From 74fafb7f11b06747f69f182ad5e3769b665eea7a Mon Sep 17 00:00:00 2001 From: Adam Date: Fri, 2 Sep 2016 22:57:03 -0400 Subject: m_sasl: don't allow AUTHENTICATE with mechanisms with a space --- src/modules/m_sasl.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 9cb5592d1..16a15357f 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -189,6 +189,7 @@ class CommandAuthenticate : public Command : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap) { works_before_reg = true; + allow_empty_last_param = false; } CmdResult Handle (const std::vector& parameters, User *user) @@ -199,6 +200,9 @@ class CommandAuthenticate : public Command if (!cap.ext.get(user)) return CMD_FAILURE; + if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') + return CMD_FAILURE; + SaslAuthenticator *sasl = authExt.get(user); if (!sasl) authExt.set(user, new SaslAuthenticator(user, parameters[0])); -- cgit v1.2.3 From ef23e4c07320fbbbf9d142878aae05a3e87eff0f Mon Sep 17 00:00:00 2001 From: Adam Date: Sat, 3 Sep 2016 10:51:50 -0400 Subject: Release v2.0.23 --- src/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.sh b/src/version.sh index 5e2b31314..74a583759 100755 --- a/src/version.sh +++ b/src/version.sh @@ -1,2 +1,2 @@ #!/bin/sh -echo "InspIRCd-2.0.22" +echo "InspIRCd-2.0.23" -- cgit v1.2.3 From 27b5df44ec546f9b9f3b2783a7505c920f101aad Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 5 Sep 2016 22:26:33 -0400 Subject: m_sasl: really abort sasl session on register --- src/modules/m_sasl.cpp | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 16a15357f..649c21809 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -268,7 +268,7 @@ class ModuleSASL : public Module void init() { OnRehash(NULL); - Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash }; + Implementation eventlist[] = { I_OnEvent, I_OnUserConnect, I_OnRehash }; ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); ServiceProvider* providelist[] = { &auth, &sasl, &authExt }; @@ -283,7 +283,7 @@ class ModuleSASL : public Module sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*"); } - ModResult OnUserRegister(LocalUser *user) + void OnUserConnect(LocalUser *user) { SaslAuthenticator *sasl_ = authExt.get(user); if (sasl_) @@ -291,8 +291,6 @@ class ModuleSASL : public Module sasl_->Abort(); authExt.unset(user); } - - return MOD_RES_PASSTHRU; } Version GetVersion() -- cgit v1.2.3 From d3b82b2f7f75f56c318830ad0cc0c6e3d3b4a7c6 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Sun, 25 Sep 2016 21:41:05 +0100 Subject: Invalidate the caches properly when User::SetClientIP is called. --- src/users.cpp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/users.cpp b/src/users.cpp index 418f2c9aa..685ef9743 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -837,6 +837,7 @@ void LocalUser::FullConnect() void User::InvalidateCache() { /* Invalidate cache */ + cachedip.clear(); cached_fullhost.clear(); cached_hostip.clear(); cached_makehost.clear(); @@ -1001,8 +1002,7 @@ irc::sockets::cidr_mask User::GetCIDRMask() bool User::SetClientIP(const char* sip, bool recheck_eline) { - cachedip.clear(); - cached_hostip.clear(); + this->InvalidateCache(); return irc::sockets::aptosa(sip, 0, client_sa); } -- cgit v1.2.3 From 9172e9dea822a04fbaf26b420c160558730dce15 Mon Sep 17 00:00:00 2001 From: Anatole Denis Date: Sun, 9 Oct 2016 18:19:23 +0200 Subject: m_httpd_stats: Also sanitize other server gecos --- src/modules/m_httpd_stats.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/m_httpd_stats.cpp b/src/modules/m_httpd_stats.cpp index 2fc7ca7de..e17bf514f 100644 --- a/src/modules/m_httpd_stats.cpp +++ b/src/modules/m_httpd_stats.cpp @@ -213,7 +213,7 @@ class ModuleHttpStats : public Module data << ""; data << "" << b->servername << ""; data << "" << b->parentname << ""; - data << "" << b->gecos << ""; + data << "" << Sanitize(b->gecos) << ""; data << "" << b->usercount << ""; // This is currently not implemented, so, commented out. // data << "" << b->opercount << ""; -- cgit v1.2.3 From 63a00a858cb482624cc5d3b357cbc25958fd8112 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Tue, 8 Nov 2016 08:15:25 +0000 Subject: Workaround modern Perls not adding . to @INC. --- configure | 1 + modulemanager | 1 + 2 files changed, 2 insertions(+) diff --git a/configure b/configure index e8c3deb0d..7dbccadf2 100755 --- a/configure +++ b/configure @@ -28,6 +28,7 @@ BEGIN { require 5.8.0; + push @INC, '.'; } use strict; diff --git a/modulemanager b/modulemanager index af5bf113c..b107f2c1f 100755 --- a/modulemanager +++ b/modulemanager @@ -25,6 +25,7 @@ use warnings FATAL => qw(all); use make::configure; BEGIN { + push @INC, '.'; unless (module_installed("LWP::Simple")) { die "Your system is missing the LWP::Simple Perl module!"; } -- cgit v1.2.3 From 0c78ad71d32e4062827f2ebac927bdbf43c091ba Mon Sep 17 00:00:00 2001 From: Adam Date: Sat, 12 Nov 2016 18:55:26 -0500 Subject: m_cloaking: fix host/ip comparisons #1249 --- src/modules/m_cloaking.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 105d68833..1bf99f919 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -493,11 +493,14 @@ class ModuleCloaking : public Module { std::string chost; + irc::sockets::sockaddrs hostip; + bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip; + switch (mode) { case MODE_COMPAT_HOST: { - if (ipstr != host) + if (!host_is_ip) { std::string tail = LastTwoDomainParts(host); @@ -520,7 +523,7 @@ class ModuleCloaking : public Module break; case MODE_HALF_CLOAK: { - if (ipstr != host) + if (!host_is_ip) chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host); if (chost.empty() || chost.length() > 50) chost = SegmentIP(ip, false); -- cgit v1.2.3 From 0cffd89447c9c0f2b145c634d92207bd9b73c2fe Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Wed, 12 Oct 2016 18:14:54 +0100 Subject: Add a bigger warning about deprecated things being removed. --- docs/conf/modules.conf.example | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 97d69da90..acafb327c 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -421,6 +421,9 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Chanprotect module: Gives +q and +a channel modes. +# +# IMPORTANT: This module has been removed in the next major version of +# InspIRCd. You should use m_customprefix instead. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -- cgit v1.2.3 From 7ddef68f44ecb01f891e55a680078f7857fb866f Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 21 Nov 2016 20:56:39 -0500 Subject: socketengine_epoll: use getrlimit not ulimit --- src/socketengines/socketengine_epoll.cpp | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/src/socketengines/socketengine_epoll.cpp b/src/socketengines/socketengine_epoll.cpp index f2837777a..d5f017347 100644 --- a/src/socketengines/socketengine_epoll.cpp +++ b/src/socketengines/socketengine_epoll.cpp @@ -25,7 +25,7 @@ #include "exitcodes.h" #include "socketengine.h" #include -#include +#include #include #define EP_DELAY 5 @@ -55,10 +55,11 @@ public: EPollEngine::EPollEngine() { CurrentSetSize = 0; - int max = ulimit(4, 0); - if (max > 0) + + struct rlimit limit; + if (!getrlimit(RLIMIT_NOFILE, &limit)) { - MAX_DESCRIPTORS = max; + MAX_DESCRIPTORS = limit.rlim_cur; } else { -- cgit v1.2.3 From b68ba97cf97ffd5aa06a7dd86ad86c71e852413d Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Fri, 2 Dec 2016 14:04:30 +0000 Subject: Backport the master Travis changes to insp20. --- .travis.yml | 15 ++++++++------- tools/travis-ci.sh | 5 ----- 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/.travis.yml b/.travis.yml index 631802526..bb82add9b 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,12 +1,13 @@ compiler: - - "clang" - - "gcc" -language: "cpp" + - clang + - gcc +dist: trusty +env: + - PURE_STATIC=1 + - +language: cpp notifications: email: false -os: - - "linux" - - "osx" script: - - "sh ./tools/travis-ci.sh" + - sh ./tools/travis-ci.sh sudo: required diff --git a/tools/travis-ci.sh b/tools/travis-ci.sh index 6dbc82300..42b07fa25 100755 --- a/tools/travis-ci.sh +++ b/tools/travis-ci.sh @@ -4,11 +4,6 @@ if [ "$TRAVIS_OS_NAME" = "linux" ] then sudo apt-get update --assume-yes sudo apt-get install --assume-yes libgeoip-dev libgnutls-dev libldap2-dev libmysqlclient-dev libpcre3-dev libpq-dev libsqlite3-dev libssl-dev libtre-dev -elif [ "$TRAVIS_OS_NAME" = "osx" ] -then - brew update - brew install geoip gnutls mysql-connector-c openssl pcre postgresql sqlite3 tre - brew link sqlite3 --force else >&2 echo "'$TRAVIS_OS_NAME' is an unknown Travis CI environment!" exit 1 -- cgit v1.2.3 From 348a746b9809834650e736cefcdecd76a6b13e83 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Fri, 2 Dec 2016 14:15:11 +0000 Subject: Fix pure static builds. --- make/calcdep.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make/calcdep.pl b/make/calcdep.pl index 4a759a24a..49506dd3b 100755 --- a/make/calcdep.pl +++ b/make/calcdep.pl @@ -160,7 +160,7 @@ END obj/ld-extra.cmd: $core_src \@\$(SOURCEPATH)/make/unit-cc.pl gen-ld\$(VERBOSE) \$\@ \$^ \$> -bin/inspircd: obj/ld-extra.cmd $core_mk +bin/inspircd: $core_mk obj/ld-extra.cmd \@\$(SOURCEPATH)/make/unit-cc.pl static-ld\$(VERBOSE) \$\@ \$^ \$> inspircd: bin/inspircd -- cgit v1.2.3 From c165759fbe0dc1c1632cd5369dd1550f28f45a3b Mon Sep 17 00:00:00 2001 From: Attila Molnar Date: Mon, 5 Dec 2016 11:37:08 +0100 Subject: Fix users receiving a QUIT with themselves as source when host cycling in certain cases The OnBuildNeighborList handler in m_auditorium can add the cycling user to the exceptions as an always send exception. To fix, remove the user from the exceptions before processing them. Reported by @genius3000 on IRC --- src/users.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/users.cpp b/src/users.cpp index 418f2c9aa..af0e15f65 100644 --- a/src/users.cpp +++ b/src/users.cpp @@ -1398,6 +1398,8 @@ void User::DoHostCycle(const std::string &quitline) FOREACH_MOD(I_OnBuildNeighborList,OnBuildNeighborList(this, include_c, exceptions)); + // Users shouldn't see themselves quitting when host cycling + exceptions.erase(this); for (std::map::iterator i = exceptions.begin(); i != exceptions.end(); ++i) { LocalUser* u = IS_LOCAL(i->first); -- cgit v1.2.3 From d494c188245e1c80c9556a6a7efafd6fe8f4f6de Mon Sep 17 00:00:00 2001 From: genius3000 Date: Mon, 21 Nov 2016 11:44:18 -0700 Subject: Fix SpanningTreeProtocolInterface::SendChannelPrivmsg() and SendChannelNotice() sending statusmsgs to whole channel --- src/modules/m_spanningtree/protocolinterface.cpp | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/src/modules/m_spanningtree/protocolinterface.cpp b/src/modules/m_spanningtree/protocolinterface.cpp index 3ab5dae9d..ca4147fea 100644 --- a/src/modules/m_spanningtree/protocolinterface.cpp +++ b/src/modules/m_spanningtree/protocolinterface.cpp @@ -137,9 +137,6 @@ void SpanningTreeProtocolInterface::PushToClient(User* target, const std::string void SpanningTreeProtocolInterface::SendChannel(Channel* target, char status, const std::string &text) { - std::string cname = target->name; - if (status) - cname = status + cname; TreeServerList list; CUList exempt_list; Utils->GetListOfServersForChannel(target,list,status,exempt_list); @@ -154,12 +151,20 @@ void SpanningTreeProtocolInterface::SendChannel(Channel* target, char status, co void SpanningTreeProtocolInterface::SendChannelPrivmsg(Channel* target, char status, const std::string &text) { - SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" PRIVMSG "+target->name+" :"+text); + std::string cname = target->name; + if (status) + cname.insert(0, 1, status); + + SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" PRIVMSG "+cname+" :"+text); } void SpanningTreeProtocolInterface::SendChannelNotice(Channel* target, char status, const std::string &text) { - SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" NOTICE "+target->name+" :"+text); + std::string cname = target->name; + if (status) + cname.insert(0, 1, status); + + SendChannel(target, status, ":" + ServerInstance->Config->GetSID()+" NOTICE "+cname+" :"+text); } void SpanningTreeProtocolInterface::SendUserPrivmsg(User* target, const std::string &text) -- cgit v1.2.3 From 60f150653a066cda7f52e9478b0646628facbefa Mon Sep 17 00:00:00 2001 From: Sheogorath Date: Sat, 10 Dec 2016 22:25:43 +0100 Subject: fix channel rank issue --- src/modules/m_override.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/modules/m_override.cpp b/src/modules/m_override.cpp index 3e42c4f79..2c2d6a3a2 100644 --- a/src/modules/m_override.cpp +++ b/src/modules/m_override.cpp @@ -101,7 +101,8 @@ class ModuleOverride : public Module if (IS_OPER(source) && CanOverride(source,"KICK")) { // If the kicker's status is less than the target's, or the kicker's status is less than or equal to voice - if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE)) + if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE) || + (memb->chan->GetPrefixValue(source) == HALFOP_VALUE) && (memb->getRank() == HALFOP_VALUE)) { ServerInstance->SNO->WriteGlobalSno('v',source->nick+" used oper override to kick "+memb->user->nick+" on "+memb->chan->name+" ("+reason+")"); return MOD_RES_ALLOW; -- cgit v1.2.3 From d0cd749a70646f2c2bbd616a9934fada22ad1ffd Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 19 Dec 2016 19:13:24 -0500 Subject: m_sasl: send host/ip info --- src/modules/m_sasl.cpp | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 649c21809..db96f9dfa 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -51,10 +51,26 @@ class SaslAuthenticator SaslResult result; bool state_announced; + void SendHostIP() + { + parameterlist params; + params.push_back(sasl_target); + params.push_back("SASL"); + params.push_back(user->uuid); + params.push_back("*"); + params.push_back("H"); + params.push_back(user->host); + params.push_back(user->GetIPString()); + + SendSASL(params); + } + public: SaslAuthenticator(User* user_, const std::string& method) : user(user_), state(SASL_INIT), state_announced(false) { + SendHostIP(); + parameterlist params; params.push_back(sasl_target); params.push_back("SASL"); -- cgit v1.2.3 From cb993a43a6b228d34a82146f7988592faac22d3c Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 26 Dec 2016 07:01:03 +0000 Subject: Use clock_gettime() on macOS 10.12. --- configure | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/configure b/configure index 7dbccadf2..d3569d0d0 100755 --- a/configure +++ b/configure @@ -877,6 +877,10 @@ print FILEHANDLE "#define MAXBUF " . ($config{MAXBUF}+2) . "\n"; } if ($config{OSNAME} !~ /DARWIN/i) { print FILEHANDLE "#define HAS_CLOCK_GETTIME\n"; + } else { + print FILEHANDLE "#ifdef MAC_OS_X_VERSION_10_12\n"; + print FILEHANDLE "# define HAS_CLOCK_GETTIME\n"; + print FILEHANDLE "#endif\n"; } my $use_hiperf = 0; if (($has_kqueue) && ($config{USE_KQUEUE} eq "y")) { -- cgit v1.2.3 From 0904978757187d40a7fd5a098887890d0b002700 Mon Sep 17 00:00:00 2001 From: Adam Date: Sun, 8 Jan 2017 14:18:24 -0500 Subject: m_dnsbl: check returned results are in 127.0.0.0/8 --- src/modules/m_dnsbl.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/modules/m_dnsbl.cpp b/src/modules/m_dnsbl.cpp index d4101686a..3dea080ce 100644 --- a/src/modules/m_dnsbl.cpp +++ b/src/modules/m_dnsbl.cpp @@ -70,8 +70,8 @@ class DNSBLResolver : public Resolver int i = countExt.get(them); if (i) countExt.set(them, i - 1); - // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d - if(result.length()) + // All replies should be in 127.0.0.0/8 + if (result.compare(0, 4, "127.") == 0) { unsigned int bitmask = 0, record = 0; bool match = false; @@ -82,6 +82,7 @@ class DNSBLResolver : public Resolver switch (ConfEntry->type) { case DNSBLConfEntry::A_BITMASK: + // Now we calculate the bitmask: 256*(256*(256*a+b)+c)+d bitmask = resultip.s_addr >> 24; /* Last octet (network byte order) */ bitmask &= ConfEntry->bitmask; match = (bitmask != 0); @@ -196,7 +197,11 @@ class DNSBLResolver : public Resolver ConfEntry->stats_misses++; } else + { + if (!result.empty()) + ServerInstance->SNO->WriteGlobalSno('a', "DNSBL: %s returned address outside of acceptable subnet 127.0.0.0/8: %s", ConfEntry->domain.c_str(), result.c_str()); ConfEntry->stats_misses++; + } } } -- cgit v1.2.3 From fc46f1790f17414536c4a0f4c8417079317ae5db Mon Sep 17 00:00:00 2001 From: Adam Date: Sun, 26 Feb 2017 16:59:16 -0500 Subject: m_sasl: use host/ip from m_cgiirc if applicable --- src/modules/m_sasl.cpp | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index db96f9dfa..5afab9502 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -51,16 +51,53 @@ class SaslAuthenticator SaslResult result; bool state_announced; + /* taken from m_services_account */ + static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out) + { + ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname); + if (!wiext) + return false; + + if (wiext->creator->ModuleSourceFile != "m_cgiirc.so") + return false; + + StringExtItem* stringext = static_cast(wiext); + std::string* addr = stringext->get(user); + if (!addr) + return false; + + out = *addr; + return true; + } + + void SendHostIP() { + std::string host, ip; + + if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host)) + { + host = user->host; + } + if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip)) + { + ip = user->GetIPString(); + } + else + { + /* IP addresses starting with a : on irc are a Bad Thing (tm) */ + if (ip.c_str()[0] == ':') + ip.insert(ip.begin(),1,'0'); + } + parameterlist params; params.push_back(sasl_target); params.push_back("SASL"); params.push_back(user->uuid); params.push_back("*"); params.push_back("H"); - params.push_back(user->host); - params.push_back(user->GetIPString()); + params.push_back(host); + params.push_back(ip); SendSASL(params); } -- cgit v1.2.3 From 756c89cfccb4039bf5b4b59662a0bd7c379287a3 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Mon, 20 Mar 2017 10:24:01 +0000 Subject: Fix some compiler warnings. warning: macro name is a reserved identifier [-Wreserved-id-macro] warning: extra ';' after member function definition [-Wextra-semi] --- configure | 4 ++-- include/base.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configure b/configure index d3569d0d0..0cf165a0a 100755 --- a/configure +++ b/configure @@ -840,8 +840,8 @@ sub writefiles { open(FILEHANDLE, ">include/inspircd_config.h.tmp"); print FILEHANDLE < Date: Mon, 20 Mar 2017 07:59:48 -0400 Subject: cmd_who: don't show +p channels or channels hidden with m_hidechans Fixes #1276 --- src/commands/cmd_who.cpp | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/commands/cmd_who.cpp b/src/commands/cmd_who.cpp index 90c26a974..8438f8cdd 100644 --- a/src/commands/cmd_who.cpp +++ b/src/commands/cmd_who.cpp @@ -58,13 +58,15 @@ class CommandWho : public Command }; -static Channel* get_first_visible_channel(User *u) +static Channel* get_first_visible_channel(User *source, User *u) { UCListIter i = u->chans.begin(); while (i != u->chans.end()) { Channel* c = *i++; - if (!c->IsModeSet('s')) + + /* XXX move the +I check into m_hidechans */ + if (source == u || !(c->IsModeSet('s') || c->IsModeSet('p') || u->IsModeSet('I')) || c->HasUser(source)) return c; } return NULL; @@ -189,7 +191,7 @@ bool CommandWho::CanView(Channel* chan, User* user) void CommandWho::SendWhoLine(User* user, const std::vector& parms, const std::string &initial, Channel* ch, User* u, std::vector &whoresults) { if (!ch) - ch = get_first_visible_channel(u); + ch = get_first_visible_channel(user, u); std::string wholine = initial + (ch ? ch->name : "*") + " " + u->ident + " " + (opt_showrealhost ? u->host : u->dhost) + " "; -- cgit v1.2.3 From 3f1eb79c7fa82737fda9c9a712724ba2f27651e9 Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 20 Mar 2017 09:35:13 -0400 Subject: m_ldapauth: fix providing username in PASS This has never worked because it never prepended attribute= to the search string. It also would prefer matching nick/ident over the user string provided which is inconsistent, since your ability to authenticate using PASS would depend on a ldap entry not existing with your current nick/ident. Instead, use username provided in PASS and then fallback to nick/ident. --- src/modules/extra/m_ldapauth.cpp | 47 +++++++++++++++------------------------- 1 file changed, 18 insertions(+), 29 deletions(-) diff --git a/src/modules/extra/m_ldapauth.cpp b/src/modules/extra/m_ldapauth.cpp index 6c765fb2e..405bab082 100644 --- a/src/modules/extra/m_ldapauth.cpp +++ b/src/modules/extra/m_ldapauth.cpp @@ -310,36 +310,25 @@ public: } RAIILDAPMessage msg; - std::string what = (attribute + "=" + (useusername ? user->ident : user->nick)); - if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS) + std::string what; + std::string::size_type pos = user->password.find(':'); + // If a username is provided in PASS, use it, othewrise user their nick or ident + if (pos != std::string::npos) { - // Do a second search, based on password, if it contains a : - // That is, PASS : will work. - size_t pos = user->password.find(":"); - if (pos != std::string::npos) - { - // manpage says we must deallocate regardless of success or failure - // since we're about to do another query (and reset msg), first - // free the old one. - msg.dealloc(); - - std::string cutpassword = user->password.substr(0, pos); - res = ldap_search_ext_s(conn, base.c_str(), searchscope, cutpassword.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg); - - if (res == LDAP_SUCCESS) - { - // Trim the user: prefix, leaving just 'pass' for later password check - user->password = user->password.substr(pos + 1); - } - } + what = (attribute + "=" + user->password.substr(0, pos)); - // It may have found based on user:pass check above. - if (res != LDAP_SUCCESS) - { - if (verbose) - ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (LDAP search failed: %s)", user->GetFullRealHost().c_str(), ldap_err2string(res)); - return false; - } + // Trim the user: prefix, leaving just 'pass' for later password check + user->password = user->password.substr(pos + 1); + } + else + { + what = (attribute + "=" + (useusername ? user->ident : user->nick)); + } + if ((res = ldap_search_ext_s(conn, base.c_str(), searchscope, what.c_str(), NULL, 0, NULL, NULL, NULL, 0, &msg)) != LDAP_SUCCESS) + { + if (verbose) + ServerInstance->SNO->WriteToSnoMask('c', "Forbidden connection from %s (LDAP search failed: %s)", user->GetFullRealHost().c_str(), ldap_err2string(res)); + return false; } if (ldap_count_entries(conn, msg) > 1) { @@ -404,7 +393,7 @@ public: std::string dnPart; while (stream.GetToken(dnPart)) { - std::string::size_type pos = dnPart.find('='); + pos = dnPart.find('='); if (pos == std::string::npos) // malformed continue; -- cgit v1.2.3 From c51f6dea7904beb2615cc034a9ce01d7d75b6c29 Mon Sep 17 00:00:00 2001 From: Adam Date: Mon, 20 Mar 2017 09:38:46 -0400 Subject: modules.conf.example: document useusername in ldapauth --- docs/conf/modules.conf.example | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index acafb327c..d3cd2b537 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1009,7 +1009,8 @@ # binddn="cn=Manager,dc=brainbox,dc=cc" # # bindauth="mysecretpass" # # verbose="yes" # -# host="$uid.$ou.inspircd.org"> # +# host="$uid.$ou.inspircd.org" # +# useusername="no"> # # # # # # # @@ -1021,6 +1022,10 @@ # The attribute value indicates the attribute which is used to locate # # a user account by name. On POSIX systems this is usually 'uid'. # # # +# The useusername setting chooses whether the user's username or # +# nickname is used when locating a user account, if a username isn't # +# provided in PASS. # +# # # The server parameter indicates the LDAP server to connect to. The # # ldap:// style scheme before the hostname proper is MANDATORY. # # # -- cgit v1.2.3 From ce7ddb1fe7a44baf5c4ae5f10535d1801235fabb Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Fri, 7 Apr 2017 15:53:12 +0100 Subject: Update securelist exception list. - Add an exception for IRC-Source. - Remove an exception for SearchIRC. - Remove an old exception for netsplit. --- docs/conf/modules.conf.example | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index d3cd2b537..c05dad38c 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1599,13 +1599,12 @@ # #-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Securelist can be harmful to some IRC search engines such as # -# netsplit.de and searchirc.com. To prevent securelist blocking these # -# sites from listing, define exception tags as shown below: # -# +# Securelist can be harmful to some IRC search engines. To prevent # +# securelist blocking these sites from listing, define exception tags # +# as shown below: # # -# # +# # # # Define the following variable to change how long a user must wait # # before issuing a LIST. If not defined, defaults to 60 seconds. # -- cgit v1.2.3 From 1d9903aaeb4f88ac3c13b95e92073233fc259a3c Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Tue, 11 Apr 2017 20:55:41 +0100 Subject: Clarify that m_sslmodes depends on m_sslinfo. --- docs/conf/modules.conf.example | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index d3cd2b537..bbbe90cc8 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1702,7 +1702,8 @@ # SSL channel mode module: Adds support for SSL-only channels via # channel mode +z and the 'z' extban which matches SSL client # certificate fingerprints. -# Does not do anything useful without a working SSL module (see below). +# Does not do anything useful without a working SSL module and the +# m_sslinfo module (see below). # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -- cgit v1.2.3 From f15e2ca435b0a85d32041fbbdba9f09c099c3a41 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Tue, 21 Mar 2017 22:52:12 +0000 Subject: Fix compiler version parsing on GCC 7. GCC 7 may optionally omit the MINOR version number in dumpversion depending on the compiler flags it was built with. --- configure | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/configure b/configure index 0cf165a0a..b380b5700 100755 --- a/configure +++ b/configure @@ -269,10 +269,9 @@ if (defined $opt_cc) { $config{CC} = $opt_cc; } -our $exec = $config{CC} . " -dumpversion | cut -c 1"; -chomp($config{GCCVER} = `$exec`); # Major GCC Version -$exec = $config{CC} . " -dumpversion | cut -c 3"; -chomp($config{GCCMINOR} = `$exec`); +`$config{CC} -dumpversion` =~ /^(\d+)(?:\.(\d+))?/; +$config{GCCVER} = defined $1 ? $1 : ''; +$config{GCCMINOR} = defined $2 ? $2 : '0'; $config{MAXBUF} = "512"; # Max buffer size if ($config{HAS_OPENSSL} =~ /^([-[:digit:].]+)(?:[a-z])?(?:\-[a-z][0-9])?/) { @@ -348,10 +347,9 @@ print ($cache_loaded ? "found\n" : "not found\n"); $config{SYSTEM} = lc $^O; print "Checking operating system version... $config{SYSTEM}\n"; -$exec = $config{CC} . " -dumpversion | cut -c 1"; -chomp($config{GCCVER} = `$exec`); # Major GCC Version -$exec = $config{CC} . " -dumpversion | cut -c 3"; -chomp($config{GCCMINOR} = `$exec`); +`$config{CC} -dumpversion` =~ /^(\d+)(?:\.(\d+))?/; +$config{GCCVER} = defined $1 ? $1 : ''; +$config{GCCMINOR} = defined $2 ? $2 : '0'; printf "Checking if stdint.h exists... "; $config{HAS_STDINT} = test_compile('stdint'); @@ -489,8 +487,9 @@ should NOT be used. You should probably specify a newer compiler.\n\n"; } chomp(my $foo = `$config{CC} -dumpversion | cut -c 1`); if ($foo ne "") { - chomp($config{GCCVER} = `$config{CC} -dumpversion | cut -c 1`); # we must redo these if we change compilers - chomp($config{GCCMINOR} = `$config{CC} -dumpversion | cut -c 3`); + `$config{CC} -dumpversion` =~ /^(\d+)(?:\.(\d+))?/; + $config{GCCVER} = defined $1 ? $1 : ''; + $config{GCCMINOR} = defined $2 ? $2 : '0'; print "Queried compiler: \e[1;32m$config{CC}\e[0m (version \e[1;32m$config{GCCVER}.$config{GCCMINOR}\e[0m)\n"; if ($config{GCCVER} < 3) { print "\e[1;32mGCC 2.x WILL NOT WORK!\e[0m. Let's try that again, shall we?\n"; -- cgit v1.2.3 From 5c6143a56378cdd7f4e342fa815a038f4c2fa6af Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Fri, 14 Apr 2017 15:40:24 +0100 Subject: Warn when a user configures a permanent channel without +P. --- src/modules/m_permchannels.cpp | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/modules/m_permchannels.cpp b/src/modules/m_permchannels.cpp index e86b3cbf6..74a798356 100644 --- a/src/modules/m_permchannels.cpp +++ b/src/modules/m_permchannels.cpp @@ -298,6 +298,12 @@ public: ServerInstance->Logs->Log("m_permchannels", DEBUG, "Added %s with topic %s", channel.c_str(), topic.c_str()); + if (modes.find('P') == std::string::npos) + { + ServerInstance->Logs->Log("m_permchannels", DEFAULT, "%s (%s) does not have +P set in ; it will be deleted when empty!", + c->name.c_str(), tag->getTagLocation().c_str()); + } + if (modes.empty()) continue; -- cgit v1.2.3 From 78b691e113e7e48fca0eb918591a17437fa0b96d Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Thu, 27 Apr 2017 02:52:51 +0100 Subject: Fix WEBIRC not rejecting invalid IP addresses. --- src/modules/m_cgiirc.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index cce2e7855..d26c0bca1 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -73,6 +73,7 @@ class CommandWebirc : public Command realhost("cgiirc_realhost", Creator), realip("cgiirc_realip", Creator), webirc_hostname("cgiirc_webirc_hostname", Creator), webirc_ip("cgiirc_webirc_ip", Creator) { + allow_empty_last_param = false; works_before_reg = true; this->syntax = "password client hostname ip"; } @@ -81,6 +82,13 @@ class CommandWebirc : public Command if(user->registered == REG_ALL) return CMD_FAILURE; + irc::sockets::sockaddrs ipaddr; + if (!irc::sockets::aptosa(parameters[3], 0, ipaddr)) + { + ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC but gave an invalid IP address.", user->GetFullRealHost().c_str()); + return CMD_FAILURE; + } + for(CGIHostlist::iterator iter = Hosts.begin(); iter != Hosts.end(); iter++) { if(InspIRCd::Match(user->host, iter->hostmask, ascii_case_insensitive_map) || InspIRCd::MatchCIDR(user->GetIPString(), iter->hostmask, ascii_case_insensitive_map)) -- cgit v1.2.3 From fefb6235cd8398408f92f93b9009718b6bed4cd7 Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Thu, 27 Apr 2017 02:56:59 +0100 Subject: Penalise clients that use WEBIRC incorrectly. --- src/modules/m_cgiirc.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index d26c0bca1..09f6a4659 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -85,6 +85,7 @@ class CommandWebirc : public Command irc::sockets::sockaddrs ipaddr; if (!irc::sockets::aptosa(parameters[3], 0, ipaddr)) { + IS_LOCAL(user)->CommandFloodPenalty += 5000; ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC but gave an invalid IP address.", user->GetFullRealHost().c_str()); return CMD_FAILURE; } @@ -116,6 +117,7 @@ class CommandWebirc : public Command } } + IS_LOCAL(user)->CommandFloodPenalty += 5000; ServerInstance->SNO->WriteGlobalSno('a', "Connecting user %s tried to use WEBIRC, but didn't match any configured webirc blocks.", user->GetFullRealHost().c_str()); return CMD_FAILURE; } -- cgit v1.2.3 From 1daaf3b84d87e543ee43c2f8b9b3cd0a02787424 Mon Sep 17 00:00:00 2001 From: Adam Date: Tue, 9 May 2017 18:37:23 -0400 Subject: win: set CMAKE_INSTALL_SYSTEM_RUNTIME_DESTINATION to . so the runtime libraries are not placed in bin --- win/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/win/CMakeLists.txt b/win/CMakeLists.txt index 10653cf74..7be08a3fc 100644 --- a/win/CMakeLists.txt +++ b/win/CMakeLists.txt @@ -85,6 +85,7 @@ file(MAKE_DIRECTORY ${LOG_PATH}) install(DIRECTORY ${LOG_PATH} DESTINATION .) if(EXISTS "${CMAKE_ROOT}/Modules/CPack.cmake") + set(CMAKE_INSTALL_SYSTEM_RUNTIME_DESTINATION ".") # place runtime libraries next to InspIRCd binary include(InstallRequiredSystemLibraries) set(CPACK_PACKAGE_NAME "InspIRCd IRC Daemon") -- cgit v1.2.3 From 0c66cc2c71ea9f2f5c926d8aeb2a8eb8e94c1c10 Mon Sep 17 00:00:00 2001 From: Adam Date: Thu, 11 May 2017 08:47:46 -0400 Subject: m_sakick: remove unused "Unable to kick" notice This has never worked due to the channel lookup using the user's nick --- src/modules/m_sakick.cpp | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/modules/m_sakick.cpp b/src/modules/m_sakick.cpp index 7dfcd8904..afca49e25 100644 --- a/src/modules/m_sakick.cpp +++ b/src/modules/m_sakick.cpp @@ -63,14 +63,6 @@ class CommandSakick : public Command if (IS_LOCAL(dest)) { channel->KickUser(ServerInstance->FakeClient, dest, reason); - - Channel *n = ServerInstance->FindChan(parameters[1]); - if (n && n->HasUser(dest)) - { - /* Sort-of-bug: If the command was issued remotely, this message won't be sent */ - user->WriteServ("NOTICE %s :*** Unable to kick %s from %s", user->nick.c_str(), dest->nick.c_str(), parameters[0].c_str()); - return CMD_FAILURE; - } } if (IS_LOCAL(user)) -- cgit v1.2.3 From fdef8ca80ab6822a8f2b0fa5ca178503109cba9a Mon Sep 17 00:00:00 2001 From: Peter Powell Date: Tue, 16 May 2017 17:40:16 +0100 Subject: Fix ModuleManager not being able to find make::configure. --- modulemanager | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/modulemanager b/modulemanager index b107f2c1f..42566d3b1 100755 --- a/modulemanager +++ b/modulemanager @@ -22,10 +22,15 @@ use strict; use warnings FATAL => qw(all); -use make::configure; - BEGIN { + require 5.8.0; push @INC, '.'; +} + +BEGIN { + # HACK: for some reason this needs to be in a second BEGIN block + # or it doesn't receive the updated @INC from above. + use make::configure; unless (module_installed("LWP::Simple")) { die "Your system is missing the LWP::Simple Perl module!"; } -- cgit v1.2.3 From 692865acd58c9a475db1fdf4d419188325cd2182 Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 7 Sep 2016 16:08:28 -0400 Subject: m_cloaking: don't apply cloak to already cloaked users during registration This can happen if services set a vhost during registration (like with SASL) --- src/modules/m_cloaking.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 1bf99f919..f4cfdb54f 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -96,6 +96,10 @@ class CloakUser : public ModeHandler if (adding) { + // assume this is more correct + if (user->registered != REG_ALL && user->host != user->dhost) + return MODEACTION_DENY; + std::string* cloak = ext.get(user); if (!cloak) -- cgit v1.2.3 From a92b6b7af463135ed5f84f0ed640b9416db684ef Mon Sep 17 00:00:00 2001 From: Adam Date: Wed, 17 May 2017 20:10:51 -0400 Subject: m_override: fix parentheses compiler warning --- src/modules/m_override.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/m_override.cpp b/src/modules/m_override.cpp index 2c2d6a3a2..3266d3eb0 100644 --- a/src/modules/m_override.cpp +++ b/src/modules/m_override.cpp @@ -102,7 +102,7 @@ class ModuleOverride : public Module { // If the kicker's status is less than the target's, or the kicker's status is less than or equal to voice if ((memb->chan->GetPrefixValue(source) < memb->getRank()) || (memb->chan->GetPrefixValue(source) <= VOICE_VALUE) || - (memb->chan->GetPrefixValue(source) == HALFOP_VALUE) && (memb->getRank() == HALFOP_VALUE)) + (memb->chan->GetPrefixValue(source) == HALFOP_VALUE && memb->getRank() == HALFOP_VALUE)) { ServerInstance->SNO->WriteGlobalSno('v',source->nick+" used oper override to kick "+memb->user->nick+" on "+memb->chan->name+" ("+reason+")"); return MOD_RES_ALLOW; -- cgit v1.2.3 From b7facc2474ff5fb229c66ed130ed67207620f55d Mon Sep 17 00:00:00 2001 From: Adam Date: Thu, 18 May 2017 08:35:22 -0400 Subject: Release v2.0.24 --- src/version.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/version.sh b/src/version.sh index 74a583759..2025a4810 100755 --- a/src/version.sh +++ b/src/version.sh @@ -1,2 +1,2 @@ #!/bin/sh -echo "InspIRCd-2.0.23" +echo "InspIRCd-2.0.24" -- cgit v1.2.3