. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Deny channels module: Deny channels from being used by users. diff --git a/src/modules/m_delaymsg.cpp b/src/modules/m_delaymsg.cpp index cfc06866a..978ab55d2 100644 --- a/src/modules/m_delaymsg.cpp +++ b/src/modules/m_delaymsg.cpp @@ -52,12 +52,15 @@ class ModuleDelayMsg : public Module { ServerInstance->Modules->AddService(djm); ServerInstance->Modules->AddService(djm.jointime); - Implementation eventlist[] = { I_OnUserJoin, I_OnUserPreMessage}; + Implementation eventlist[] = { I_OnUserJoin, I_OnUserPreMessage, I_OnRehash }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); + OnRehash(NULL); } Version GetVersion(); void OnUserJoin(Membership* memb, bool sync, bool created, CUList&); ModResult OnUserPreMessage(User* user, void* dest, int target_type, std::string &text, char status, CUList &exempt_list); + ModResult OnUserPreNotice(User* user, void* dest, int target_type, std::string& text, char status, CUList& exempt_list); + void OnRehash(User* user); }; ModeAction DelayMsgMode::OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding) @@ -144,5 +147,19 @@ ModResult ModuleDelayMsg::OnUserPreMessage(User* user, void* dest, int target_ty return MOD_RES_PASSTHRU; } +ModResult ModuleDelayMsg::OnUserPreNotice(User* user, void* dest, int target_type, std::string& text, char status, CUList& exempt_list) +{ + return OnUserPreMessage(user, dest, target_type, text, status, exempt_list); +} + +void ModuleDelayMsg::OnRehash(User* user) +{ + ConfigTag* tag = ServerInstance->Config->ConfValue("delaymsg"); + if (tag->getBool("allownotice", true)) + ServerInstance->Modules->Detach(I_OnUserPreNotice, this); + else + ServerInstance->Modules->Attach(I_OnUserPreNotice, this); +} + MODULE_INIT(ModuleDelayMsg) -- cgit v1.2.3 From d04979df092f93e2e0031b0d866afff418994e05 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Tue, 21 Oct 2014 09:37:50 +0100 Subject: Fix some small bugs in the makefile template. - GCC in C++ mode should be called g++ not gcc. - ICC in C++ mode should be called icpc not icc. --- make/template/main.mk | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/make/template/main.mk b/make/template/main.mk index e55e36c0a..f88a80e3a 100644 --- a/make/template/main.mk +++ b/make/template/main.mk @@ -50,7 +50,7 @@ INSTMODE_DIR = 0755 INSTMODE_BIN = 0755 INSTMODE_LIB = 0644 -@IFEQ $(CC) icc +@IFEQ $(CC) icpc CXXFLAGS += -Wshadow @ELSE CXXFLAGS += -pedantic -Woverloaded-virtual -Wshadow -Wformat=2 -Wmissing-format-attribute -Wall @@ -91,7 +91,7 @@ INSTMODE_LIB = 0644 DBGOK=0 @IFEQ $(D) 0 CXXFLAGS += -O2 -@IFEQ $(CC) gcc +@IFEQ $(CC) g++ CXXFLAGS += -g1 @ENDIF HEADER = std-header -- cgit v1.2.3 From 92e84bea6186b8d5ef44cee18b75d0bb633afb8e Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Tue, 21 Oct 2014 22:05:51 +0100 Subject: Use clang++ on FreeBSD 10 instead of g++. --- configure | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/configure b/configure index 33e9b4c50..6a8e28fe9 100755 --- a/configure +++ b/configure @@ -260,6 +260,11 @@ if ($config{OSNAME} =~ /darwin/i) $config{STARTSCRIPT} = "org.inspircd.plist"; # start script for OSX. $config{CC} = "xcrun clang++"; # C++ compiler for OSX. } +elsif ($config{OSNAME} =~ /freebsd/i) +{ + chomp(my $fbsd_version = `uname -r`); + $config{CC} = $fbsd_version ge '10.0' ? 'clang++' : 'g++'; +} else { $config{CC} = "g++"; # C++ compiler @@ -281,11 +286,8 @@ if ($config{HAS_OPENSSL} =~ /^([-[:digit:].]+)(?:[a-z])?(?:\-[a-z][0-9])?/) { } if (($config{GCCVER} eq "") || ($config{GCCMINOR} eq "")) { - if ($config{IS_DARWIN} eq "YES") { - print $config{CC} . " was not found! You require clang++ (the LLVM C++ compiler, part of the OSX developer tools) to build InspIRCd!\n"; - } else { - print $config{CC} . " was not found! You require g++ (the GNU C++ compiler, part of GCC) to build InspIRCd!\n"; - } + print "`$config{CC}` was not found! A C++ compiler is required to build InspIRCd!\n"; + print "You can pass a custom compiler to $0 using --with-cc=[name].\n"; exit; } -- cgit v1.2.3 From a49fd4cba6a44334eb5a39c6fbe8f6cebd55d0c7 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 25 Aug 2014 13:04:17 +0100 Subject: Use gnutls_rnd instead of gcry_randomize on newer GnuTLS versions. This is a modified version of 690c372. Fixes #905. --- make/utilities.pm | 9 +++++++++ src/modules/extra/m_ssl_gnutls.cpp | 9 +++------ 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/make/utilities.pm b/make/utilities.pm index 42dd6b547..ae16ce3dc 100644 --- a/make/utilities.pm +++ b/make/utilities.pm @@ -319,6 +319,15 @@ sub translate_functions($$) die "Developers should no longer use backticks in configuration macros. Please use exec() and eval() macros instead. Offending line: $line (In module: $module)"; } + if ($line =~ /if(gt|lt)\("(.+?)","(.+?)"\)/) { + chomp(my $result = `$2 2>/dev/null`); + if (($1 eq 'gt' && $result le $3) || ($1 eq 'lt' && $result ge $3)) { + $line = substr $line, 0, $-[0]; + } else { + $line =~ s/if$1\("$2","$3"\)//; + } + } + if ($line =~ /ifuname\(\!"(\w+)"\)/) { my $uname = $1; diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 228ceb994..3b67a6180 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -22,9 +22,6 @@ #include "inspircd.h" -#ifndef _WIN32 -#include -#endif #include #include #include "ssl.h" @@ -35,8 +32,8 @@ #endif /* $ModDesc: Provides SSL support for clients */ -/* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") exec("libgcrypt-config --cflags") */ -/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") exec("libgcrypt-config --libs") */ +/* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") iflt("pkg-config --modversion gnutls","2.12") exec("libgcrypt-config --cflags") */ +/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") iflt("pkg-config --modversion gnutls","2.12") exec("libgcrypt-config --libs") */ /* $NoPedantic */ #ifndef GNUTLS_VERSION_MAJOR @@ -55,7 +52,7 @@ typedef gnutls_certificate_credentials_t gnutls_certificate_credentials; typedef gnutls_dh_params_t gnutls_dh_params; #endif -#if (defined(_WIN32) && (GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 12))) +#if (GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 12)) # define GNUTLS_HAS_RND # include #else -- cgit v1.2.3 From 382662a8a4ae5c501b096643cb8f09d2d9d084d0 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Sun, 26 Oct 2014 18:01:24 +0100 Subject: Remove some dead code found by Coverity --- src/modules/extra/m_ssl_openssl.cpp | 4 +--- src/modules/m_spanningtree/treesocket.h | 2 -- 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 02f44f2f1..b21091d3f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -750,10 +750,8 @@ class ModuleSSLOpenSSL : public Module else if (ret == 0) { CloseSession(session); - return false; } - - return true; + return false; } void CloseSession(issl_session* session) diff --git a/src/modules/m_spanningtree/treesocket.h b/src/modules/m_spanningtree/treesocket.h index d8445572b..abda28335 100644 --- a/src/modules/m_spanningtree/treesocket.h +++ b/src/modules/m_spanningtree/treesocket.h @@ -97,8 +97,6 @@ class TreeSocket : public BufferedSocket ServerState LinkState; /* Link state */ CapabData* capab; /* Link setup data (held until burst is sent) */ TreeServer* MyRoot; /* The server we are talking to */ - time_t NextPing; /* Time when we are due to ping this server */ - bool LastPingWasGood; /* Responded to last ping we sent? */ int proto_version; /* Remote protocol version */ bool ConnectionFailureShown; /* Set to true if a connection failure message was shown */ -- cgit v1.2.3 From c99a43968f6a04c7d5d3038b4e39d14c22aa6e89 Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Sun, 26 Oct 2014 18:05:40 +0100 Subject: Release v2.0.18 --- src/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.sh b/src/version.sh index 8246485b1..7c54efc71 100755 --- a/src/version.sh +++ b/src/version.sh @@ -1,2 +1,2 @@ #!/bin/sh -echo "InspIRCd-2.0.17" +echo "InspIRCd-2.0.18" -- cgit v1.2.3