822f27f34c
Remove "We will loose all flood counters!" message upon /REHASH.
2015-05-27 10:41:45 +02:00
9b9a35a155
Send numeric 396 on host changes
2015-05-27 00:15:29 +02:00
1f805a247b
Add link to https://www.unrealircd.org/docs/Upgrading_from_3.2.x in (likely 3.2.x conf) errors.
2015-05-25 17:16:19 +02:00
bcbc3fd082
Fix crash with new block (that's 1..). Reported by dg ( #4353 ).
2015-05-25 16:59:48 +02:00
efdefc4eb8
mute non-SSL warning for localhost (won't bother about other cases)
2015-05-25 13:14:44 +02:00
04727556c7
Show warning if non-SSL. Improve link error (on authentication failure). Auto-convert link::incoming::mask from like '1.2.3.4' to '*@1.2.3.4'.
2015-05-25 13:06:18 +02:00
db97b23bcb
move to a single password entry in link block:
...
"password in link block should be plaintext OR should be the SSL fingerprint of the remote link (=better)"
2015-05-25 10:54:05 +02:00
a1b3b9e1b9
quickly fix ssl ;)
2015-05-25 10:27:39 +02:00
8049136379
Restructure the entire link { } block ( #4032 ). Initial commit (missing autoconnect, ssl, etc).
2015-05-25 10:19:15 +02:00
0a42cedf77
Bounce links that have their clock too far out of sync ( #4214 ). Currently set at 1 minute. TODO: make configurable.
...
This only works with newer servers as it relies on PROTOCTL TS=xyz very early in the synch.
2015-05-24 16:16:31 +02:00
c2ca896dea
Add new flag MOD_OPT_PERM_RELOADABLE. Can be used instead of MOD_OPT_PERM if
...
you want to permit re-loading but not complete un-loading of your module.
This way you get the benefits of being able to upgrade code on-the-fly but
can still disallow the user to do something potentially unwise.
2015-05-23 20:43:31 +02:00
1e8c2c0141
dead_link() can now deal with cases where it's called more than 1 time for the same (soon-to-be-dead) client
2015-05-23 20:08:34 +02:00
d386650f49
set throttling to 3 per 60 seconds by default (in case you have no set::throttle block)
2015-05-23 19:08:37 +02:00
3623ebae05
Add protection against SSL Renegotiation attacks ( #4046 ). Reported by seraph.
...
Also expose dead_link() to modules, IOTW: make it non-static.
2015-05-23 19:04:41 +02:00
c66d213748
Module coders: HOOKTYPE_RAWPACKET_IN: third argument is now int * rather than int so you can change the length (and readbuf is of 8K size, so should be plenty). Requested by s0beit in #4250 .
2015-05-23 17:47:47 +02:00
c6fea92257
Port fix #4318 from 3.2.x:
...
For services who allow you to log in by account name but still allow you to
use a different nick: when you're logged in you are now considered
registered as far as channel mode +M (only registered users may speak and
+R (only registered users may join) are concerned. Same for user mode +R
(only allow private messages from registered users).
Tech: whenever services set SVID and it's not * and does not start with a
number, then we consider this user to be 'logged in'.
Whenever a user is set +r (s)he is also considered 'logged in'.
This way it's compatible with both older and new services and doesn't
introduce security issues with older services using servicetimestamp
for nick tracking or other means.
This issue was reported by ShawnSmith (#4318 ).
2015-05-23 17:06:44 +02:00
29f4d5d540
'./unreal mkpasswd' now has 3 possible syntaxes:
...
1) No arguments: UnrealIRCd will prompt you to enter a password and hash
it with the bcrypt algorithm. This is the recommended method.
2) One argument: It will hash the provided password with bcrypt
3) Two arguments: It will use the hashing algorithm of your choice (1st arg)
to hash the provided password (2nd arg)
We recommend to use syntax #1 as bcrypt is the best algorithm available and
by using the prompt the password won't end up in your bash history (or
whatever shell you use) and can't be snooped by other people with a shell
on the same machine (by looking at the process list)
2015-05-23 16:49:11 +02:00
d5caf06ec5
bcrypt password hashing is now implemented ( #4335 ). Not yet documented.
2015-05-23 16:38:48 +02:00
56911cad3c
Fix windows packager: removed an #endif and removed references to Changes
2015-05-23 16:18:11 +02:00
d8858458a4
fix win32 build now Changes is gone. Hmm. need to clean this up.
2015-05-23 16:16:32 +02:00
6e48ddf3f9
add autodetect for AUTHTYPE_SSL_CLIENTCERTFP
2015-05-23 15:19:44 +02:00
4a38d0c838
make auth-type optional for passwords in config ( #4334 ).
...
Now you can just add password "$ZaJw56to$uSEc[etc..]"; to your configuration file without needing an explicit { md5; }; or { sha1; };.
Naturally you can still specify an auth-type if you want to, and for types like 'sslclientcert' it's still required.
2015-05-23 15:07:37 +02:00
10af800c43
./createchangelog is no longer used
2015-05-23 14:20:58 +02:00
d12b6962a5
convert to more understandable code
2015-05-23 09:50:45 +02:00
6e886d8dac
whoops.. final cleanup. really.
2015-05-23 09:31:20 +02:00
af551ba491
more cleanups in src/auth.c, and don't require 'para' in Auth_Check() if we don't use it (eg: client certs)
2015-05-23 09:27:21 +02:00
8e43418775
get rid of win32-dependent code, not needed anymore as we have (Open)SSL on Windows as well
2015-05-23 09:17:21 +02:00
bd65916b5a
more cleanups for AUTHENABLE_*
2015-05-23 09:15:24 +02:00
5c0e2b59e1
cleanup part I: remove #ifdef's for AUTHENABLE_*, as all of them will be available now we require (Open)SSL
2015-05-23 09:11:28 +02:00
4ca497ffef
Merge pull request #26 from dboyz/auth-certfp
...
Do authentication using certfp obtained from moddata
2015-05-23 09:00:59 +02:00
fd4acdc832
Document MD server command (module data / meta data).
2015-05-21 19:37:23 +02:00
a8f2e08ef8
Initialize variable and some fixes (don't blindly copy paste)
2015-05-21 11:00:06 +08:00
0361248fc3
Provisional code to authenticate based on certfp based on moddata
2015-05-21 09:25:14 +08:00
2dc8cb9e84
Allow win32 SSL inconsistencies
...
Fix issue in previous commit
2015-05-20 02:57:14 -04:00
aea09603a4
Remove USE_SSL macro and associated code
...
We no longer support non-SSL builds, remove related code
2015-05-20 02:48:34 -04:00
229bcca996
Remove Custom MD5 Implementation
...
We no longer support builds without OpenSSL - consequently we have no reason to keep our custom MD5 implementation, and probably shouldn't keep it around
2015-05-20 02:33:48 -04:00
68b4f42a52
Merge pull request #24 from dboyz/auth_findtype-fix
...
Make auth_findtype case insensitive (#4343 )
2015-05-19 10:51:31 -07:00
6b7776cb1c
Fix core from parse_v4_netmask parsing invalid cidrs
2015-05-19 13:41:59 -04:00
bc02d95f33
Ignore svsnicks when the new nick is the same as the old one
2015-05-19 13:41:51 -04:00
09c71fc5f9
Make auth_findtype case insensitive
2015-05-20 00:42:32 +08:00
b17245d9a1
remove hate from Makefile
2015-05-19 17:41:51 +02:00
cafaebff3f
update release notes & delete Changes file
2015-05-19 17:41:23 +02:00
4b8d5ac3ba
Always build with OpenSSL. NON-SSL builds are no longer supported.
2015-05-19 17:32:37 +02:00
32aeb1fa6c
ModData: only broadcast changes if sync==1. Fix return value of moddata_client_set().
2015-05-19 12:00:12 +02:00
b7d11d3e0f
Get rid of implicit declarations due to missing header file(s), now including unrealircd.h instead.
2015-05-19 11:57:04 +02:00
0391987147
update release notes for alpha2
2015-05-19 11:51:03 +02:00
9da1988375
change version to 3.4-alpha2
2015-05-19 11:27:44 +02:00
5ff5e01aa2
Rename moddata_client_XXX_string to moddata_client_XXX
2015-05-19 11:22:11 +02:00
7ad4b6db67
Module coders: introduce moddata_client_set_string() and moddata_client_get_string(). Will document later in ModData wiki page (which does not exist yet).
2015-05-18 17:15:02 +02:00
222c780d64
broadcast cert fingerprint on connect
2015-05-18 17:01:04 +02:00
Bram Matthys