Commit Briefs
ngIRCd release 19 (tags/rel-19)
Merge branch 'master' of /srv/git/ngircd
* 'master' of /srv/git/ngircd: Update doc/Platforms.txt for ngIRCd 19 doc/README-Interix.txt: note that GNU make should be used
Fix C syntax: duplicate ";;" should be ";"
Using gcc 2.7.2, this fixes: irc-channel.c: In function `join_allowed': irc-channel.c:86: parse error before `const'
Correctly re-open syslog logging after reading of configuration
Syslog logging has been initialized before reading the configuraton file, so ngIRCd always used the default facility and ignored the "SyslogFacility" configuration option. Thanks to Patrik Schindler for reporting this issue!
ngIRCd release 19~rc1 (tags/rel-19-rc1)
Fix forwarding of LIST commands
Bug reported by Cahata, thanks!
New_Connection(): don't set the client hostname twice
Setting the hostname twice doesn't do much harm a lot, but isn't elegant. And for IPv6 addresses, it isn't correct the first time (missing []) ...
io: remove outer do {} while loops for epoll/kqueue/devpoll backends
simplifies things a bit. io_dispatch() is called repeatedly from the main loop.
Enhance server command limits
This patch updates the limits for handling commands from a remote server: - "<user count> / 5 + <min>" using "<min>=10" during normal operation, - the above count multiplied with 5 while servers are syncing. The intention is to a) make the limit dependent of the number of users in the network (the more users, the more commands required to sync) and b) to significantly rise this limit while servers are joining the network to make the login and synchronization faster.
Send a PING at the end of the server sync to detect it
At the end of sending all "state" to the remote server, a PING command is sent to request a PONG reply. Until then, no "regual" PING was sent, so Conn_LastPing(<connection>) is null and now becomes non-null in the PONG command handler. So the servers are still synchronizing when Conn_LastPing(<connection>) is 0, which could easily be tested.
RPL_ISUPPORT_MSG(005): add "EXCEPTS=e INVEX=I"
Thanks to Cahata for the idea!
Fix "MAXLIST=beI:50": the limit is the sum of all lists
"Modes which are specified in the same pair share the same maximum size", so "beI:50" means a total of 50 entries, regardless of the list. See <http://www.irc.org/tech_docs/draft-brocklesby-irc-isupport-03.txt>, thanks to Cahata for reporting this!
New RPL_WHOISHOST_MSG(378): show hostname and IP address
The numeric RPL_WHOISHOST_MSG(378) returns the DNS hostname (if available) and the IP address of a client in the WHOIS reply. Only the user itself and local IRC operators get this numeric.
Check G/K-Lines before the client has been registered, too
This allows to use "*!<user>@<host>" or "*!*@<host>" masks to reject clients even before receiving PASS, NICK and USER commands and before forking authentication child processes which reduces resource usage.
Streamline handling of connection rejects (bad password, G/K-line)
- Use Client_Reject(), get rid of Reject_Client(). - Refactor Class_IsMember() to Class_GetMemberReason(), - New function Class_HandleServerBans().
Implement channel exception list (mode 'e')
This allows a channel operator to define exception masks that allow users to join the channel even when a "ban" would match and prevent them from joining: the exception list (e) overrides the ban list (b).
PRIVMSG/NOTICE: handle nick!user@host masks case-insensitive
And enhance our test suite to check this a little bit better :-)
PRIVMSG/NOTICE: don't stop list processing on invalid target
Process further targets, even if one has been a server ID: just skip this one with an error message and continue.
Implement user mode 'C': require "same channel" to send message
If the target user of a PRIVMSG or NOTICE command has the user mode 'C' set, it is required that both sender and receiver are on the same channel. This prevents private flooding by completely unknown clients.
Limit channel invite and ban lists to 50 entries
- New function Lists_Count(). - New limit #define MAX_HNDL_CHANNEL_LISTS = 50. - New numeric #define ERR_LISTFULL_MSG(478). - Adjust numeric RPL_ISUPPORT2_MSG(005) accordingly ("MAXLIST")
Remove unused prototype of Lists_AlreadyRegistered()
This prototype has been introduced by commit fa7bb279 in 2006, but as far as I can see, this function never existed ...
Channel lists: Fix duplicate check and error messages
- Check correct list for duplicates when adding items. - Don't generate any messages when adding duplicates or removing non-existing items (this is how ircd-seven and ircu behave). - Code cleanup: Add_Ban_Invite(), Del_Ban_Invite().
Don't stop join handling on faulty channel, skip it (part #2)
Commit 565523cb allowed processing of further channel names given to the JOIN command when a single name was invalid. After this patch, the JOIN command handler continues to process channel name lists even after errors like "channel is full", "too many channels", and the like and generates appropriate error messages for all the channels given by the client.
JOIN command: don't check channel limit if already member
Don't check the channel limit and don't report "too many channels" when trying to join a channel that the client is already a member of.
Return ERR_UNKNOWNMODE(472) for unknown channel modes
The daemon reported ERR_UMODEUNKNOWNFLAG(501), which is wrong.
Limit list replies of LIST, WHO, WHOIS, and MAX_RPL_WHOWAS
Introduce new #define's MAX_RPL_LIST(100), MAX_RPL_WHO(25), MAX_RPL_WHOIS(10), and MAX_RPL_WHOWAS(25).
New function IRC_CheckListTooBig() to check size of list replies
It the limit is reached, a NOTICE is sent to the client and list processing should stop.
DEFAULT_WHOWAS->DEF_RPL_WHOWAS; MAX_CMODES_ARG->MAX_HNDL_MODES_ARG
To streamline naming, in preparation for MAX_RPL_WHO and MAX_RPL_WHOWAS :-)
RPL_ISUPPORT (numeric 005): Report MODES=<MAX_CMODES_ARG>
"Maximum number of channel modes with parameter allowed per MODE command." See <http://www.irc.org/tech_docs/005.html> for details.
Channel modes: really break handling when MAX_CMODES_ARG is hit
This fixes 98493077.
channel modes: only handle MAX_CMODES_ARG modes with arguments
Limit the MODE command to handle a maximum of MAX_CMODES_ARG (5) channel modes that require an argument (+Ibkl) per call. Please note: Further modes that require arguments are silently ignored and end the handling of any further modes. This is similar to the behavior of ircd2.11 (silently ignores but seems to handle other modes) as well as ircd-seven (silently ignores but handles some(!) other modes) ...
Fix handling of channel mode sequence with/without arguments
For example, don't generate wrong error messages when handling "MODE #chan +IIIIItn *!aa@b *!bb@c *!cc@d *!dd@e *!ee@f".
Conn_Write(): Make sure there is a client when detecting its type
The assert(client != NULL) got triggered during our tests, so there is an error path that resulted in the connection being still established (sock >= 0) but the client structure already freed. So Conn_Write() should handle it!
Proc_Close(): Only close socket if it is still valid
It could be invalid when calling Proc_Close() a 2nd time, for exmaple, which could happen when we hit a timeout doing IDENT requests :-(
WHOIS command: make sure matching is case-insensitive
And make sure that RPL_ENDOFWHOIS replies with the unmodified mask like it has been received from the client.
WHOIS command: don't anser queries for IRC servers
Thanks to Cahata for spotting this!
WHOIS command: make sure the reply ends with RPL_ENDOFWHOIS
Up to now, each reply for itself ended in RPL_ENDOFWHOIS and queries for unknown nick names lacked the RPL_ENDOFWHOIS -- both is wrong.
LINKS command: support <mask> parameter
The <mask> can be used to limit the servers shown in the listing.
Add 1 second penalty for every further target on PRIVMSG/NOTICE
This reduces the possibility of flooding channels with commands like "PRIVMSG/NOTICE #a,#n,#c,... :message" a little bit. Problem noticed by Cahata -- thanks!
Conn_SetPenalty(): Add new "penalty time" on each function call
Until now, the penalty time has only been set when longer as the already set one, so it didn't accumulate. And add documentation for and clean up code in Conn_SetPenalty() and Conn_ResetPenalty() functions.
Display correct error message when "Server{UID|GID}" is invalid
This partly closes bug #118. ngIRCd still starts up even when Server{UID|GID} is invalid: then the daemon falls back to "nobody" when running with root(0) privileges (as before).
lists: don't crash if reason ptr is NULL
commit 15fec92ed75c3de0b32c40d005e93e3f61aef77e (Update list item, if it already exists) can make ngircd crash because 'Reason' can be NULL, as reported by Cahata on the ngircd mailing list. Doesn't affect any released ngircd versions. Also, make sure that we do not pass NULL as arguments to a '%s' printf-like function.
Don't stop join handling on faulty channel, skip it
When JOIN is received with more than one channel name, don't stop processing on the first error (e.g. bad name, wrong channel key, ...) but report an error and continue with the other given channel names. Reported by Cahata -- thanks!
ISON command: reply with correct upper-/lowercase nick names
Reported by Cahata -- thanks!
Remove unused "bool have_arg" from IRC_WHO()
This fixes: irc-info.c: In function ‘IRC_WHO’: irc-info:936:18: warning: variable ‘have_arg’ set but not used
New configuration option "PAMIsOptional"
When "PAMIsOptional" is set, clients not sending a password are still allowed to connect: they won't become "identified" and keep the "~" character prepended to their supplied user name.
PAM: don't use global password buffer for conv struct
Use the pointer of the password of the client directly. Eventually we can get rid of the global password again ...
doc/Modes.txt: document channel mode "r"
And make clear, that user mode "r" and channel mode "r" are not set by ngIRCd itself but by IRC services.
Fixed handling of WHO commands
This fixes two bugs: - "WHO <nick>" returned nothing at all if the user was "+i" (reported by Cahata, thanks). - "WHO <nick|nickmask>" returned channel names instead of "*" when the user was member of a (visible) channel. Clean up code and add documentation as well.
Remove unused "time_t now" from Lists_Check()
This fixes: lists.c: In function ‘Lists_Check’: lists.c:330:9: warning: variable ‘now’ set but not used
Fixed some spelling errors in documentation and code comments
Thanks to Christoph Biedl!
Update our Debian package descriptions with "official" ones
See Debian Bug #648241 for details.
Fixed typo in two error messages
Thanks to Christoph Biedl!
LUSERS reply: only count "visible" channels
Rename Channel_Count() to Channel_CountVisible() and only count channels that are visible to the requesting client, so the existence of secret channels is no longer revealed by using LUSERS. Reported by Cahata -- thanks!
Don't stop mode handling on unknown modes; skip it
Unknown user and channel modes no longer stop the mode parser, but are simply ignored. Therefore modes after the unknown one are now handled. This is how ircd2.10/ircd2.11/ircd-seven behave, at least. Reported by Cahata -- thanks!
IRC_xLINE(): output an error message for unexpected "lines"
This fixes: irc-oper.c: In function ‘IRC_xLINE’: irc-oper.c:429: warning: ‘class’ may be used uninitialized in this function irc-oper.c:430: warning: ‘class_c’ may be used uninitialized in this function
Update list item, if it already exists
This updates the "validity" (timeout) as well as the "reason" text, if given.
Lists_CheckDupeMask(): return pointer to already existing item
The old behavior of returning true/false is compatible to this change, so there are no other code changes required.
New functions Lists_Expire() and Class_Expire()
GLINE and KLINE lists are cleared automatically now, not when they are checked. So "STATS g" and "STATS k" no longer show expired entries :-)
Op_Check(): return client that initiated the request or NULL
The old behavior of returning true/false is compatible to this change, so there are no other code changes required.
List and class handling: add optional "reason" text
Adjust Lists_Add() and Class_AddMask() accordingly, implement Lists_GetReason() and Lists_GetValidity().
Add new class.{c|h} to project
Implement Class_{AddMask|DeleteMask|IsMember}() functions.
Lists: change "only once" property into "valid until"
The old "only once" true/false behavior is still supported, so there are no other code changes required.
define HAVE_GAI_STRERROR for Mac OS X Xcode builds
On Mac OS X 10.7 Lion, this fixes In file included from .../contrib/MacOSX/../../src/ngircd/client.c:28: /Developer/SDKs/MacOSX10.7.sdk/usr/include/netdb.h:272:13: error: expected identifier or '('
Configuration: get rid of Conf_Oper_Count and Conf_Channel_Count
Count elements dynamically when needed.
./configure: Fix logic and quoting of poll() detection code
This fixes commit 8e193df ...
Suppress 'Can't create pre-defined channel: invalid name: ""' messages
Skip predefined channel structures that have configured no name, like the "--configtest" does.
Not only check for poll(), make sure poll.h exists as well
This fixes building ngIRCd on Debian GNU/Linux 1.3 "Bo" :-)
whois-test: handle local hostname = "localhost.localdomain"
Use the pattern "localhost*" for valid local hostnames.
sample-ngircd.conf: show correct default for "PAM" variable
The default of "PAM" is "yes" when ngIRCd has been configured to use it, so show the correct default value in the sample configuration file. Closes #119.
Update GPL 2 license text to current version
See <http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt>.
Test for gai_strerror()
If gai_strerror() isn't available, use a macro that simply returns a static error message (regardless of the real error code). For example, GNU libc 2.0.7 doesn't implement gai_strerror().
Only use AI_NUMERICHOST if it is #define'd
It isn't using GNU libc 2.0.7, for example ...
defines.h: fix comment: "lenth" -> "length"
Reported by Christoph Biedl in #ngircd. Thanks!
Init_Server_Struct(): correctly zero Server->bind_addr
Don't use the size of the pointer, use the size of the variable!
Clean up and fix comments of Check_ArgIsTrue()
Thanks to kaFux for pointing this out! And fix code formatting as well ...
Only close "unrelated" sockets in forked child processes
This fixes the problem that ngIRCd can't do any IDENT lookups because of the socket has already been closed in the child process. The bug has been introduced starting with ngIRCd 17 ... :-( (commit ID 6ebb31ab35e)
Implemented user mode "R" and channel mode "R"
- User mode "R": indicates that the nick name of this user is "registered". This mode isn't handled by ngIRCd itself, but must be set and unset by IRC services like Anope. - Channel mode "R": only registered users (having the user mode "R" set) are allowed to join this channel.
Use Proc_Close() to remove no longer unused pipes to child processes
This removes spurious (but harmless) debug messages.
Introduce DEBUG_BUFFER, rework some debug messages
DEBUG_BUFFER is off by default and therefore disables these messages: - "Handle_Write() called for connection XX, YY bytes pending ..." - "Connection XX: ZZ bytes left in read buffer."
doc/Platforms.txt: ngIRCd 18 on Nexenta works
Thanks to Götz Hoffart for testing!
Merge branch 'ServerMode'
* ServerMode: Handle channel user modes 'a', 'h', and 'q' from remote servers Handle unknown channel modes on server links Handle unknown user modes on server links IRC_MODE(), Client_Mode(): code cleanup [2/2] Enlarge client user mode buffer, reduce client flags buffer Infom clients when other servers change their user modes IRC_MODE(), Client_Mode(): code cleanup [1/2]
Merge branch 'bug113-SrvPrefix'
* bug113-SrvPrefix: Slightly change (and document!) IRC_KILL() calling convention Spoofed prefixes: close connection on non-server links only
Handle channel user modes 'a', 'h', and 'q' from remote servers
These channel user modes aren't used for anything at the moment, but ngIRCd knows that these three modes are "channel user modes" and not "channel modes", that is that these modes take an "nick name" argument. Like unknown user and channel modes, these modes are saved and forwarded, but ignored otherwise.
Xcode: update project file to Xcode 3.2 or newer
Xcode requires Mac OS X 10.6 or newer; Xcode 4 supports this project format as well, so effectively you can use Mac OS X 10.6.x or 10.7.x for building ngIRCd with the Apple Xcode IDE.
Spoofed prefixes: close connection on non-server links only
On server-links, spoofed prefixes can happen because of the asynchronous nature of the IRC protocol. So don't break server-links, only log a message and ignore the command. This fixes bug 113, see: <https://arthur.barton.de/bugzilla/show_bug.cgi?id=113>
Cast getpid() and time() results for srand() input
This fixes: src/ngircd/ngircd.c:596: warning: implicit conversion shortens 64-bit value into a 32-bit value (i686-apple-darwin11-llvm-gcc-4.2)
Enlarge client user mode buffer, reduce client flags buffer
We have to enlage our user mode buffer, so we can handle even unknown user modes in the future; and reduce the client flags buffer, because I can't imagine why we ever would need ~100 flags!? Now we support up to 15 user modes (was: 8) and up to 15 flags (was: 99). So in the end, we even save 99-15+8-15=77 bytes for each client structure!
ngIRCd release 18 (tags/rel-18)
IRC_QUIT(): disconnect directly linked servers sending QUIT
Without this patch, the server becomes removed from the network and the client structures, but the connection isn't shut down at all ...
Testsuite: make getpid.sh work even when run as root
Use ps(1) flag "-a" (as well as "-f"): "Select all processes except both session leaders (see getsid(2)) and processes not associated with a terminal." Thanks to Götz Hoffart for reporting this problem!
MorePrivacy: Don't register WHOWAS information
Citing an email from Florian to the ngIRCd mailing list: "I wonder what the expected behaviour is when Conf_MorePrivacy is changed from 'yes' to 'no' and the config is reloaded. At the moment, WHOWAS will start giving out information on Users that were connected during Conf_MorePrivacy=yes period. If this is not wanted, Client_RegisterWhowas() should be changed to not store a record when Conf_MorePrivacy is enabled." And I think it is "not wanted" :-)
Add preliminary ngIRCd protocol module for Anope 1.9
See contrib/Anope/README and doc/Services.txt for more details and installation instructions!
ngIRCd release 18~rc2 (tags/rel-18-rc2)
GnuTLS: use 1024 (DH_BITS_MIN) as minimum size of the DH prime
For outgoing connections, we use 2048 (DH_BITS) since commit 49b2d0e. This patch enables ngIRCd to accept incoming connections from other servers and clients that use at least 1024 bits (and no longer requires 2048 for incoming connections, too). Patch proposed by Florian Westphal.
ngIRCd release 18~rc1 (tags/rel-18-rc1)
hash: use more recent lookup3 algorithm instead of lookup2
Bob Jenkins published a newer hash function in May 2006, it has better distribution. See http://burtleburtle.net/bob/hash/doobs.html for lengthy comparisions.
Merge branch 'MorePrivacy'
* MorePrivacy: New configuration opion "MorePrivacy" to "censor" some user information
New configuration opion "MorePrivacy" to "censor" some user information
this patch contains: * Fix for Conf_CloakUserToNick to make it conceal user details * Adds MorePrivacy-feature MorePrivacy censors some user information from being reported by the server. Signon time and idle time is censored. Part and quit messages are made to look the same. WHOWAS requests are silently dropped. All of this is useful if one wish to conceal users that access the ngircd servers from TOR or I2P.
Merge branch 'ScrubCTCP'
* ScrubCTCP: Add documentation for "ScrubCTCP" configuration option New option to scrub incoming CTCP commands
Merge branch 'newconfig'
* newconfig: sample-ngircd.conf: "SyslogFacility" should be commented out Move SSL-related configuration variables to new [SSL] section CheckFileReadable(): only check when a filename is given ... PAM: make clear which "Password" config option is ignored Really remove [Features] in our manual pages INSTALL: document changed location of configuration variables Update sample config file and manual page for new config structure Testsuite: update configuration files for new config file format Display configuration errors more prominent on "--configtest" conf.c: code cleanup Check for redability of SSL-related files like for MOTD file Restructure ngIRCd configuration, introduce [Limits] and [Options]
New option to scrub incoming CTCP commands
This patch makes it possible to scrub incomming CTCP commands from other servers and clients alike. The ngircd oper can enable it from the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is default off. CTCP can be used to profile IRC users (get user clients name and version, and also their IP addresses). This is not something we like to happen when user pseudonymity/secrecy is important. The server silently drops incomming CTCP requests from both other servers and from users. The server that scrubs CTCP will not forward the CTCP requests to other servers in the network either, which can spell trouble if not every oper knows about the CTCP-scrubbing. Scrubbing CTCP commands also means that it is not possible to send files between users. There is one exception to the CTCP scrubbing performed: ACTION ("/me commands") requests are not scrubbed. ACTION is not dangerous to users (unless they use OTR, which does not encrypt CTCP requests) and most users would be confused if they were just dropped. A CTCP request looks like this: ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.) They are sent as part of a message and can be delivered to channels and users alike.
conn: fix error handling when connecting to server
The io_event_create error handling seems to miss a 'return' statement. Fix this by moving io_event_create() call around so we do not need the Conn_Close/Init calls in the error case.
ssl: gnutls: bump dh bitsize to 2048
problem is that some clients refuse to connect to severs that only offer 1024. For interoperability it would be best to just use 4096, but that takes minutes, even on current hardware.
Check for redability of SSL-related files like for MOTD file
Remove functions ssl_print_configvar() and ConfSSL_Puts(), introduce new function CheckFileReadable().
Mac OS X: split up make targets
New targets are: "have-packagemaker", "osxpkg-dest"
Restructure ngIRCd configuration, introduce [Limits] and [Options]
The intention of this restructuring is to make the [Global] section much cleaner, so that it only contains variables that most installations must adjust to the local requirements. All the optional variables are moved to [Limits], for configurable limits and timers of ngIRCd, and [Options], for optional features. The old variables in the [Global] section are deprecated now, but still recognized.
fix clang warning about dead stores
clang 'scan-build': Value stored to 'r' is never read Value stored to 'fd' is never read
contrib/platformtest.sh: fix gcc version detection
Now the version of GNU C is detected correctly on SuSE Linux, too ...
parse: fix logical expression testing for non RFC1459 links
parse.c:284: warning: suggest parentheses around operand of '!' or change '&' to '&&' or '!' to '~' The expression looks dubious, this should probably be an if-not-set, then... test.
conn: avoid needlesly scary 'buffer overflow' messages
When the write buffer space grows too large, ngircd has to disconnect the client to avoid wasting too much memory. ngircd logs this with a scary 'write buffer overflow' message. Change this to a more descriptive wording.
Only require server prefixes on non RFC1459 links
Not all servers (and services!) using the RFC1459 protocol style send prefixes on all commands; so don't require them to do so. This relaxes the requirements introduced by commit 15775e679.
Merge branch 'master' of git://arthur.barton.de/ngircd-alex
* 'master' of git://arthur.barton.de/ngircd-alex: Do reverse lookups using the AF of the incoming connection resolve: fix reverse lookups of client connections with ConnectIPv6=no
Do reverse lookups using the AF of the incoming connection
This fixes errors like this one: Address mismatch: 2001:1234:abcd:1::1 != 192.168.1.1
Mac OS X: install on root volume only, and set correct permissions
Update Mac OS X Installer.app description bundle, so that the ngIRCd package can only be installed on the root volume ("/"); and make sure that all installed files and directories have correct ownership and permissions.
resolve: fix reverse lookups of client connections with ConnectIPv6=no
We re-use the same helper function for both forward lookups (when we want to connect to a peer server) and for validation of reverse loopups (where we make a lookup on the hostname returned by a reverse lookup on the IP address that connected). Problem: When ConnectIPv6=no, the forward lookup helper sets the adderss family to AF_INET, and, if out client connected via ipv6, we fail to validate the result. Thus move the ConnectIPvX check out of the helper.
Add some type casts to random() and srandom() functions
This fixes two gcc warnings (on Mac OS X): "warning: implicit conversion shortens 64-bit value into a 32-bit value"
ngircd: improve rng initialisation
we do not need this for cryptographic purposes, but we can do better than plain srandom(getpid()). Also, keep in mind that rng state is inherited across fork(), so re-init it in the child.
Merge branch 'AuthPing'
* AuthPing: Add documentation for "RequireAuthPing" configuration option New configuration option "RequireAuthPing": PING-PONG on login
Merge branch 'NoticeAuth'
* NoticeAuth: Add documentation for "NoticeAuth" configuration option Configuration: move "NoticeAuth" to GLOBAL section New configuration option "NoticeAuth": send NOTICE AUTH on connect
New configuration option "RequireAuthPing": PING-PONG on login
When enabled, this configuration option lets ngIRCd send a PING with an numeric "token" to clients logging in; and it will not become registered in the network until the client responds with the correct PONG. This is used by QuakeNet for example (ircu/snircd), and looks like this: NICK nick :irc.example.net PING :1858979527 USER user . . :real name PONG 1858979527 :irc.example.net 001 nick :Welcome to the Internet Relay Network ...
New configuration option "NoticeAuth": send NOTICE AUTH on connect
When enabling "NoticeAuth" in the [Features] section, ngircd will send "NOTICE AUTH" messages on client connect like e.g. snircd (QuakeNet) does.
Generate WALLOPS message on SQUIT from IRC operator
So SQUIT now behaves like CONNECT and DISCONNECT commands, when called by an IRC operator (and not received from an other server).
Commands received from other servers must have prefixes
Make sure that all commands received from other servers do have valid prefixes. Only exceptions are PING and ERROR commands that can occure without prefixes when generated by the remote peer itself.
Allow servers to send more commands in the first 10 secods
This helps to speed up server login and network synchronisation.
Handle_GLOBAL(): don't use multi-line strings
They aren't supported by elder C compilers ...
Merge branches 'CloakUserHost', 'QuitOnHTTP' and 'bug72-WHOIS-List'
* CloakUserHost: Add a note not to use a percent sign ("%") in CloakHost variable Rename ClientHost to CloakHost, and ClientUserNick to CloakUserToNick Don't use "the.net" in sample-ngircd.conf, use "example.net" ngircd.conf.5: document "ClientHost" and "ClientUserNick" Move "ClientHost" and "ClientUserNick" to end of [Global] section ClientUserNick setting ClientHost setting * QuitOnHTTP: Only "handle" HTTP commands on unregistered connections Don't use IRC_QUIT_HTTP() if STRICT_RFC is #define'd IRC_QUIT_HTTP(): enhance error message Move IRC_QUIT_HTTP() below IRC_QUIT() quit on HTTP commands: GET & POST * bug72-WHOIS-List: Add "whois-test" to testsuite and distribution archive Add support for up to 3 targets in WHOIS queries.
Add a note not to use a percent sign ("%") in CloakHost variable
The percent sign is reserved for future extensions, for example to expand some variables like %H to a hash value of the real host name ... Idea by kaFux in #ngircd.
Add "whois-test" to testsuite and distribution archive
Test script proposed by Dana Dahlstrom, 2008-02-17. See <https://arthur.barton.de/bugzilla/show_bug.cgi?id=72> ...
Add support for up to 3 targets in WHOIS queries.
also allow up to one wildcard query from local hosts. Follows ircd 2.10 implementation rather than RFC 2812. At most 10 entries are returned per wildcard expansion. WHOIS test cases by Dana Dahlstrom.
Don't use "the.net" in sample-ngircd.conf, use "example.net"
"the.net" is an existing domain of the Texas Higher Education Network ... See RFC 2606.
ngircd.conf.5: describe types of variables
Describe the possible types of variables in ngircd.conf: booleans, text strings, integer numbers. And add type information to each variable description.
channel: always reject zero-length channel key
previously, any client could join in this configuration: [Channel] Name = #test Modes = tnk KeyFile = /tmp/foobar fix this by checking for zero-length key before comparing key to channel key.
PAM-Auth child: log if result can't be reported
This fixes the followin GCC warning on modern Linux systems as well: irc-login.c: In function ‘Hello_User’: irc-login.c:876: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
Updated Doxygen configuration file
Removed unnecessary variables DETAILS_AT_TOP, EXTRACT_PRIVATE, EXTRACT_LOCAL_CLASSES, added SHOW_DIRECTORIES=YES, STRIP_CODE_COMMENTS=NO, REFERENCED_BY_RELATION=YES, REFERENCES_RELATION=YES, HTML_DYNAMIC_SECTIONS=YES and GENERATE_DOCSET=NO; updated PREDEFINED.
Doxygen: remove own header and CSS file
Use the ones of Doxygen instead, this has the advantage that we benefit of new functionality of Doxygen without having to make changes.
Make write buffers bigger, but flush early
This patch - makes the server write buffer bigger: 64k, - makes the regular write buffer bigger: 32k, - tries to flush the write buffer starting at 4K. Before this patch, a client got disconnected if the buffer flushing at 4k failed, now regular clients can store up to 32k and servers up 64k even if flushing is not possible at the moment (e.g. on slow links).
Better check for invalid IRC+ PASS command
Don't do a NULL-pointer dereference when a remote server using the IRC+ protocol sends an invalid PASS command without the required <serverversion> parameter ...
Read_Request(): don't access possibly free'd CLIENT structure
Handle_Buffer() can shut down connections and remove clients, so after calling it, we have to make sure that our CLIENT pointer is still valid.
Log "Can't read MOTD file" as "configuration error"
Now this error message is displayed in the console without debug prefix when running the configuration test (--configtest).
Allow "Port = 0" in [Server] blocks
Port number 0 marks remote servers that try to connect to this daemon, but where this daemon never tries to establis a connection on its own: only incoming connections are allowed.
conf: fix 'Value of "..." is not a number!' for negative values
Don't use isdigit() function any more, because it only checks the first character of the variable value and because it doesn't know about the minus sign which is required e.g. for "Group = -1".
Don't read MOTD file twice
The MOTD file is read in Read_Config(), so don't read it when handling the "MotdFile" configuration variable. Instead make sure that it is initialized properly when (re-)reading the configuration.
Add [Features] section to ngircd-test{1|2}.conf
Fix commit 5a34bb203a: It is not enough to strip the "No" prefix from "Ident" and "PAM", but we have to introduce the new [Features] section to fix all warning messages of ngIRCd. Variables "Ident" and "PAM" in [Global] are completely wrong :-(
Implement channel mode 'O': "IRC operators only"
This channel mode is used on DALnet (bahamut), for example.
TOPIC command: test for channel admin rights correctly
This enables other servers, services and IRC operators to change channel topics, even when the client is not joined to this channel. Now the handler for TOPIC behaves like the one for MODE.
Channel_CheckAdminRights(): test if client can admin a channel
This generic function tests if a client is allowed to do administrative tasks to a specific channel: - servers and services are always truested ("allowed everything"), - channel operators are allowed, - IRC operarors are allowed if OperCanUseMode is set in the config.
conf: fix 'unknown section' FEATURES parse error
pointed out by Alex: ngircd.conf, line 105: Unknown section "[Features]"!
array: remove check for allocated == 0
allocated can only be zero if ->mem is NULL.
array: remove alignment of requested size
libc should know better than us. Also, this helps debugging with tools like valgrind: When you allocate an array of size x, and then erronoulsy use x+1 valgrind cannot detect the bug because due to ALIGN_() made by array.c we might have allocated more than size x...
conf: add missing static qualifier
internal helper, so it should be static. also, add UNUSED to 'Line'.
Update copyright notices for 2010 :)
And update the NEWS and ChangeLog file as well.
config: deprecate NoXX-Options
ngircd unfortunately uses several options using double-negation, e.g. NoIdent = No, NoPam = No, etc. This renames all options by dropping the "No" prefix, e.g. "NoIdent = no" becomes "Ident = yes". The old options will continue to work, but will cause a warning message. Also update man pages and default config. To prevent silly 'Ident = yes' from appearing in --configtest output in the 'ident support not compiled in and Ident Option not used' case, make default value depend on feature availability. If feature is available, enable by default, otherwise disable. We might consider moving these options to a new [Feature] section, or something like that, because none of these options are essential. Another possible improvement: 'Ident = yes' option in ngircd.conf causes a warning if ngircd was built without ident support. This does not happen with e.g. zeroconf....
channel: fix confusing "adding to invite list" debug output
adding entries to ban list produced 'invite list' debug output...
Command throttling: introduce MAX_COMMANDS_SERVICE
New MAX_COMMANDS_SERVICE (currently set to MAX_COMMANDS_SERVER[10]), so that services are handled like servers (and not regular users).
Don't assert() when serching a client for an invalid server token
This is only relevant when a trusted server on a server-server link sends invalid commands.
ngIRCd release 17.1 (tags/rel-17.1)
--configtest: remember if MOTD is configured by file or phrase
Configuration variables "MotdFile" and "MotdPhrase" are mutually exclusive; so don't display content in both of them when running "ngircd --configtest": instead remember which one is beeing used.
Reset ID of outgoing server link on DNS error correctly
Not resetting the ID prevents the daemon from trying to re-establish outgoing server links when the DNS resolver failed to resole a hostname.
Don't log critical (or worse) messages to stderr
stderr isn't redirected to the "error file" any more, so there is no point in trying to log to it ...
Remove "error file" when compiled with debug code enabled
The information written to the "error file" (/tmp/ngircd-<PID>.err) when ngIRCd is compiled with debug code enabled isn't that usefule, so don't create this file at all.
Merge branch 'numeric-329'
* numeric-329: New numeric 329: get channel creation time on "MODE #chan" commands Save channel creation time; new function Channel_CreationTime()
add doc/PAM.txt to distribution tarball
doc/PAM.txt was not included in the release tarball. reported by Christoph Biedl.
ngIRCd release 17 (tags/rel-17)
Fix up generation and distribution of sample-ngircd.conf
- Add generated sample-ngircd.conf to new .gitignore file, - refactor Makefile.am to generate sample-ngircd.conf on "make all", to clean it up on "make clean", and to install it to the correct place. - Make sure path names in sample-ngircd.conf are separated by "/".
ngIRCd Release 17~rc3 (tags/rel-17-rc3)
Fix connect attempts to further IP addresses of outgoing server links
If a hostname resolves to more than one IP address (round-robin DNS, IPv4 and IPv6) and an attempt to connect to the first address fails, ngIRCd should try to connect to the 2nd address, 3rd address etc. But because of a wrong variable used in the call to New_Server(), the wrong server structure has been used in further connection attemps which possibly lead to connection attempts to already connected servers.
Debian: Install default /etc/pam.d/ngircd allowing all logins
This is required for backwards compatibility when installing the -full or -full-dbg package variant: PAM is enabled now but no configuration present, so all login attempts would be denied ... Creating /etc/pam.d/ngircd including "auth required pam_permit.so" restores the old behaviour of allowing all connections.
Xcode builds ("make xcode"): disable pam_fail_delay()
disable pam_fail_delay() only is available starting with Mac OS X 10.6; but we use the 10.5 SDK for campatibility, so don't use this function at all when building using Xcode.
Xcode: update project file, use 10.5.x SDK
This is required for universal 32 bit and 64 bit builds: now code for ppc, i386, and x86_64 is generated (which requires 10.5 or newer).
ngIRCd release 17~rc2 (tags/rel-17-rc2)
Updated contrib/platformtest.sh (new version scheme)
- handle version numbers generated by "git describe" - detect gcc compiler version correctly when "-std=xxx" is used
Generate ngIRCd version number from GIT tag
Now the ngIRCd release/version number is deduced from the "current" annotated GIT tag; see "git describe --help" for details. This is the same scheme the Linux kernel uses and gives much more details version numbers for interim releases and inofficial source archives generated using "make dist". Please note: the version number is only updated it the autogen.sh script is run; so after pulling in and pushing out new commits, you should run ./autogen.sh!
Make sourcecode compatible with ansi2knr again
This allows to compile ngIRCd using a pre-ANSI K&R C compiler again: all source files are automatically converted by the included ansi2knr program (of GNU automake/autoconf) before compiling them with the K&R C compiler, but a few coding standards must be met. Tested on Apple A/UX 3.x. Regression testing on Linux and Mac OS X.
./configure: check if C compiler can compile ISO Standard C
This is required for enabling ansi2knr on systems that don't have an ANSI C compiler installed (e.g. on A/UX with Apple standard C compiler).
Don't use PARAMS() macro for function implementations
The PARAMS() macro is only needed for function prototypes; don't use it for the actual implementations.
Only try to set FD_CLOEXEC if this flag is defined
A/UX 3.x doesn't implement this constant, for example.
Only use "__attribute__ ((unused))" if GCC >=2.8 is used
At least GCC 2.7.2 doesn't support this attribute.
doc/Makefile.am: don¹t set docdir, automake handles it already
And elder make(1) programs don¹t like "x ?= y" ...
ngIRCd release 17~rc1 (tags/rel-17-rc1)
New configuration option "NoZeroConf" to disable ZeroConf registration
If ngIRCd is compiled to register its services using ZeroConf (e.g. using Howl, Avahi or on Mac OS X) this parameter can be used to disable service registration at runtime.
Make sure sighandlers.h is listed in noinst_HEADERS
... because it must be included in the distribution archive :-)
const'ify ngt_SyslogFacilityName() function
This fixes the following gcc compiler warning: tool.c: In function 'ngt_SyslogFacilityName': tool.c:195: warning: return discards qualifiers from pointer target type
New configuration option "SyslogFacility"
The new option "SyslogFacility" deines the syslog "facility" to which ngIRCd should send log messages. Possible values are system dependant, but most probably "auth", "daemon", "user" and "local1" through "local7" are possible values; see syslog(3). Default is "local5" for historical reasons.
New functions ngt_SyslogFacilityName() and ngt_SyslogFacilityID()
These both functions translate syslog facility names to ID numbers and vice versa. On systems that don't define the facilitynames[] array in syslog.h, we try to build one ourself.
Explicitly cast return value of read(2) to "int"
This fixes the following gcc warning, emitted by Xcode: src/ngircd/sighandlers.c: In function 'Signal_Callback': src/ngircd/sighandlers.c:239: warning: implicit conversion shortens 64-bit value into a 32-bit value
Add sighandlers.{c|h} to Xcode project
And update static Mac OS X config.h used by the Xcode project.
Fix signalpipe file descriptor leak on RESTART
Signals_Init() must only be called once. This does not affect any ngircd release version. Earlier version of this patch moved the io and sighandler initialization before the while() loop, but as Alexander Barton noticed that broke all systems without builtin select support in io.c...
sighandlers.{c|h}: Code cleanup
- declare signals_catch[] array not between the function implementations. - rename now local function NGIRCd_Rehash() to Rehash(). - remove empty and therefore not used "catch SIGHUP; break;".
Enable the daemon to dump its internal state in debug-mode.
This patch allows ngIRCd to dump its internal state (connected clients, actual configuration) when compiled with --enable-debug. The daemon catches two more signals: - SIGUSR1: toggle debug mode (on/off), - SIGUSR2: dump internal state to console/syslog.
remove NGIRCd_SignalRehash
now that the main signal handling is done from the dispatcher loop we can call NGIRCD_Rehash() directly. the /REHASH handler can queue the Rehash() function for execution by sending a SIGHUP. It will be run when we return back to the dispatch loop.
Add new 'delayed' signal handlers.
Allows to defer/queue signal processing for execution on the next event dispatch call, i.e. we can perform any signal action in normal, non-signal context. Example uses: - Reload everything on HUP without writing a global "SIGHUP_received" variable - Dump status of internal Lists on SIGUSR1, etc.
ng_ipaddr.h: include assert.h
We use assert() in this header, so we should include assert.h.
Conn_SyncServerStruct(): test all connections; and work case insensitive
Fix synchronization of established connections and configured server structures after a configuration update: - Not only test servers that already have a connection, but also check and update configured servers to which a new connection is beeing established (SERVER_WAIT state). - And do the server name comparision case-insensitive.
Check_Servers(): skip servers already beeing connected
Let CheckServers() not only skip servers that already have a connection, but also skip servers to which a new connection is already beeing established (SERVER_WAIT state).
Don't reset My_Connections[Idx].lastping when reading data
This fixes PING-PONG lag calculation (which resulted in "0" before). The "lastping" time is still reset it if a time shift backwards has been detected to prevent the daemon from miscalculating ping timeouts.
Refactor IRC_WriteStr{Channel|Related}Prefix(); support cloaking
Move common code to new local function Send_Marked_Connections() and respect hostname cloaking.
Implement user mode "x": hostname cloaking (closes: #102)
When a client has user mode "x" set, its real hostname is cloaked by substituting it with the server name (as configured in ngircd.conf). Restricted clients (user mode "r") aren't allowed to change mode "x". Please note that hostname cloaking is only in effect in server-client communication! The server still uses the real hostname for its own logging and for all server-server communication -- therefore all servers in the network must support user mode "x" to prevent older servers from leaking the real hostname of a cloaked client!
WHOWAS: respect hostname cloaking
Store cloaked hostname if user mode "x" is set when the client disconnects from the server.
Implement Client_HostnameCloaked() and Client_MaskCloaked()
These two functions return the cloaked hostname, if the client has enabled hostname cloaking indicated by the -- still to implement -- user mode "x". See furter patches :-)
ngircd: change MOTD file handling
previously, the given MotdFile file was read whenever a client requested it. Change handling to read the MotdFile contents into memory once during config file parsing. Two side effects: - changes to the MOTD file do not have any effect until ngircds configuration is reloaded - MOTD file does no longer have to reside in the chroot directory (the MOTD contents will then not be re-read on reload in that case)
startup: open /dev/null before chroot
before people had to create a /dev/null inside the chroot to make redirection work.
Allow IRC operators to use MODE command on any channel (closes: #100)
This allows IRC operators to change channel modes of ANY channel, even without joining these channels first.
Remove Proc_Kill(), use timeout to kill child processes
This avoids a race and potentionally killing the wrong process on systems that use randomized process IDs; now the child itself is responsible to exit in a timely manner using SIGALRM.
New function Conn_CloseAllSockets() to close all open sockets
This is useful in forked child processes, for example, to make sure that they don't hold connections open that the main process wants to close.
Mark some variables as "unused" to prevent compiler warnings
Some variables are only used when compiling with IDENT or PAM support or when the debug code is enabled. Mark them as "unused" so that gcc doesn't generate warnings when neither of these options is enabled.
New configuration option "NoPAM" to disable PAM
When the "NoPAM" configuration option is set and ngIRCd is compiled with support for PAM, ngIRCd will not call any PAM functions: all connection attemps without password will succeed instead and all connection attemps with password will fail. If ngIRCd is compiled without PAM support, this option is a dummy option and nothing changes: the global server password will still be in effect.
Implement asynchronous user authentication using PAM
For each client connection a child process is forked which handles the actual PAM authentication and reports the result back to the master process using a pipe for communication. While the PAM authentication is in process the daemon does not block.
Add new pam.{c|h} module to Xcode project
Adjust Xcode project and Mac OS X static config.h header to use PAM.
New functions Client_[Set]OrigUser() to get/set user specified by peer
The Client_SetOrigUser() function is used to store the peer-provided user name (see USER command) in its original form, not changed by IDENT results, for example.
New function Conn_GetProcStat()
Get PROC_STAT sub-process structure of a given connection.
Code cleanup: don't reset penalty time on DNS resolver result
See commit d4632a727fbee6: it's not necessary any more!
Rename Log_[{Init|Exit}_]Resolver to Log_[{Init|Exit}_]Subprocess
Rename Log_Init_Resolver, Log_Exit_Resolver, and Log_Resolver to Log_Init_Subprocess, Log_Exit_Subprocess, and Log_Subprocess and make it more generic thereby.
Don't #include client.h when conn.h/conn-func.h is already included
conn.h and cinn-func.h both already #include client.h, so it is not needed to do it twice.
New function Conn_GetFromProc() to get CONN_ID of a subprocess
Get CONN_ID from file descriptor associated to a subprocess structure.
Don't set a penalty time when doing DNS lookups
The logic isn't as described in the source and intended by this code: ngIRCd doesn't wait for the asynchronous resolver process until the set penalty time is over, but until the forked process terminates or the initial connection timeout (= PongTimeout) triggers. So don't set the penalty time at all and remove the wrong comment.
Refactoring: Rename CONNECTION.res_stat to .proc_stat
We want to use this process status variable not only for the resolver subprocesses but other asynchronous tasks as well; so let's name it more generic.
New "module" proc.c/proc.h for generic process handling
The new "module" proc.c is used for functions dealing with child processes. At the moment, it is only used by the asynchronous resolver. All the functions already implemented habe been migrated from the resolver code base, and the rest of the ngIRCd source code has been adepted to the new namespace and calling conventions. The goal is to develop "generic" process handling functions that can be used for other purposes as well, e.g. running processes on client connects etc.
Fix redundant redeclaration of Conn_Count*() functions
The wrongly placed #endif lead to the following compiler warnings: conn.h:125: warning: redundant redeclaration of ‘Conn_Count’ conn.h:125: warning: previous declaration of ‘Conn_Count’ was here conn.h:126: warning: redundant redeclaration of ‘Conn_CountMax’ conn.h:126: warning: previous declaration of ‘Conn_CountMax’ was here conn.h:127: warning: redundant redeclaration of ‘Conn_CountAccepted’ conn.h:127: warning: previous declaration of ‘Conn_CountAccepted’ was here
Implement user mode "c": receive connect/disconnect NOTICEs
Users having the user mode "c" set receive NOTICE messages on each new client connection to the local server as well as disconnects. Only IRC operators (users having the mode "o" set) are allowed to set the 'c' user mode. These connect/disconnect messages can be useful for open proxy scanners -- BOPM (http://wiki.blitzed.org/BOPM) is now functional with ngIRCd, for example.
Refactor Wall_ServerNotice() into more generic Log_ServerNotice()
Log_ServerNotice() sends a messages to all users having a given user mode set.
Show SSL status in WHOIS, numeric 275
"I've been wanting this for years and finally took the 5 minutes to patch it in. I took the response code (275) from whatever's running OFTC's IRC network." -- Neale Pickett <neale@woozle.org>, Fri, 11 Jun 2010 17:32:41 -0500 (OFTC is running Hybrid ircd.)
Include correct header files when testing for arpa/inet.h (Closes: #105)
Tested on OpenBSD 4.7, OpenBSD 4.1, FreeBSD 8, Linux and Mac OS X. Thanks to rck <dev.rck@gmail.com> for reporting and testing!
Revert "configure: make implicit declarations fatal"
This reverts commit b3a6c33da0b12ba74dc395979b677813d4bc2c0f. apparently not all gcc versions support this 8-(
configure: make implicit declarations fatal
from bugzilla #105: "ngircd-16 works great under openbsd4.7/i386, but it segfaults on openbsd4.7/amd64." Caused by missing function prototypes and the resulting truncation of pointer to int. Lets try to catch these bugs during compilation instead of SIGSEGV.
Don't access already freed memory in IRC_KILL()
It is not possible to call Conn_Close() after Client_Destroy() has been called, because Conn_Close wants to access the CLIENT structure which then has been freed already. Fix IRC_KILL to use Conn_Close() for local clients and Client_Destroy() for remote clients only (and never both).
fix "beeing" typo
reported by Fabio Scotoni via bugzilla #101.
SSL/TLS: fix bogus 'socket closed' error message
When we get there then the ssl handshake has failed, or we could not create a ssl context because ssl library initialization failed on startup. Reflect that in the log message.
ngIRCd release 16 (tags/rel-16)
doc/SSL: remove line continuation marker
some people got confused by the '\' line continuation marker, thus put everything in a single line, even if the line gets overly long.
ngIRCd release 16~rc2 (tags/rel-16-rc2)
Don't reset counters on RESTART
When ngIRCd restarts, all the connection counters are preserved now, as well as the command counters for example. It's unclear if resetting or not resetting is the "correct" behaviour, but it's quite clear that the behaviour should be consistent for all the counters ngIRCd uses ... And initializing "WCounter", the global but temporary write counter, is not necessarry at all: it is initialized (reset) before its use in the command parser (see parse.c).
New numeric RPL_STATSCONN (250): display connection statistics
The RPL_STATSCONN numeric (250) displays information about the highest simoultaneous connection count and the number of all accepted connections since the daemon started up. Used by ircd-Hybrid, Bahamut, and Unreal for example.
Enhace connection statistics counters
This patch enables ngIRCd to count the highest maximum simultaneous connections and all the connections accepted since startup. New functions: - Conn_Count(): get current connections - Conn_CountMax(): maximum simultaneous connections - Conn_CountAccepted(): number of connections accepted
Include netinet/{in.h, in_systm.h} when checking for netinet/ip.h
This solves warning messages of autoconf on e.g. FreeBSD 8: configure: WARNING: netinet/ip.h: present but cannot be compiled configure: WARNING: netinet/ip.h: check for missing prerequisite headers?
Include netinet/in_systm.h alongside netinet/ip.h
This fixes the following error when compiling on e.g. FreeBSD 6.x: In file included from conn.c:40: /usr/include/netinet/ip.h:160: error: syntax error before "n_long" /usr/include/netinet/ip.h:163: error: syntax error before "n_long"
Fix gcc warning "ignoring return value of ..."
This patch fixes two warnings of gcc 4.4.3 when used with eglibc 2.11.1: ngircd.c: In function ‘NGIRCd_Init’: ngircd.c:801: warning: ignoring return value of ‘chdir’, declared with attribute warn_unused_result conn.c: In function ‘Simple_Message’: conn.c:2041: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result The first by checking the return code and an appropriate error message, the second by "better" ignoring it (which is correct there!) ...
Only compile in Get_Error() if really needed
This fixes "resolve.c:150: warning: ‘Get_Error’ defined but not used".
Updated some more copyright notices, it's 2010 already (part 2)
Silly me forgot the most important place, the program output itself ...
ngIRCd release 16~rc1 (tags/rel-16-rc1)
configure.in: only add -lnsl when needed
dpkg-shlibdeps: warning: dependency on libnsl.so.1 [..] (they use none of its symbols). As shown via commit 2b14234abc252383679bae2d23861b773dc9713e (dpkg-shlibdeps: warning: dependency on libnsl.so.1) and the following revert of that commit, we cannot simply drop the AC_CHECK_LIB(nsl). Although -lnsl is indeed unneeded when glibc is used, some platforms (e.g. Solaris) need it. Use AC_SEARCH_LIBS instead to only link when the library exports a particular symbol.
Implement WEBIRC command
The WEBIRC command is used by some Web-to-IRC gateways to set the correct user name and host name of users instead of their own. Syntax: WEBIRC <password> <username> <hostname> <ip-address> The <password> must be set using the new configuration variable "WebircPassword" in the [Global] section of ngircd.conf. Please note that the <ip-address> is currently not used by ngIRCd (we don't store it in the CLIENT structure, only the resolved hostname).
Implemented new "secure clients only" channel mode: +z
Only clients using a SSL encrypted connection to the server are allowed to join such a channel. But please note three things: a) already joined clients are not checked when setting this mode, b) IRC operators are always allowed to join every channel, and c) remote clients using a server not supporting this mode are not checked either and therefore always allowed to join.
Show our name (IRCD=ngIRCd) in ISUPPORT (005) numeric
Inspired by Hyperion IRC daemon.
Added missing modes to USERMODES #define
Now the numeric 004 correctly reports all the supported user and channel modes (user modes "r" and "w" were missing), e. g.: :a.irc.net 004 a a.irc.net ngircd-15 aiorsw biIklmnoPstv
Xcode: fix "-Wuninitialized is not supported without -O"
Fix Apple Xcode warning "cc1: warning: -Wuninitialized is not supported without -O" when using the "Debug" build target: Detection of uninitialized automatic variable requires data flow analsys that is only enabled during optimized compilation.
platformtest.sh: Only show latest commit
Only show latest GIT commuit ID as version number, even when the last commit has been a merge.
Merge commit 'cade80dcf516f40e7d53124bc98526e6e5b3fb66'
* commit 'cade80dcf516f40e7d53124bc98526e6e5b3fb66': Added missing contrib/platformtest.sh to distribution
Added missing contrib/platformtest.sh to distribution (tags/rel-15)
configtest: print ssl config options even when unset
Print "SSLOptionVar =" instead of omitting the option when running --configtest with ssl enabled. This better matches the behaviour of other options, e.g. ChrootDir.
ngIRCd release 15~rc1 (tags/rel-15-rc1)
Enable SQUIT command for IRC Operators
This patch enables IRC Operators to use the SQUIT command as specified in RFC 2812, section 3.1.8 "Squit". When forwarding SQUIT commands, the server connected to the target will drop the connection (not the target server itself!). Please note: - the configuration option "AllowRemoteOper" mus be enabled on the server disconnecting the target to allow forwarding of SQUIT commands. - if the remote server is configured to establish the connection, it will just do this; so the disconnect is not permanent in this case!
Use functions provided by op.c "module"
Local functions Check_Oper() and No_Privileges() have been replaced by global functions in op.c "module": Op_Check() and Op_NoPrivileges().
New "module" op.c/op.h for IRC operator related functions
The new "module" op.c is used to implement functions related to IRC Ops. At the moment, these two functions are available: - Op_Check() to check for a valid IRC Op, and - Op_NoPrivileges() to generate "permission denied" messages.
Allow forwarding of CONNECT commands.
The syntax of the CONNECT command now is: - CONNECT <server-id> - CONNECT <server-id> <port> - CONNECT <server-id> <port> <target> - CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd> - CONNECT <server-id> <port> <host> <my-pwd> <peer-pwd> <target> Note: the configuration option "AllowRemoteOper" mus be enabled on the target server to allow forwarding of CONNECT commands.
New function IRC_SendWallops().
Implement new global function IRC_SendWallops() that can be called by other functions to generate WALLOPS messages to users with +w mode.
New configuration option "AllowRemoteOper"
Added new configuration option "AllowRemoteOper" to control whether remote IRC operators are allowed to use administrative commands that affect this server or not This commit introduces the configuration variable, but actually no function is using it. That's up for the next patches to come ...
fix assertion failure in ng_ipaddr.c
when building with debugging enabled, but without ipv6 support, ngircd dumped core when loading a config file that specified an ipv6 listen address. ngircd: ng_ipaddr.c:45: ng_ipaddr_init: Assertion `sizeof(*addr) >= res0->ai_addrlen' failed.
Check for sockaddr_in.sin_len and initialize it
Test for sockaddr_in.sin_len and initialize it to the correct value which some systems (notably Mac OS X) require. Note: this code path is only relevant when not using getaddrinfo().
Always use get{addr|name}info() when available
Both getaddrinfo() and getnameinfo() are now used always when available, and not only when compiling ngIRCd with support for IPv6. This not only enables ngIRCd to handle multiple addresses per hostname when compiled without support for IPv6, but fixes binding ngIRCd to IP addresses on Mac OS X (and probably other BSD-based systems) as well: these systems require that sockaddr_in is zeroed out and sockaddr_in.sin_len is set to sizeof(sockaddr_in) like that: src/ipaddr/ng_ipaddr.c, line 54: assert(ip_str); + memset(addr, 0, sizeof *addr); + addr->sin4.sin_len = sizeof(addr->sin4); addr->sin4.sin_family = AF_INET; But this would break all the systems not using sockaddr_in.sin_len, for example Linux -- so we assume that all these systems provide getaddrinfo() and use that for now.
Fix cb_connserver() to handle aborted outgoing connections
A configured server could have been removed while a connection apptempt is still in progress. So the cb_connserver() callback has to test if the server configuration record is still valid.
conn.c: fix more sizeof(..dst_addr) misuse
the wrong sizeof() usage fixed in d76910ce7b9fad5679b7c614ed086e036560e37d (conn.c: fix resolver server address backlog) was a bit more widespread, fix all others, too.
resolve.c: fix valgrind 'uninitialized memory' warning
fix the following warning generated by valgrind if ipv6 is enabled: Syscall param write(buf) points to uninitialised byte(s) at 0x4000982: (within /lib/ld-2.9.so) by 0x80681A8: Resolve_Name (resolve.c:477) by 0x805439F: Conn_Handler (conn.c:1658) by 0x804AA7C: main (ngircd.c:331) The warning is because ng_ipaddr_t can be a union, and only the necessary parts are initialised. The callers know what part of the union is valid, so this is not a bug.
conn.c: fix resolver server address backlog
if more than one ip address is returned for a single host name, ngircd is supposed to try other addresses in case connect() to the first address returned fails for some reason. Alexander Barton noticed that this did not work at all, as the additional results were not stored.
Fix "implicit conversion shortens 64-bit value" warning
This patch fixes the following gcc warning in our sources: "implicit conversion shortens 64-bit value into a 32-bit value"
Channel_Mode(): fix return code of function
Fix error handling of Channel_Mode() to return the correct connection status ("connected"/"disconnected") insted of always returning success.
Fix --with-{openssl|gnutls} to accept path names
This patch fixes --with-openssl and --with-gnutls and enables both to accept path names, so that you can use "./configure --with-XXX=/path". All the other --with-XXX parameters support this already.
do not add default listening port if ssl ports were specified
Cosmo Kastemaa reported that its impossible to create an ssl-only setup, as ngircd binds to port 6667 by default, even if setting "Ports =". Only add the default port if _both_ "Ports" and "SSLPorts" are unspecified. Fixes bugzilla #98.
Use AM_SILENT_RULES([yes]), if available
Starting with GNU automake 1.11 "AM_SILENT_RULES([yes])" is available to make the build process less verbose ("Linux 2.6 style") which helps to spot warning and error messages. So we use it if it is available.
New script contrib/platformtest.sh
This script analyzes the build process of ngIRCd and generates output suitable for inclusion in doc/Platforms.txt.
doc/Platforms.txt: ngircd builds on hppa2.0w-hp-hpux11.11 target
Goetz Hoffart reports successful compile on HPUX/HPPA (on ngircd mailing list): Target: hppa2.0w-hp-hpux11.11 Compiler: gcc Compiler flags: -g -O2 -pipe -W -Wall -Wpointer-arith -Wstrict-prototypes -fstack-protector -D_XOPEN_SOURCE_EXTENDED -DSYSCONFDIR='"$(sysconfdir)"' Libraries: -lz -lnsl Syslog support: yes Enable debug code: no zlib compression: yes IRC sniffer: no Use TCP Wrappers: no Strict RFC mode: no Zeroconf support: no IRC+ protocol: yes IDENT support: no I/O backend: "poll()" IPv6 protocol: no SSL support: no
Client_CheckID(): fix connection information
This patch fixes the following silly log messages: 'ID "XXX" already registered (on connection -1)!' If the ID is already registered on a local connection, the local connection ID is printed; and if the ID is connected via a remote server, "via network" is displayed.
Fix return code of Conf_EnableServer()
Conf_EnableServer() only reports success if all required variables, including host name and port, are set for the specific server.
enforce upper limit on maximum number of handled commands
reported on #ngircd: pasting lots of lines into a channel can kill off many people on the channel if the read buffer is drained quickly enough and the client-side TCP can't keep up with the incoming data. This implements a throttling scheme: - an irc client may send up to 3 commands per second before a one second pause is enforced. - an irc client may send up to 256 bytes per second before a one second pause is enforced. After discussion with Alexander Barton, server <-> server links are treated specially: There is no artificial limit on the number of bytes sent per second, and up to 10 commands are processed per second before a pause is enforced. It may be neccessary to make those limits tuneable to accomondate larger networks, but for now they are compile time values.
conn.c: fix NumConnections imbalance
New_Server() can call Conn_Close() in its error paths, but that function decrements the number of current active connections. Thus we need to increment it earlier.
Updated Debian "changelog" file for ngIRCd 14.1 (tags/rel-14-1)
Added start/stop script for Red Hat based distributions
Script contributed by Naoya Nakazawa <naoya@sanow.net>.
security: fix remotely triggerable crash in SSL/TLS code
When a server is running with SSL/TLS support compiled in, it is trivial to crash the server by sending an MOTD request via another server in the network. - ONLY servers without ssl/tls support compiled in are not affected. Disabling SSL in the configuration (no ssl listening ports, etc) does NOT help. - servers that are running standalone (i.e., not connected to any other servers) are not affected, either. This affects all ngircd releases since ngircd 13 (earlier versions have no SSL/TLS support).
Debian: build ngircd-full-dbg package
In addition to the "ngircd" and "ngircd-full" packages a new package named "ngircd-full-dbg" is build: this package contains all the features of the "full" package but includes debug code and both the --debug and --sniffer options and the resulting binaries are _not_ stripped.
Fix server list announcement
When ngircd announces the list of currently known servers to a new (connecting) server, it sent the introducer of the servers instead of the top server. Assuming this network: irc1.example.com |--irc2.example.com | `--irc3.example.com | `--irc4.example.com `--irc5.example.com When irc4 connects to irc3, irc3 tells irc4 that irc5 was connected to irc2. (irc2 had introduced irc5 to irc3; but thats not what ngircd should have sent to the new server). This also placed users on the wrong servers.
irc-server: do not remove hostnames from info text
that code does not really make sense -- the info text is freely cofngiureable and des not follow a specific format. Also, that "+2" might have caused invalid memory accesses.
conn-zip: fix error handling
callers of (Un)Zip_Buffer() assume that the function closes the connection on error. However, this was not always the case.
ngIRCd release 14 (tags/rel-14)
Display IPv6 addresses as "[<addr>]" when accepting connections.
With this patch ngIRCd displays IPv6 addresses as "[<addr>]:<port>" when accepting new connections and later, if no successful DNS lookup could be made (or DNS is disabled altogether).
Xcode: #define include __DATE__ in VERSION
Change VERSION to include the __DATE__ when compiling from within Xcode. When building using "make xcode" or "make osxpkg" VERSION already is defined to the "real" version number set in configure.in.
ngIRCd release 14~rc1 (tags/rel-14-rc1)
Updated Debian/Linux init script
- PidFile, ServerUID and ServerGID are read from actual server configuration - Exit code and behaviour is more LSB compliant - New "status" and "test" sub-functions
testsuite: add more predefined channels to server config
make sure it creates & and +, and accepts channel names without a special character (ngircd should treat 'Name = chan' as 'Name = #chan').
add and use Channel_IsModeless()
avoid "name[0] == '+'" where possible, having Channel_IsModeless() makes things much more obvious.
Channel mode changes: break on error
Don't echo multiple syntax error messages (461) on invalid commands, but break after the first one. In addition, this solves corrupted 'Unknown mode "+' messages.
TLS/SSL: remove useless error message when ssl connection is closed
When using OpenSSL, the following annoying "error" message was logged whenever an encrypted connection was shut down in a orderly fashion: TLS/SSL Connection shutdown: ConnSSL_Read: Unable to determine error of course, this isn't an error at all.
SSL/TLS: clear all ssl realted flags on shutdown
one ssl related flags was not cleared on ssl shutdown. introduce and use CONN_SSL_FLAGS_ALL to zap them all.
TLS/SSL: fix memory leak when using compressed server links with ssl
commit 6bc2d3d06e9cb4da68ea4b63d9b6b219d88ab927 (New connection option CONN_RFC1459) forgot to adjust the ssl bitmasks. The result is that when a compressed AND encrypted server link goes down the memory allocated by zlib and the r/w buffers are no longer free'd as the previous ConnSSL_Free() would then also remove the CONN_ZIP flag from the flag mask.
Channel key file: store file name and open on each access.
Store the file name of channel key files and reopen them on each access (on each JOIN command) insted of just storing the file handles. This eliminates the special requirements (no delete) and makes sure that always the actual file contents are used in all circumstances.
Support individual channel keys for pre-defined channels.
This patch introduces the new configuration variable "KeyFile" for [Channel] sections in ngircd.conf. Here a file can be configured for each pre-defined channel which contains individual channel keys for different users. This file is line-based and must have the following syntax: <user>:<nick>:<key> <user> and <nick> can contain the wildcard character "*". Please not that these channel keys are only in effect, when the channel has a regular key set using channel mode "k"!
RFC 2812, sec. 3.3.1: really check for the last dot
This fixes commit 5a3128243f4b60 and makes the test suite ("make check") run again without errors.
irc.c: reject masks with wildcard after last dot
RFC 2812 says in section 3.3.1 ("Private Messages"): The mask MUST have at least 1 (one) "." in it and no wildcards following the last ".".
irc.c: Fix handling of channels containing dots
commit 2546a13ad2949192eb70bf21e114ec60af287ee4 ('Cumulative Message Patch') broke PRIVMSG to channels containing dots. Fix this by switching evaluation order: Check first if the target matches a existing channel and only do a check for target masks if that failed. PRIVMSG with host/server masks is described in RFC 2812, section 3.3.1. Makes one wonder how a server is _really_ supposed to tell the difference between hostmasks and channel names. Sigh.
Update ngircd.spec file
- Change Copyright to License - Update URL - Make BuildRoot use %{_tmppath} macro - Add basic BuildRequires - Compile with zlib and openssl - Install all docs in standard document location Signed-off-by: Ask Bjørn Hansen <ask@develooper.com>
remove unneeded LOG_DEBUG when not compiling with DEBUG support
when ngircd is build without DEBUG enabled, LOG_DEBUG messages are always discarded. To avoid the extra code, ngircd has a LogDebug() wrapper which gets removed by the compiler when compiling without DEBUG defined. Update a few functings which were using the Log(LOG_DEBUG, .. interface directly without #ifdef DEBUG guards. text data bss dec hex filename 127748 1900 28280 157928 268e8 ngircd.before 126836 1896 28280 157012 26554 ngircd.after
documentation: gnutls does not support password-protected privkeys
already mentioned in man page and sample config file, but for completeness also document it in doc/SSL.txt.
Xcode: get release number dynamically; new make target "xcode-clean".
- make target "xcode" now detects the release number stored in the configure.in file and passes it to Xcode. - new make target "xcode-clean" which removes all files generated by "make xcode" and removes the Xcode build directory.
Clean up channel allocation table on shutdown/restart.
Silly bug: the condition of a while() loop in the Channel_Exit() function used the wrong variable and therefore got never executed ... This bug is in the code since the beginning (see commit bb19cfda in 2002); shame on me!
Add Channel_Free().
Central function to free a channel structure and all its resources (invite/ban lists, topic, ...).
Free topic array on channel deletion.
The topic array in the CHANNEL structure must be free()'d before the channel itself becomes deleted.
man ngircd.conf: line break missing before the SSLConnect description
reported by Christoph Biedl.
defines.h: remove MAX_LISTEN_PORTS, MAX_SERVICES
_SERVICES was never used; _LISTEN_PORTS is a leftover from commit 51ccb5928ad1453b0593fedd934298384d09e619 ('internal changes needed for future ssl support').
Remove limit on max number of predefined channels.
This resolves Bugzilla Bug 68 ('Too many pre-defined channels configured.')
use %ld as format specifier for posix data types
in the same vein as the earlier commit: cast posix data types (pid_t, ...) to long and use %ld as format specifier. This will avoid problems when sizeof(int) != sizeof(type). We could also cast to int, but this might truncate the value.
ngIRCd release 13 (tags/rel-13)
don't print pid_t type with %ld format specifier
Reported by Christoph Biedl: ngircd[21581]: Running as user irc(39), group irc(39), with PID 140733193409613. cast pid_t to long to avoid this. While we are there, cast uid_t and gid_t, too.
Testsuite start-server.sh: return correct exit code.
src/testsuite/start-server.sh returns 0 when no errors occurred and the daemon has been startet and 1 on errors. Always returning 0 is wrong ...
ngIRCd release 13~rc1 (tags/rel-13-rc1)
Fix double minus signs in manual pages
This patch fixes the following lintian(1) warning: "Manual page seems to contain a hyphen where a minus sign was intended. '-' chars are interpreted as hyphens (U+2010) by groff, not as minus signs (U+002D). Since options to programs use minus signs (U+002D), this means for example in UTF-8 locales that you cannot cut&paste options, nor search for them easily. '-' must be escaped ('\-') to be interpreted as minus."
Change formatting of some log messages
- Fix formatting of some log messages, mostly punctuation. - cb_Connect_to_Server(): don't use string concatenation, because it is not supported by pre-ANSI C compilers ...
Fix pem_passwd_cb(): unused variable "rwflag" (OpenSSL)
This patch fixes the following warning of GCC (version 4.3.2) in function pem_passwd_cb() when compiling with OpenSSL support and without debug code: conn-ssl.c: In function 'pem_passwd_cb': conn-ssl.c:122: warning: unused parameter 'rwflag'
New configuration option "NoIdent" to disable IDENT lookups
The new configuration option "NoIdent" in ngircd.conf can be used to disable IDENT lookups even when the ngIRCd daemon is compiled with IDENT lookups enabled.
Implement the IRC command "SERVLIST"
The IRC command "SERVLIST" lists all the registered services, see RFC 2811, section 3.5.1. The syntax is "SERVLIST [<mask> [<type>]]". The parameter <type> is not used by ngIRCd at the moment, all registered services are of type 0 (which is the default when omitted).
Create local &SERVER channel and log server messages to it
ngIRCd now creates a server-local channel &SERVER with channel modes +mnPt (moderated, no messages from outside the channel, persistent and with the topic locked) and logs all the messages to it that a user with mode +s ("server messages") receives. If an IRC operator withdraws the +P ("persistent") mode and the &SERVER channel is freed because of no members, nothing special happens. The channel can be recerated any time later and ngIRCd would begin logging to it again.
Implement local channels (prefix "&")
This patch implements server-local channels, prefix "&", that are only visible to users of the same local server and not in the network. Patch written by Scott Perry (2008-06-04), see: - http://arthur.barton.de/cgi-bin/bugzilla/show_bug.cgi?id=87 - http://arthur.barton.de/cgi-bin/bugzilla/attachment.cgi?id=24&action=view
Added some missing files of GIT tree to distribution archives
The following bits and bytes were not included in distribution archives: - contrib: ngindent, ngircd.sh - contrib/Debian: ngircd.postinst - contrib/MacOSX: preinstall.sh, postinstall.sh - doc/src: Doxyfile, header.inc.html, footer.inc.html, ngircd-doc.css - src/portab: splint.h
Test suite: start two servers and test server-server links
I changed the test suite to start two test servers (on port 6789 and 6790), so server-server links can be tested as well for which I included the new test script "server-link-test.e". In addition the documentation of the test suite (src/testsuite/README) has been updated and is more complete now.
Add conf-ssl.h to "noinst_HEADERS"
conf-ssl.h must be listed in "noinst_HEADERS" so that it becomes included in distribution archives generated by "make dist" and "make distcheck".
Re-add CVE identifiers to ChangeLog.
I'm lame. My last commit removed all the CVE numbers recently added in commit 598df0758 to the ChangeLog ... shame on me! See all the CVE entries of ngIRCd at: <http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ngircd>
Connection counter: count outgoing connections as well.
This patch lets ngIRCd count outgoing connections as well as incoming connections (up to now only outgoing connections have been counted). This change is required because the Conn_Close() function doesn't know whether it closes an outgoing connection or not and therefore would decrement the counter below zero when an outgoing connection existed -- which would trigger an assert() call ... Please note that this patch changes the (so far undocumented but now fixed) behaviour of the "MaxConnections" configuration option to account the sum of the in- and outbound connections!
Ignore numeric 020 ("please wait while we process your coinnection")
Some servers send the numeric 020 ("please wait while we process your connection") when a client connects. This is no useful information for this server, so we simply ignore it :-)
GNUTLS: define new API types when installed library is too old
This patch enables ngIRCd to use GNUTLS in really old versions, tested with version 1.0.16, that don't define the "new" data types ending in xxx_t. LIBGNUTLS_VERSION_MAJOR isn't defined there as well, so we use it to test if we must define the new types on our own.
conn-ssl.c: work around gnutls API problems on 64 bit platforms
Alexander Barton reported a compiler warning on 64-bit platforms: cc1: warnings being treated as errors conn-ssl.c: In function 'ConnSSL_Init_SSL': conn-ssl.c:403: error: cast to pointer from integer of different size Unfortunately, I couldn't find a real solution; the GNUTLS API expects 'gnutls_transport_ptr_t' (which is void*), but the default push/pull functions (send/recv) expect an int. The only alternative solution is to pass in an address to the file descriptor, then add send/recv wrappers that expect a pointer. What a mess[tm].
Fix ForwardLookup(): "ISO C90 forbids specifying subobject to initialize"
This patch fixes the following warning of GCC (version 4.3.2) in function ForwardLookup(): resolve.c: In function 'ForwardLookup': resolve.c:282: warning: ISO C90 forbids specifying subobject to initialize resolve.c:284: warning: ISO C90 forbids specifying subobject to initialize resolve.c:285: warning: ISO C90 forbids specifying subobject to initialize
Fix ConnSSL_LogCertInfo(): unused variable "cred" (GNUTLS)
This patch fixes the following warning of GCC (version 4.3.2) in function ConnSSL_LogCertInfo() when compiling with GNUTLS support: conn-ssl.c: In function 'ConnSSL_LogCertInfo': conn-ssl.c:542: warning: unused variable 'cred'
GIT: Ignore Debian-related generated files.
Added files that become generated while building Debian GNU/Linux packages of ngIRCd to the .gitignore lists.
Announce IRC services in the network.
This patch - introduces a new server flag "S" to indicate that the server can handle the SERVICE command (on server links), - implements the IRC command "SERVICE" for server-server links, - uses the "SERVICE" command to announce IRC services when a new server connects to it, - and fixes the Send_Message() function to let it send messages to services using a "target mask". If the remote server doesn't indicate that it can handle the "SERVICE" command (it has not set the "S" flag), services are announced as regular users as before.
Fix PRIVMSG/NOTICE handler (II): keep command when forwarding to channels.
- new function ngt_UpperStr(). - change Channel_Write() to take command name and error flag. - remove now unneeded function Channel_Notice().
Make real use of the CLIENT_SERVICE client type.
This patch enables ngIRCd to handle IRC services as real services, and not as "fake users": - Set correct client type CLIENT_SERVICE for services, - Change log messages to include correct client type, - PRIVMSG: allow users to send messages to services, - Send services nick names to other servers (as users). Please note that this patch doesn't announce services as services in the network, but as regular users (as before). Only the local server knows of services as services (see LUSERS command, for example). It is up to one of the next patches to fix this and to introduce the SERVICE command in server to server communication. The propagation of services as regular users between servers doesn't limit the functionality of the IRC services and will be the fallback for servers that don't support "real" services propagation in the future.
New function Client_TypeText() and Destroy_UserOrService().
Client_TypeText() is used to get correct naming ("Client", "Service", ...) for log messages, and Destroy_UserOrService() is used to correctly destroy user and services clients.
Allow ngIRCd to detect services connected to an "virtual services server".
Introduce a new configuration variable "ServiceMask" in SERVER blocks to define a mask matching nick names that should be treated as services. Regular servers don't need this parameter (leave it empty, the default), but you should set it to "*Serv" when connection ircservices, for example. This patch allows ngIRCd to detect services, it doesn't change the functionality: you only get different log messages ;-)
Get rid of INTRO_INFO structure again: we don't need it at all!
All the required information is already stored in the CLIENT structure of new new connection, so pass this to Introduce_Client() and don't invent an unneeded new structure ...
Server links: detect RFC 1459 mode direct after SERVER command
This patch allows ngIRCd to detect right after receiving the SERVER command from the peer whether the RFC 1459 compatibility mode must be used or not. And it fixes the announcement of users during establishing new server links with such peers.
Send and handle NICK+USER commands for user registration (RFC 1459).
This patch enables ngIRCd to deal with NICK and USER commands following RFC 1459 to register new clients, and to send these commands instead of one full NICK command as specified in RFC 2813 on connections that are in RFC 1459 compatibility mode. Can be useful for e. g. IRC services that simulate a RFC 1459 server.
New connection option CONN_RFC1459.
This new connection option CONN_RFC1459 indicates that the peer on this link only supports the IRC protocol as defined in RFC 1459 and that the compatibility mode (e. g. for outgoing commands like NICK) should be used.
USER: servers and services can alter user information after registration.
This is required to do RFC 1459 style user registration on server links, and is used by some services packages, too. See RFC 1459 section 4.1.3.
NICK: allow servers and services to use RFC 1459 syntax (2 parameters).
This patch allows servers and services to call the NICK command using the syntax defined in RFC 1459 to register new users, with only two parameters. See section 4.1.2. Useful for some services packages, which emulate this protocol.
TLS/SSL support: code changes.
This adds the required code to enable ssl/tls support during compile and run time, respectively.
TLS/SSL support: core files.
Contains support for both OpenSSL and GNU TLS. Certificate Authentification is not yet supported.
Fix handling of MaxConnections option
Config option claimed to be 'number of connections' but in reality this was treated as 'largest file descriptor allowed'. This also fixes another bug in New_connection, where the ng_ipaddr_tostr_r error path was missing a return statement.
SECURITY: Fixed a message handling bug which could crash the daemon.
Some message targets could lead to a NULL pointer dereference and therefore could crash the daemon (denial of service). (cherry picked from commit e493ad2d30ff80bca2556cde2212e367cb006517)
Enable GNU libc "memory tracing" when compiled with debug code.
This patch lets ngIRCd activate "memory tracing" of the GNU libc when compiled with debug code (configure: --enable-debug) and the functionality is available on the system. (http://www.gnu.org/software/libc/manual/html_node/Allocation-Debugging.html)
New make target: "osxpkg" to create an Mac OS X installer package.
This patch adds a new make target, "osxpkg", to the main Makefile which gereates a Apple Mac OS X installer package of ngIRCd. The packagemaker(1) project bundle is stored in contrib/MacOSX/ngIRCd.pmdoc.
Clean up Mac OS X Xcode environment.
- Remove obsolete contrib/MacOSX/cvs-version.h - Change SDK to 10.4
Added CVE identifiers to ChangeLog.
see http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=ngircd
Make ngIRCd compile and run on NeXTSTEP 3.3 and OPENSTEP 4.2
by Steven D. Blackford <kb7sqi@aol.com>: "I wanted to let you know that I've done a quick port of ngircd-0.12.0 for NEXTSTEP3.3/OPENSTEP4.2. There wasn't a lot of changes required to get it to compile clean, but I did make the necessary changes so that I didn't have to use -posix flag. The NeXT has a pretty buggy POSIX implementation so I always try to work around it. :-) Anway, here's the changes required to get it to compile."
Fix Validate_Args(): unused parameter "Idx" and "Req"
This patch fixes the following error message of GCC (tested with version 4.3.0) when not compiling ngIRCd in "strict RFC" mode: parse.c: In function "Validate_Args": parse.c:341: error: unused parameter "Idx" parse.c:341: error: unused parameter "Req"
message-test: Disable two tests using "localhost" as host name
Some operating systems, for example OpenBSD and OpenSolaris, use "localhost.<domain>" instead of just "localhost" for 127.0.0.1, so the "message-test" using "localhost" failed on such systems. Don't have an idee how to make this work on all platforms ... :-/ So I simply disabled the two affected tests to make the testsuite run on OpenBSD and OpenSolaris again.
Fix Send_Message(): "lastCurrentTarget" may be used uninitialized
This patch fixes the following warning of GCC 4.3.1: irc.c: In function "Send_Message": irc.c:315: error: "lastCurrentTarget" may be used uninitialized in this function
Fix t_diff(): declaration of 'div' shadows a global declaration
This patch fixes the following GCC warning message: irc-info.c:422: warning: declaration of 'div' shadows a global declaration
Don't allow empty channel names ("#") in strict RFC mode.
This closes Bug #88. Patch proposed by Eric <egrunow@ucsd.edu>, but with wrong length comparision: please note that Channel_IsValidName() checks the name INCLUDING the prefix, so the test must be length<=1!
Return 461 (syntax error) on "JOIN :" and "PART :"
Up to this patch ngIRCd did not return any result (GIT master) or a badly formated 403 (":irc.server 403 test :No such channel" [note the two spaces!], branch-0-12-x) on the above commands, this patch changes the behaviour to reflect ircd 2.11 which returns 461 in both cases.
Fixes to misc-test: accept "localhost.<domain>" as well as "localhost"
Some operating systems, for example OpenBSD, use "localhost.<domain>" instead of "localhost", so the "who-test" expecting "localhost" failed on such systems. (Please see 149859c5fecc..., which fixes this for the who-test already)
Revert "dpkg-shlibdeps: warning: dependency on libnsl.so.1 [..]"
- Solaris needs both -lsocket _and_ -lnsl - A/UX needs -lUTIL "... which totally sucks because we'd link libnsl on Linux, too (where its not needed at all). So, we have to figure out how to tell autocrap to NOT put -lnsl there unless it exports a symbol we need. This also means that [...] has to be reverted (or done properly)." -- Florian Westphal @ #ngircd This reverts commit 2b14234abc252383679bae2d23861b773dc9713e.
dpkg-shlibdeps: warning: dependency on libnsl.so.1 [..]
(they use none of its symbols). So, rip out that AC_CHECK_LIB cruft, pointed out by Christoph Biedl. If there are platforms that really need that we should only link when we actually use these libraries.
Merge autogen.sh changes
Merge commit 'alex/master'
autogen.sh: Don't set AUTO{CONF|MAKE}_VERSION and WANT_AUTO{CONF|MAKE}
On some systems (for example Gentoo Linux, FreeBSD, and OpenBSD), these variables are used to select which version of GNU automake and autoconf to use, but we shouldn't depend on a specific version -- instead we should use the "system default". So probably it is up to the user to set these variables accordingly to set up some wrapper scripts of his operating system distribution.
Fix GCC warnings for possibly uninitialized variables in IRC_JOIN
This patch fixes the following two warnings of GCC 4.2.4: irc-channel.c: In function "IRC_JOIN": irc-channel.c:185: warning: "lastkey" may be used uninitialized in this function irc-channel.c:185: warning: "lastchan" may be used uninitialized in this function
Allow mixed line terminations (CR+LF/CR/LF) in non-RFC-compliant mode
Up to now ngIRCd accepted CR+LF as well as a single CR or LF in "non RFC compliant" mode (the default). But ngIRCd became confused when it received data containing mixed line endings (e. g. "111\r222\n333\r\n"). This patch enables ngIRCd (in "non RFC compliant" mode) to detect CR+LF, CR, and LF as equally good line termination sequences and to always end the command after the first one detected. Some clients (for exmaple Trilian) are that ... broken to send such mixed line terminations ... First patch proposed by Scott Perry <scperry@ucsd.edu>, Thanks to Ali Shemiran <ashemira@ucsd.edu> for testing!
Don't allow stray \r or \n in command parameters
If ngircd receives an input line like "COMMAND arg\nIRRELEVANT\r\n", "arg\nIRRELEVANT" is passed as an argument to COMMAND. This can lead to output like: :ngircd.test.server 322 nick #chan 1 : topicwithprecedingnewline :ngircd.test.server 322 nick #nxtchan 1 : [..] Worse, this allows clients to piggyback irc commands, e.g. "TOPIC #a :test\n:fake!~a@nonexistant JOIN :#a\r\n", which causes the client to receive a JOIN command during /LIST output. Bug reported by Scott Perry, first patch by Florian Westphal.
Handle_Buffer(): code cleanup.
Both callers ignore the return code of this function, so get rid of it, but make sure that the client is disconnected on errors.
Conn_Handler(): cleanup code, add/translate comments.
In addition, the "timeout" variable has been removed because it is unnecessary today: Handle_Buffer() handles all the data it can handle, and io_dispatch() returns immediately when new data is available. So we don't have to double-check but better sleep. Pointed out by Florian.
Use strtok_r instead of strchr in IRC_JOIN.
This patch does significant cleanup on the join code by using strtok_r instead of mangling strchr to parse channel names and keys in parallel when a JOIN command contains a list of channels and keys. Also adds an strtok_r implementation to libportab.
configure.in: don't check for "obvious" standard functions.
Drop checks for the following C standard functions: malloc, memmove, memset, realloc, strchr, strcspn, strerror, strstr. Rationale: These are standard K&R/C89 functions, no point in ''making sure they exist''.
Remove ListenIPv4/ListenIPv6 options.
Use "Listen = list,of,addresses" instead.
make Listen parameter a comma-seperated list of addresses.
this also obsoletes ListenIPv4 and ListenIPv6 options. If Listen is unset, it is treated as Listen="::,0.0.0.0". Note: ListenIPv4 and ListenIPv6 options are still recognized, but ngircd will print a warning if they are used in the config file. Also, some plattforms require that ai_socktype is set in the getaddrinfo() hints structure.
Add option aliases -V (for --version) and -h (for --help).
This patch adds -h and -V short options (to complement the usage). It is based on a patch attached to Debian bug #466063, see <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466063>. Idea by Jari Aalto <jari.aalto@cante.net>, patch adapted by Alexander Barton <alex@barton.de>.
Add tests for MOTD, VERSION, TIME, USERHOST
The misc-test.e file is also somewhat reorganized and commented here. Patch from Brandon Beresini, Bryan Caldwell and Dana Dahlstrom.
Update master development branch
- use "dev" instead of "HEAD" as "version number", - update ChangeLog and NEWS to reflect the 0.12.0 release.
This patch implements a (maybe) compliant WHOWAS command.
It is hard to test this in the test suite because we 1) shouldn't rely on previous tests populating WHOWAS and 2) don't connect a user for more than 30 seconds. Also makes WHOWAS return ERR_NONICKNAMEGIVEN_MSG as implied by RFC.
Update ngIRCd manual pages
- Update timestamp, - enhance some phrasing, - and fix "Passive" ([Server]) formatting.
GIT: ignore symbolic links to tests in testsuite directory
Added symbolic links to new tests (invite-test, join-test, and kick-test) to .gitignore file.
Fixes to who-test: accept "localhost.<domain>" as well as "localhost"
Some operating systems, for example OpenBSD, use "localhost.<domain>" instead of "localhost", so the "who-test" expecting "localhost" failed on such systems.
ng_ipaddr.h must include netinet/in.h.
compile on FreeBSD 5.4 failed with: ./../ipaddr/ng_ipaddr.h:34: error: field `sin4' has incomplete type Reported and tested by Jefferson S Almeida.
Fix secret channel information leak
/who on a secret channel that the user is not a member of now returns proper RPL_ENDOFWHO_MSG instead of nothing.
Anglified and improved comments in channel.c and channel.h
[Dana Dahlstrom: repair tab/space conversion in patch]
Implement IRC commands SERVICE, SERVLIST, and SQUERY as dummy functions
SERVICE, SERVLIST, and SQUERY are required by RFC 2812 (it states in section 3 that "all commands described in this section MUST be implemented by any server for this protocol." -- So we implement them without (much) actual functionality ...
tests for JOIN and various replies
Brandon Beresini sent me a patch yesterday adding tests for JOIN under various circumstances, which I believe he worked on with Bryan Caldwell and Ali Shemiran. I made a few modifications; the result is below.
Allow KICK to handle comma-delimited lists (of channels, nicks).
includes test cases. [fw@strlen.de: - move code around to avoid duplication - use const where possible - integrate test case]
Fixes to who-test: accept any ident, escape some '*' flags.
This prevents who-test.e from failing when ngircd is performing ident lookups and an ident server is running.
Allow IRC ops to ignore channel limits when joining
Allow IRC ops to ignore any channel limit (bans, invite only etc.) when they want to join a channel.
Handle 1-character messages terminated with CR or LF correctly
Code cleanup and fix for Bug #83, "ngIRCd chokes on 1-character messages" in function Handle_Buffer(): the buffer is now correctly cleared when ngIRCd receives 1-character messages terminated with either CR or LF (in violation to RFC 2812, section 2.3 "Messages", 5th paragraph).
On AIX (for example) socklen_t is defined in sys/socket.h
On AIX and probably other systems socklen_t is defined in sys/socket.h, so we have to include it here explicitly (tested by Florian).
Always enable modeless channels.
Modeless channels (+channels) are described in RFC 2811; so my modifications to 530112b114ffa7d5352c0733790ddf90253f41f9 ('Add support for modeless channels') to disable +channels for --strict-rfc configurations were wrong. This reverts those changes.
Add support for modeless channels
Add support for modeless channels (+channels). [fw@strlen.de: - integrate test cases - don't support +channels when compiled with --strict-rfc - do not set +o mode for channel creator - force +nt mode when channel is created ]
Testsuite: remove erroneous ConfUID setting in config file.
The config file for ngircds test suite contained obsolete ConfUID/ConfGID settings, causing ngircd to needlesly complain when started as non-root (which is hopefully the _normal_ case...)
IPv6: Add config options to disabe ipv4/ipv6 support.
This also enables ipv6-only setups.
Get rid of cvs-version.* and CVSDATE definition.
(cherry picked from commit b187fac244f4e14705f882ba7c43eef0238e2830)
Don't include doc/CVS.txt in distribution archive, use doc/GIT.txt now!
(cherry picked from commit a8e0eb62e9dce81ca4a5c5911428561b90bf2c6e)
Documentation: get rid of some more references to CVS, switch to GIT.
(cherry picked from commit 6e9389b86c906c53a7797b8ced87a19195e16333)
Synchronized branch-0-12-x (ngIRCd 0.12.0-pre1) with master.
(cherry picked from commit 4ea29329674ff8ec6d772991a57c146b5d78d2ad)
Report ERR_NOTONCHANNEL when trying to part a channel one is not member of.
When trying to part a channel ("PART #channel") the client is not member of the daemon now correctly reports the numeric ERR_NOTONCHANNEL (442) insted of ERR_NOSUCHCHANNEL (403).
Added make target "testsuite"
This make target runs the testsuite located in src/testsuite without running alle the other tests that "make check" would run.
Channel_Mode: Remove duplicate code.
Incidentially, this doesn't even change the generated code...
Channel_Mode: Re-indent switch.
No functional changes were made.
GIT should ignore user preferences files inside Xcode projects.
Added filter for GIT to ignore Xcode user preferences files (*.mode1v3 and *.pbxuser) which are automatically generated inside the project bundle when opened in Xcode.
Convert CVS commands to their git equivalents.
Also mention that patches should be sent to the mailing list.
Include Mac OS X Xcode project in distribution archives. (Part 2)
I forgot to include the new Makefile.am in contrib/MacOSX/ngIRCd.xcodeproj/ ...
Include Mac OS X Xcode project in distribution archives.
Oops, it has not been included since ... ages??
Moved .cvsignore files to .gitignore
Since we are using GIT starting from now, I converted all the .cvsignore files to .gitignore files.
Fix client.c sparse warnings.
client.c:72:6: warning: symbol 'Max_Users' was not declared. Should it be static? client.c:72:21: warning: symbol 'My_Max_Users' was not declared. Should it be static?
io.c: kill select FD_SETSIZE sanity check in io_library_init.
We already have way too many.
io.c: try to cut down the number of ifdefs.
consolidate backend-specific helpers and add empty statinc inle stubs in the ifndef case to let the compiler remove the functions at compile time.
Do not exit unconditionally if config file cannot be opened
ngircd will exit if the config file cannot be opened. While thats okay if ngircd starts up for the first time, it isn't when we are re-reading the config file after a /REHASH or SIGHUP.
IPv6 support.
all references to struct sockaddr/in_addr have been removed from src/ngircd. libngipaddr (in src/ipaddr/) hides all the gory details. See src/ipaddr/ng_ipaddr.h for API description.
Fix sending of JOINs between servers.
This does hit only operators that join a channel with at least 2 servers active in the net the server the oper connects to sends "channel^Go" to the other servers the other server first searches for the channel and then strips the modes from the channel name he has to do the other way round: first strip and then check the channel name.
Channel_Mode cleanups
- better indentation - move answering request into seperate function.
Include flags in RPL_WHOREPLY messages.
RPL_WHOREPLY messages generated by IRC_WHO don't include flags (*,@,+) that should appear according to this description: http://www.mishscript.de/reference/rawhelp3.htm#raw352 Other IRC servers do include the flags. Modify who-test.e to expose missing flags, modify ngircd-test.conf to accommodate who-test.e, and fix irc-info.c to correct these problems.
Don't send trailing space in MODE messages
Under some circumstances ngIRCd currently issues a channel MODE message with a trailing space after the last parameter, which isn't permitted by the grammar in RFC 2812 section 2.3.1: http://tools.ietf.org/html/rfc2812#section-2.3.1 The following patch modifies mode-test.e to expose this, and modifies irc-mode.c to correct it.
IRC_JOIN cleanups.
- put sending of mode and forwarding of JOIN to other clients into seperate function. - put sending of topic/channel names into seperate function. - put access check into seperate function. - translate/remove remaining german comments. - stop if JOIN to a channel in a list (JOIN #a,#,b,#c...) fails (This doesn't change the behaviour: skip-to-next-channel-on-error did never work as intended)
Make IRC_WHO also search username/servername/hostname.
Dana Dahlstrom reported that IRC_WHO did not follow RFC 2812, Section 3.6.1. Specifically: - IRC_WHO did not send "G" flag instead if "H" if client was away - did not search username/servername/hostname etc. if argument was not a channel. Fix all of the above and tidy things up a bit. Also add IRC_WHO test script contributed by Dana.
Remove duplicate Channel_FirstChannelOf().
noticed there's a way to make the loop slightly more elegant. [fw@strlen.de: Extra () to silence gcc.]
Implement RFC 2812 handling of "0" argument to JOIN
The students in my software-engineering class are writing IRC clients in Java, and I'm running ngIRCd as a sandbox for them to play in. We noticed ngIRCd doesn't obey the "JOIN 0" command specified in RFC 2812: JOIN 0 ; Leave all currently joined channels. http://tools.ietf.org/html/rfc2812#section-3.2.1 I believe the following patch addresses this. Cheers! [fw@strlen.de: put it into a seperate function]
Don't use Client_Type after command has been processed.
This caused a read from already free'd memory, if the processed command (IRC_QUIT) calls Client_Destroy.
Fix wrong strncpy usage if CVSDATE defined
Hello_User() used strncpy with overlapping src/dest. Use memmove instead.
This adds support for sending NOTICEs to a channel.
[also see Bug #70 in ngircd bugzilla]. Based on a patch by Fabian Schlager <fabian.schlager@gmail.com>.
[Parser]: Fix minor sparse warnings
parse.c:56:9: warning: symbol 'My_Commands' was not declared. Should it be static? parse.c:107:9: warning: symbol 'My_Numerics' was not declared. Should it be static? Also move handling of numerics into a seperate helper function.
Remove entry about ngircd failing on Linux 2.4:
ngircd can now fall back to select. [from 0.11.x]
kqueue: check for EV_ERROR in .flags
if kevent() returns events, check for EV_ERROR in event flags, too.
include <arpa/inet.h> inside tool.h
In file included from hash.c:24: ../tool/tool.h:27: warning: `struct in_addr' declared inside parameter list
remove ip-string from Conf_Server struct
struct Conf_Server stored the ip address to connect to in dotted-decimal notation; but we only need this for connect() so long-time storage isn't necessary.
bind ListenAddress for outgoing connections
ngircd would always use INADDR_ANY for outgoing connections; which might not be desirable. Added new [Server] option "Bind" to set source ip.
Introduce option to configure the maximum nick name lenth in ngircd.conf
- New configuration option "MaxNickLength" to specify the allowed maximum length of user nick names. Note: must be unique in an IRC network! - Enhanced the IRC+ protocol to support an enhanced "server handshake" and enable server to recognice numeric 005 (ISUPPORT) and 376 (ENDOFMOTD). See doc/Protocol.txt for details.
Fixes the wrong logging output when nested servers are introduced
to the network as well as the wrong output of the LINKS command.
Update Mac OS X Xcode project file for Xcode 3.
Allow building of ngIRCd using Xcode 3 without running ./configure.
if ngircd doesn't run chrooted, it tries to chdir
to the users working directory (as returned by getpwuid()). Failing to chdir to that directory isn't an error; so log with LOG_INFO and prefix the message with "Notice".
configtest would still print "-1" for MaxConnections, MaxConnectionsIP and MaxJoins
if any of those values was set to 0.
accoring to comments in the code, MaxConnections, MaxConnectionsIP and MaxJoins
options allow setting values < 0 -- this isn't the case. Comments adjusted.
Updated preferred automake version to 1.9. Only set preferences if not
already defined by some environment variables.
SECURITY: Fixed a severe bug in handling JOIN commands, which could
cause the server to crash. Thanks to Sebastian Vesper, <net@veoson.net>.
- change return type of Conn_InitListeners to unsigned
- remove minor whitespace damage
New configure option "--without-select"; when usin epoll() IO API include
support for select() as well by default and fall back on runtime when needed.
predefined channels MUST start with '#', but this is not very intuitive,
since # is also used as a comment character in ngircd.conf. Thus we prefix the name with '#' if it is missing.
New configuration option "PredefChannelsOnly": if set, make
all JOINs to-non existants channel return ERR_BANNEDFROMCHAN_MSG, restricting users to those channels defined in the config file.
Allow PASS syntax defined in RFC 1459 for server links, too.
Removed client status CLIENT_GOTPASSSERVER.
only test for stack smashing protector if we are using gcc;
use -fstack-protector-all for the test to make sure the guard variable is added.
Flag the format parameter of LogDebug() as "unused" when not compiling with
debug code to avoid gcc warnings. Added some documentation comments.
Removed kqueue bug fix (never released), rephrased some internal changes,
and added "time shift" bug fix.