diff --git a/.SICI b/.SICI index 1605509fb..5c25224a0 100644 --- a/.SICI +++ b/.SICI @@ -4,17 +4,14 @@ | some kind of Certification Authority (CA), so your users can check that | | they are really connected to the real server, so they feel secure? | | | -| A initiative have been started, to help this problem, as more and more | +| An initiative has been started, to help this problem, as more and more | | SSL-enabled IRC servers will be started in the future, and people will | | have trouble authenticating that they are really at the right server. | -| This initiative is called SICI (Secure IRC Certification Initiative. We | -| sign your certificates for free, using the simple way of authenticating | -| you by going to your IRC server and testing if it's really you. | -| | -| You can send in your "server.req.pem" file to us at our email | -| certs@sici.ircsystems.net, with contact info on you (IRC network, nick, | -| status). We will then contact you, and check if you have provided true | -| information. If you need more information about SICI, visit our website | -| http://sici.ircsystems.net, where you can download our root certificate,| -| and read even more about this project. | Press enter to continue | +| This initiative is called OpenIRC CA - They offer you to sign | +| SSL certificates for use with your IRCd for free, | +| so your users can be sure that they can trust you and your server. | +| To get a signed certificate from them please visit the website | +| http://www.openirc-ca.eu.org | +| | Press enter to continue | --------------------------------------------------------------------------- + diff --git a/Changes b/Changes index dfb34afe2..40aff65c0 100644 --- a/Changes +++ b/Changes @@ -324,5 +324,21 @@ Added temp patch to m_kline to stop segfault --Luke =================================== +------------------------------------------------ +Beta3 +------------------------------------------------ + Backported check_pings with loop.do_ban_check from 3.2 --Stskeeps +=================================== + +Added nice fix to HCN so that BOPM works natively +(it would still be wise to mod bopm yourself +and have it scan all clients by using +F, as I've +done, but whatever.) +--Luke +=================================== + +Moved cloak key definitions to unrealircd.conf +--Luke +=================================== diff --git a/Config b/Config index eccdc87ac..959303a65 100755 --- a/Config +++ b/Config @@ -87,9 +87,6 @@ MAXSENDQLENGTH="3000000" BUFFERPOOL="(9 * MAXSENDQLENGTH)" NICKNAMEHISTORYLENGTH="2000" MAXCONNECTIONS="1024" -CLOAK_KEY1="100" -CLOAK_KEY2="100" -CLOAK_KEY3="100" SHOWOPERS="Yes" # @@ -1713,100 +1710,6 @@ fi esac done -echo "" -echo "*** NEW *** IMPORTANT *** READ AND FILL IN ***" -echo "The host cloaking feature from 3.2 has been backported. You must" -echo "choose three (3) numerical keys that are greater than 10000" -echo "and enter them below. It is STRONGLY ADVISED that you use the same" -echo "cloak keys for ALL servers on your network." -echo "" - -FOO="" -runonce="" -while [ -z "$FOO" ] ; do - FOO="$CLOAK_KEY1" - echo "Enter your first cloak key." - echo $n "[$FOO] -> $c" - if [ -z "$AUTO_CONFIG" -o -n "$runonce" ] ; then - read cc - else - cc="" - runonce=Yes - fi - if [ -z "$cc" ] ; then - cc=$FOO - fi - case "$cc" in - [1-9][0-9][0-9][0-9][0-9]*) - CLOAK_KEY1="$cc" - ;; - *) - echo "" - echo "You need to enter a number here, greater than 10000." - echo "" - FOO="" - ;; - esac -done - -FOO="" -runonce="" -while [ -z "$FOO" ] ; do - FOO="$CLOAK_KEY2" - echo "" - echo "Enter your second cloak key." - echo $n "[$FOO] -> $c" - if [ -z "$AUTO_CONFIG" -o -n "$runonce" ] ; then - read cc - else - cc="" - runonce=Yes - fi - if [ -z "$cc" ] ; then - cc=$FOO - fi - case "$cc" in - [1-9][0-9][0-9][0-9][0-9]*) - CLOAK_KEY2="$cc" - ;; - *) - echo "" - echo "You need to enter a number here, greater than 10000." - echo "" - FOO="" - ;; - esac -done - -FOO="" -runonce="" -while [ -z "$FOO" ] ; do - FOO="$CLOAK_KEY3" - echo "" - echo "Enter your third cloak key." - echo $n "[$FOO] -> $c" - if [ -z "$AUTO_CONFIG" -o -n "$runonce" ] ; then - read cc - else - cc="" - runonce=Yes - fi - if [ -z "$cc" ] ; then - cc=$FOO - fi - case "$cc" in - [1-9][0-9][0-9][0-9][0-9]*) - CLOAK_KEY3="$cc" - ;; - *) - echo "" - echo "You need to enter a number here, greater than 10000." - echo "" - FOO="" - ;; - esac -done - # # check FD_SETSIZE and override if needed. # @@ -1964,9 +1867,6 @@ cat > $OPTIONS_H << __EOF__ #define BUFFERPOOL $BUFFERPOOL #define MAXCONNECTIONS $MAXCONNECTIONS #define NICKNAMEHISTORYLENGTH $NICKNAMEHISTORYLENGTH -#define CLOAK_KEY1 $CLOAK_KEY1 -#define CLOAK_KEY2 $CLOAK_KEY2 -#define CLOAK_KEY3 $CLOAK_KEY3 __EOF__ if [ -n "$CRYPT_OPER_PASSWORD" ] ; then @@ -2052,9 +1952,6 @@ MAXCONNECTIONS="$MAXCONNECTIONS" NICKNAMEHISTORYLENGTH="$NICKNAMEHISTORYLENGTH" HUB="$HUB" DOMAINNAME="$DOMAINNAME" -CLOAK_KEY1="$CLOAK_KEY1" -CLOAK_KEY2="$CLOAK_KEY2" -CLOAK_KEY3="$CLOAK_KEY3" __EOF__ if [ "$OSNAME" = "Linux (with GLIBC 2.x or greater)" ]; then diff --git a/Unreal.nfo b/Unreal.nfo index 6502cf29c..efee5c473 100644 --- a/Unreal.nfo +++ b/Unreal.nfo @@ -1,5 +1,5 @@ =============================================== -= UnrealIRCd v3.1.3 = += UnrealIRCd v3.1.4 = =============================================== Was brought to you by: * Stskeeps diff --git a/include/dynconf.h b/include/dynconf.h index bb584234c..8f7ede5a2 100644 --- a/include/dynconf.h +++ b/include/dynconf.h @@ -72,6 +72,9 @@ struct zConfiguration { int maxchannelsperuser; char *socksbanmessage; char *socksquitmessage; + long ckey_1; + long ckey_2; + long ckey_3; aNetwork network; }; @@ -98,6 +101,9 @@ extern aConfiguration iConf; #define OPER_AUTO_JOIN_CHANS iConf.oper_auto_join_chans #define HOST_TIMEOUT iConf.host_timeout #define HOST_RETRIES iConf.host_retries +#define CLOAK_KEY1 iConf.ckey_1 +#define CLOAK_KEY2 iConf.ckey_2 +#define CLOAK_KEY3 iConf.ckey_3 #define ircnetwork iConf.network.x_ircnetwork #define defserv iConf.network.x_defserv diff --git a/include/version.h b/include/version.h index 663af6d85..1babb4023 100644 --- a/include/version.h +++ b/include/version.h @@ -32,7 +32,7 @@ #define PATCH2 ".1" #define PATCH3 ".4" #define PATCH4 "-Meadows" -#define PATCH5 "[beta2]" +#define PATCH5 "[beta3]" #define PATCH6 "" #define PATCH7 "" #define PATCH8 COMPILEINFO diff --git a/networks/makenet b/networks/makenet index a90fe2ea5..765a01337 100755 --- a/networks/makenet +++ b/networks/makenet @@ -27,6 +27,9 @@ NETDOMAIN="mynet.org" HELPCHAN="#help" STATS_SERVER="stats.mynet.org" INAH="1" +CKEY_1="0" +CKEY_2="0" +CKEY_3="0" SUBMIT="y" # Checking out how to specify not to make a new line with the current OS @@ -204,6 +207,29 @@ if [ ! -z $cc ]; then INAH="$cc" fi +echo "" +echo "*** IMPORTANT AND NEW! ***" +echo "What is your network's first cloak key?" +echo $n "[$CKEY_1] -> $c" +read cc +if [ ! -z $cc ]; then + CKEY_1="$cc" +fi + +echo "What is your network's second cloak key?" +echo $n "[$CKEY_2] -> $c" +read cc +if [ ! -z $cc ]; then + CKEY_2="$cc" +fi + +echo "What is your network's third cloak key?" +echo $n "[$CKEY_3] -> $c" +read cc +if [ ! -z $cc ]; then + CKEY_3="$cc" +fi + # write the actual conf cat > $FILE << __EOF__ @@ -234,6 +260,9 @@ Set STATS_SERVER ..: $STATS_SERVER Set HUB ...........: not_in_use Set iNAH ..........: $INAH Set net_quit ......: not_in_use +Set cloak_key_1 ...: $CKEY_1 +Set cloak_key_2 ...: $CKEY_2 +Set cloak_key_3 ...: $CKEY_3 __EOF__ echo "" diff --git a/networks/template.network b/networks/template.network index 7c165f248..a72c0570c 100644 --- a/networks/template.network +++ b/networks/template.network @@ -65,3 +65,11 @@ Set HUB ...........: 1 Set iNAH ..........: 0 # -- Not in use but still here -- Set net_quit ......: ic + + +# These are the cloak keys for your network. They should be the same on ALL SERVERS +# They must also be > 10000 +Set cloak_key_1 ...: 0 +Set cloak_key_2 ...: 0 +Set cloak_key_3 ...: 0 + diff --git a/src/dynconf.c b/src/dynconf.c index 1ab199e18..2c128d897 100644 --- a/src/dynconf.c +++ b/src/dynconf.c @@ -42,6 +42,7 @@ ID_Copyright("(C) 1999-2000 Carsten Munk"); #define DoDebug fprintf(stderr, "[%s] %s | %li\n", babuf, __FILE__, __LINE__); #define AllocCpy(x,y) if ((x) && type == 1) MyFree((x)); x = (char *) MyMalloc(strlen(y) + 1); strcpy(x,y) #define XtndCpy(x,y) x = (char *) MyMalloc(strlen(y) + 2); *x = '\0'; strcat(x, "*"); strcpy(x,y) +#define ircabs(x) (x < 0) ? -x : x /* externals */ extern int un_uid, un_gid; @@ -498,6 +499,12 @@ int load_conf3(FILE * conf, char *filename, int type) { AllocCpy(helpchan, setto); } + else if (strcmp(var, "cloak_key_1") == 0) + CLOAK_KEY1 = ircabs(atol(setto)); + else if (strcmp(var, "cloak_key_2") == 0) + CLOAK_KEY2 = ircabs(atol(setto)); + else if (strcmp(var, "cloak_key_3") == 0) + CLOAK_KEY3 = ircabs(atol(setto)); else if (strcmp(var, "STATS_SERVER") == 0) { AllocCpy(STATS_SERVER, setto); @@ -569,6 +576,8 @@ void doneconf(int type) strcat(errormsg, "- Missing netdomain field\n"); if (Missing(helpchan)) strcat(errormsg, "- Missing helpchan field\n"); + if ((CLOAK_KEY1 < 10000) || (CLOAK_KEY2 < 10000) || (CLOAK_KEY3 < 10000)) + strcat(errormsg, "- Missing cloak keys, or they're too easy to guess. Make them > 10000\n"); if (Missing(STATS_SERVER)) strcat(errormsg, "- Missing STATS_SERVER field\n"); if (Missing(iConf.socksbanmessage)) diff --git a/src/send.c b/src/send.c index 7f5f3e9b8..7d591ac29 100644 --- a/src/send.c +++ b/src/send.c @@ -1638,7 +1638,7 @@ void sendto_connectnotice(nick, user, sptr) #endif ircsprintf(connecth, "*** Notice -- Client connecting: %s (%s@%s) [%s] {%d}", nick, - user->username, user->realhost, sptr->sockhost, + user->username, user->realhost, inet_ntoa(sptr->ip), get_client_class(sptr)); for (i = 0; i <= highest_fd; i++)