1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 20:33:12 +02:00

110 Commits

Author SHA1 Message Date
Bram Matthys 02c5c8567a Fix rare crash if deleting spamfilter by id that isn't a spamfilter. 2018-09-23 18:41:47 +02:00
Bram Matthys b4b6ebbca3 Similarly, use sptr/acptr to conform to current style. 2018-09-22 12:44:03 +02:00
Bram Matthys 75e2ed38e2 Some re-indenting / codestyle changes, nothing fancy, mostly whitespace
and brackets.
2018-09-22 12:42:14 +02:00
Bram Matthys 1feeb86cd3 Fix crash bug in m_whox. 2018-09-22 11:38:08 +02:00
Bram Matthys 24ea77f507 Update release notes
@skip-ci
2018-09-21 09:32:59 +02:00
Bram Matthys a7af69b887 Use same ciphersuite as decided earlier. 2018-09-21 09:11:09 +02:00
Bram Matthys d56eddd69a 'timedban' and 'nocodes' were (still) marked 3rd party, even though
they are official modules.
2018-09-21 08:58:44 +02:00
Bram Matthys 7d38909126 m_whox: fix -Wparentheses warning 2018-09-21 08:50:04 +02:00
Bram Matthys fb0148a44a New set::ssl::options::ciphersuites option for TLSv1.3.
Since OpenSSL decided not to use the regular ciphers but make this a
separate option, we now make this a separate option as well.
So there is ::ciphers for <=TLSv1.2 and ::ciphersuites for TLSv1.3
More documentation will follow.
Patch from 'i' in https://bugs.unrealircd.org/view.php?id=5149
2018-09-20 20:14:18 +02:00
Bram Matthys bd0821fc41 Add m_whox to Windows build makefile 2018-09-20 20:06:19 +02:00
Bram Matthys c4eac1df0e Add initial version of m_whox from 'i'. This is to get it tested
by the buildfarm / autotesters. More commits will follow.
2018-09-20 20:04:29 +02:00
Bram Matthys 30da2ae553 Module devs: Add priorities for command overrides.
Use: CmdoverrideAddEx(module, name, priority, function)
Suggested by Gottem in https://bugs.unrealircd.org/view.php?id=5143
..and needed by some upcoming stuff.
2018-09-20 20:01:39 +02:00
Bram Matthys 886b67ca8a Merge pull request #73 from digitalcircuit/fix-strip-monostrike-format
m_message: Also strip monospace/strikethrough
2018-09-16 08:12:26 +02:00
Shane Synan dba2081641 m_message: Also strip monospace/strikethrough
Add the ASCII character codes for strikethrough (0x1E, 30) and
monospace (0x11, 17) to the _StripControlCodes function.  This
addresses those formatting characters not being filtered when the
"nocodes" module is loaded.

See https://modern.ircdocs.horse/formatting.html#characters
2018-09-15 16:25:05 -05:00
Bram Matthys 3f7ec605dd The away-notify CAP did not send AWAY status upon join, which is required.
Reported by digitalcircuit in https://bugs.unrealircd.org/view.php?id=5144
2018-09-15 08:46:18 +02:00
Bram Matthys 57a008b808 UnrealIRCd 4.0.19-rc2 2018-09-14 09:51:25 +02:00
Bram Matthys cd2f77defd Update release notes
@skip-ci
2018-09-14 09:45:19 +02:00
Bram Matthys 402958a3c6 Allow slashes in vhost/chghost/sethost/.. (but not through DNS) 2018-09-11 20:25:32 +02:00
Bram Matthys 8738c42b82 Update release notes
@skip-ci
2018-09-10 18:47:01 +02:00
Bram Matthys 05745124f1 Fix tld::options::ssl not detecting remote SSL users.
Reported by HeXiLeD in https://bugs.unrealircd.org/view.php?id=4952
2018-09-10 18:33:40 +02:00
Bram Matthys a4e076c08c Allow ASCII 0xa0 in channels / Fix truncated channel name.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=4538
2018-09-10 08:38:41 +02:00
Bram Matthys d610dfbe9f Duplicate error messages when trying to set channel modes +O/+P.
Reported by FwdInTime in https://bugs.unrealircd.org/view.php?id=4840
2018-09-09 18:03:54 +02:00
Bram Matthys 5445a009a3 Fix bug preventing (insecure) IRCops from overriding +z.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=5134
2018-09-09 17:49:32 +02:00
Bram Matthys 5921924297 Update release notes 2018-09-09 17:27:25 +02:00
Bram Matthys f876983cb3 Fix bug where halfops don't see users JOIN if chmode +D is set.
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=5123
2018-09-09 17:15:49 +02:00
Bram Matthys 681640024a Fix permission issues with minimal IRCOps.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=5130
2018-09-09 17:01:35 +02:00
Bram Matthys 2935385bf2 allow::options::sasl has been removed. Use the new and more flexible
require sasl { } block instead.
2018-09-09 09:49:03 +02:00
Bram Matthys 3f0d349e2b Update releasenotes: shorten text about compatibility.
@skip-ci
2018-09-08 17:51:43 +02:00
Bram Matthys a66373f74e Add header to release notes 2018-09-08 17:21:37 +02:00
Bram Matthys 77000795c7 Make ./Config import settings from 4.0.18 2018-09-08 17:18:24 +02:00
Bram Matthys bc139098c9 UnrealIRCd 4.0.19-rc1
(The actual release will be ~24hrs from now)
2018-09-07 18:20:04 +02:00
Bram Matthys 73f69ccb11 Fix clang warning 2018-09-07 18:14:14 +02:00
Bram Matthys 2cbcc29a0d Update release notes a bit 2018-09-07 12:20:09 +02:00
Bram Matthys 9ed6a9ae79 Found some more for #3973 2018-09-07 12:07:09 +02:00
Bram Matthys ab321f632b For outgoing server connection attempts there was no message to ircops
nor to the log about connection or handshake timeouts. Now there is.
2018-09-07 11:59:52 +02:00
Bram Matthys bd19e9c87a Log linking attempts and errors. Also report them to IRCOps in an uniform way.
Reported by Mr_Smoke in https://bugs.unrealircd.org/view.php?id=3973
2018-09-07 11:59:12 +02:00
Bram Matthys 8d05951298 Silence a warning 2018-09-07 10:50:55 +02:00
Bram Matthys 858aaa774a 'SVSMODE Nick -t' does not remove vhost (while MODE 'MODE Nick -t' does)
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=5111
2018-09-07 10:50:00 +02:00
Bram Matthys aa3e66bb5b We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.

It's likely I made some mistakes somewhere => testing required!!
2018-09-05 16:24:08 +02:00
Bram Matthys 107d8ccf6a * A new require sasl { } block which allows you to force users on the
specified hostmask to use SASL. Any unauthenticated users matching
  the specified hostmask are are rejected.
  See https://www.unrealircd.org/docs/Require_sasl_block
Feature suggestion: https://bugs.unrealircd.org/view.php?id=5107
2018-09-05 11:34:48 +02:00
Bram Matthys ffcf85f409 Announce the soft bans in release notes. (Best to read that rather
than the million commits before it)
2018-09-05 10:03:42 +02:00
Bram Matthys c4760cc83c Add more soft actions. The full list is available on
https://www.unrealircd.org/docs/Actions
Also, some minor cleanups / simplifications.
2018-09-05 09:39:44 +02:00
Bram Matthys c8c0199095 Fix potential bug if there are both soft and hard tkl's matching the user.
Add soft-shun. Use IsLoggedIn() to detect logged in to services status
rather than repeating the more elaborate if ... isdigit...svid.. etc.. stuff.
2018-09-04 21:08:48 +02:00
Bram Matthys aa45ce11cc ..and the necessary stuff for softbans in the blacklist module. 2018-09-03 20:18:23 +02:00
Bram Matthys b2be1009a0 Second parameter to find_tkline_match() can now be used to skip
soft ban checking. Necessary for blacklist module.
2018-09-03 19:55:48 +02:00
Bram Matthys 1d42ccd973 DNSBL: Fix possible problem where multiple blacklists are not processed.
Also fix a memory leak triggered in some circumstances.
2018-09-03 19:31:27 +02:00
Bram Matthys 1eb09484f1 Add 'soft-kline' and 'soft-gline' to ban actions (more information soon)
If you don't know what ban actions are, they are listed here:
https://www.unrealircd.org/docs/Actions
2018-09-03 17:24:23 +02:00
Bram Matthys 5f116cc64e Part one of soft gline/kline (more information will follow) 2018-09-03 17:07:22 +02:00
Bram Matthys 2537fb5e1c extbans/textban was not working properly on words with dots
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=4909
2018-09-02 21:55:57 +02:00
Bram Matthys d3dba63f56 AntiRandom: The module will now (by default) exempt WEBIRC gateways
from antirandom checking because they frequently cause false positives.
This new behavior can be disabled via:
set { antirandom { except-webirc no; }; };
Suggested by The_Myth in https://bugs.unrealircd.org/view.php?id=5007
2018-09-02 12:34:03 +02:00
Bram Matthys 5f597c0b08 Sync 'webirc' status of a client with the rest of the network (via ModData).
Also necessary for upcoming commit..
2018-09-02 12:16:45 +02:00
Bram Matthys cab8ea7066 * Potential crash issue when concurrently checking DNSBL for the WEBIRC
gateway and the spoofed host.
2018-09-02 12:16:15 +02:00
Bram Matthys 883a5fe413 * The except throttle { } block now also overrides any limitations from
set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
Reported by KnuX https://bugs.unrealircd.org/view.php?id=5088
2018-09-02 11:40:15 +02:00
Bram Matthys b1b73e0e56 * Localhost connections are considered secure, so these can be used even
if you have a plaintext-policy of 'deny' or 'warn'. (This was already
  the case for servers, but now also for users and opers)
https://bugs.unrealircd.org/view.php?id=5108
2018-09-02 11:24:19 +02:00
Bram Matthys 3c801ced2e Load by default: extbans/textban, extbans/timedban, extbans/msgbypass.
https://bugs.unrealircd.org/view.php?id=5117
2018-09-02 11:17:14 +02:00
Bram Matthys bf08c5d121 Update instructions on customizing modules.default.conf now that
we have blacklist-module.
2018-09-01 21:08:58 +02:00
Bram Matthys 477694bd11 Update release notes: Add info on 'blacklist-module'. 2018-09-01 21:02:24 +02:00
Bram Matthys d86d4c7c71 Add new option: blacklist-module "<modulename>";
This is meant to blacklist modules that are in modules.default.conf (or
elsewhere). The 'loadmodule' line for any such module is effective ignored.
https://bugs.unrealircd.org/view.php?id=5118
Note: I had to move the loadmodule code. Previously this was done as each
config file (include) was loaded into memory. Now it is done after *ALL*
config files have been read into memory. This shouldn't matter for module
devs, though..
2018-09-01 20:31:14 +02:00
Bram Matthys cf97de890a These should be marked extern. 2018-09-01 19:37:25 +02:00
Bram Matthys c2f9df9e48 Update release notes (no we're not anywhere near a release at this point) 2018-07-15 18:30:52 +02:00
Bram Matthys 26c194d8db Update paths. Again.
Slashes in my editor are special so a replace with \u becomes..
ah well.. long story.
2018-07-15 18:19:11 +02:00
Bram Matthys 4900fb01df Remove Visual Studio 2012 leftovers.
[skip ci]
2018-07-15 18:11:49 +02:00
Bram Matthys 54a6e2f61f Update build command for vs2017 with new deps 2018-07-15 18:11:00 +02:00
Bram Matthys 8fc4f68bcc Make AppVeyor only build VS2017 version (and update library deps) 2018-07-15 17:58:07 +02:00
Bram Matthys 8150c6c237 Change default library paths for Visual Studio 2017 lib build.
Will upload the dependencies in a couple of minutes to:
https://www.unrealircd.org/docs/Windows_external_libraries_for_UnrealIRCd
2018-07-15 17:47:37 +02:00
Bram Matthys 1f4fcb9407 Set version to 4.0.19-dev 2018-07-15 17:40:18 +02:00
Bram Matthys 3bd83829e3 Work towards moving to Visual Studio 2017.
Compiling already works (this is already tested by AppVeyor for quite a
while), but the installer in git required VS 2015. The actual releases
up to now required VS 2012.
To be more precise, either VS 2015 Redist or VS 2017 Redist is enough,
the x86 version that is, as they are binary compatible and both provide
"version 14". So if one of those is installed, the installer just runs.
If neither of these is installed we tell the user to install the VS 2017
Redist package, not mentioning 2015 as it would only cause confusion.
2018-07-15 14:49:24 +02:00
Bram Matthys f3b9753460 Fix compile problem with clang if -Werror is active.
(introduced by previous commit, 98709beee2)
2018-07-08 14:52:43 +02:00
Bram Matthys 98709beee2 ./configure: -Wno-format-truncation 2018-07-08 13:35:53 +02:00
Bram Matthys bc8ac7c7f6 ./Config: For remote includes, suggest /usr when /usr/bin/curl-config
is found. This fixes an issue on Ubuntu 18 where the library is
stored in /usr/include/x86_64-linux-gnu and ./Config doesn't detect
it and thus reverts to using local-curl.
2018-07-08 13:31:23 +02:00
Bram Matthys 25f08d50ac UnrealIRCd 4.0.18 2018-06-23 16:06:12 +02:00
Bram Matthys c4d132c8f9 No longer permit 'require-sasl' or 'require-ssl', as introduced in rcX,
as it would be confusing with the current functionality.
Use 'sasl' or 'ssl' instead. See bug #5107.
2018-06-23 08:16:04 +02:00
Bram Matthys 05dcf18ea6 When importing ./Config settings from a previous UnrealIRCd, with
curl enabled but without system curl, the build could fail with
an libCURL configure error. This is is because it imported the
CURLDIR but it referred to an old UnrealIRCd directory.
Reported by The_Myth (#5106)
2018-06-23 08:13:02 +02:00
Bram Matthys f9f03190f8 ** 4.0.18-rc2 ** 2018-06-16 18:22:31 +02:00
Bram Matthys 14eda9638d curl-ca-bundle.crt: update to latest mozilla (Wed Mar 7 04:12:06 2018 GMT)
[skip ci]
2018-06-16 18:14:06 +02:00
Bram Matthys 0961b95ba9 Move setting of curves (duh) 2018-06-16 17:58:15 +02:00
Bram Matthys 52afbeee50 Travis-CI: cipherscan: it helps if you scan on the right port.. 2018-06-16 09:19:03 +02:00
Bram Matthys da98080860 Travis-CI: add cipherscan test
TODO: fail if certain criterea are not met
2018-06-16 08:40:39 +02:00
Bram Matthys 49bfb1e782 Fix ECDHE not working on 4.0.18-rc1 with older OpenSSL versions.
For example Ubuntu 16.04 LTS with OpenSSL 1.0.2g.
Especially in strict config it would error 'No shared ciphers'.
Had to do with #if(def) ordering. SSL_CTX_set_ecdh_auto() is
still required in 1.0.x even if SSL_CTX_set1_curves_list() is
used. Understandable.
2018-06-16 08:21:13 +02:00
Bram Matthys 18b793db9a UnrealIRCd 4.0.18-rc1 2018-06-11 10:46:44 +02:00
Bram Matthys a236eb0fc1 Update release notes
[skip ci]
2018-06-11 10:17:41 +02:00
Bram Matthys 3aec69192b Build with -Werror except on macOS 2018-06-11 10:11:16 +02:00
Bram Matthys 5461d24124 Update openssl test to 1.1.1-pre7.
[skip ci]
2018-06-11 09:57:49 +02:00
Bram Matthys 93957fc7ee blacklist module: also check the ip of WEBIRC users.
Suggested by jesopo (#0005098).
2018-06-11 08:53:34 +02:00
Bram Matthys cd6d7a2bb7 Add allow::options::sasl (or require-sasl) to require SASL authentication
as suggested in https://bugs.unrealircd.org/view.php?id=5098
The allow block documentation has been updated, including an example at
the end of the page - https://www.unrealircd.org/docs/Allow_block
2018-06-11 08:22:29 +02:00
Bram Matthys 46a60ec795 Fix OOB read (1 byte to the left) 2018-06-11 08:05:14 +02:00
Bram Matthys ad63a499e1 Remove invalid globally declared variables (should be externs). 2018-06-11 08:04:37 +02:00
Bram Matthys 8b988622cd Fix memory leak in channel mode +f 2018-06-11 08:04:10 +02:00
Bram Matthys e456f621ef Fix OOB read in extended bans handling.
(Bug caused by commit dd6f67a266)
2018-06-11 08:02:35 +02:00
Bram Matthys 21af7689c0 Fix memory leak in dead socket handling. 2018-06-11 08:02:07 +02:00
Bram Matthys af46d569f6 Updated Turkish translations from Serkan Sepetçi. 2018-06-09 15:08:00 +02:00
Bram Matthys aebf9691bd Convert example.tr.conf to UTF8 2018-06-09 15:07:03 +02:00
Bram Matthys 362033b73f Drop -xxxbits suffix in on-connect message (and elsewhere).
Change from this TLSv1.2 and TLSv1.3 message:
*** You are connected with TLSv1.2-ECDHE-RSA-AES256-GCM-SHA384-256bits
*** You are connected with TLSv1.3-TLS_AES_256_GCM_SHA384-256bits
To this:
*** You are connected with TLSv1.2-ECDHE-RSA-AES256-GCM-SHA384
*** You are connected with TLSv1.3-TLS_AES_256_GCM_SHA384
Since: 1) those bits are redundant (AES 256 is already mentioned),
and 2) Bits are also not an universal method to measure strength across
algorithms (think: elliptic curve).
2018-06-04 19:45:40 +02:00
Bram Matthys 686fc1b03d Convert /HELPOP translations to UTF-8. 2018-05-25 12:49:01 +02:00
Bram Matthys 8a73b96aee Revert 39e2d88f6c 2018-05-18 18:57:43 +02:00
Bram Matthys 2be4668d9b Travis-CI: 'apt-get update' is required 2018-05-18 18:56:24 +02:00
Bram Matthys 39e2d88f6c Fix Travis-CI 2018-05-18 18:52:40 +02:00
Bram Matthys b597999a34 Update release notes 2018-05-09 22:44:04 +02:00
Bram Matthys 5e8334a9be Use "macOS" in README rather than OS X.
[ci skip]
2018-05-02 19:53:09 +02:00
Bram Matthys 8ac5a49d9d Travis-CI: Swap gcc and clang in initial build matrix, simplifying
things for MacOS and making the LibreSSL/OpenSSL builds use clang.
2018-05-02 19:23:39 +02:00
Bram Matthys 85cfe2a779 Fix travis-ci 2018-05-02 19:19:08 +02:00
Bram Matthys d9c30aaeb8 Further reduce build matrix, since gcc links to clang on OS X anyway 2018-05-02 19:15:11 +02:00
Bram Matthys 53f7ee81b1 Attempt to reduce build matrix 2018-05-02 19:10:14 +02:00
Bram Matthys 717be3afcb Older OpenSSL versions (1.0.2) need an explicit -fPIC... wow. 2018-05-02 16:49:41 +02:00
Bram Matthys 201159c630 I forgot.. openssl is special :D 2018-05-02 16:12:10 +02:00
Bram Matthys cb4be97bdf Add various libressl & openssl versions to build tests. 2018-05-02 15:55:04 +02:00
Bram Matthys 3b0cb5c2a9 .. 2018-05-02 15:37:08 +02:00
Bram Matthys 53c1ea6226 Add libressl-27 to build test matrix. 2018-05-02 15:30:43 +02:00
Bram Matthys 923619ba30 Merge branch 'unreal40' of github.com:unrealircd/unrealircd into unreal40 2018-05-01 15:23:26 +02:00
Bram Matthys 8efcd684d3 Fix /SPAMFILTER add having the regex syntax check backwards.
(Not too surprising when add is 0 and delete is 1)
Not fatal, as error was still handled & send, but it went to
all opers instead of just the one person adding it..
2018-05-01 15:22:39 +02:00
74 changed files with 5276 additions and 3832 deletions
+1 -1
View File
@@ -7,7 +7,7 @@
\___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_|
Configuration Program
for UnrealIRCd 4.0.18-devel
for UnrealIRCd 4.0.19-rc2
This program will help you to compile your IRC server, and ask you
questions regarding the compile-time settings of it during the process.
+17 -2
View File
@@ -1,13 +1,28 @@
language: c
os:
- linux
- osx
compiler:
- gcc
- clang
- gcc
script: extras/build-tests/nix/build $BUILDCONFIG
env:
- BUILDCONFIG=""
- BUILDCONFIG="system-cares"
- BUILDCONFIG="system-cares system-curl"
- BUILDCONFIG="local-curl"
matrix:
include:
- os: osx
env: BUILDCONFIG=""
- os: osx
env: BUILDCONFIG="system-cares"
- os: osx
env: BUILDCONFIG="system-cares system-curl"
- os: osx
env: BUILDCONFIG="local-curl"
- env: BUILDCONFIG="libressl-25"
- env: BUILDCONFIG="libressl-26"
- env: BUILDCONFIG="libressl-27"
- env: BUILDCONFIG="openssl-102"
- env: BUILDCONFIG="openssl-110"
- env: BUILDCONFIG="openssl-111"
+14 -2
View File
@@ -452,7 +452,7 @@ echo ""
if [ -z "$NOCACHE" ] ; then
# This needs to be updated each release so auto-upgrading works for settings, modules, etc!!:
UNREALRELEASES="unrealircd-4.0.17 unrealircd-4.0.17-rc1 unrealircd-4.0.16.1 unrealircd-4.0.16 unrealircd-4.0.15 unrealircd-4.0.14 unrealircd-4.0.14-rc1 unrealircd-4.0.13 unrealircd-4.0.13-rc1 unrealircd-4.0.12.1 unrealircd-4.0.12 unrealircd-4.0.11 unrealircd-4.0.10 unrealircd-4.0.9 unrealircd-4.0.8.4 unrealircd-4.0.8.3 unrealircd-4.0.8.2 unrealircd-4.0.8.1"
UNREALRELEASES="unrealircd-4.0.19-rc1 unrealircd-4.0.18 unrealircd-4.0.18-rc2 unrealircd-4.0.18-rc1 unrealircd-4.0.17 unrealircd-4.0.17-rc1 unrealircd-4.0.16.1 unrealircd-4.0.16 unrealircd-4.0.15 unrealircd-4.0.14 unrealircd-4.0.14-rc1 unrealircd-4.0.13 unrealircd-4.0.13-rc1 unrealircd-4.0.12.1 unrealircd-4.0.12 unrealircd-4.0.11 unrealircd-4.0.10 unrealircd-4.0.9 unrealircd-4.0.8.4 unrealircd-4.0.8.3 unrealircd-4.0.8.2 unrealircd-4.0.8.1"
if [ -f "config.settings" ]; then
. ./config.settings
else
@@ -500,6 +500,15 @@ if [ -z "$NOCACHE" ] ; then
done
fi
fi
# If we just imported settings and the curl dir is set to
# something like /home/xxx/unrealircd-4.x.y/extras/curl/
# (what we call 'local-curl') then remove this setting as
# it would refer to the old UnrealIRCd installation.
if [ ! -z "$IMPORTEDSETTINGS" ]; then
if echo "$CURLDIR"|grep -qi unrealircd; then
CURLDIR=""
fi
fi
fi
TEST="$BASEPATH"
@@ -625,7 +634,6 @@ if [ "$REMOTEINC" = "1" ] ; then
CURLDIR=""
fi
INSTALLCURL="0"
SUGGESTCURLDIR=""
@@ -635,6 +643,10 @@ if [ "$REMOTEINC" = "1" ] ; then
if [ -d "/usr/include/curl" ]; then
SUGGESTCURLDIR="/usr"
fi
# This one also works for /usr/include/x86_64-linux-gnu and friends:
if [ -f "/usr/bin/curl-config" ]; then
SUGGESTCURLDIR="/usr"
fi
GOTASYNC=0
if [ "x$SUGGESTCURLDIR" != "x" ]; then
+2 -2
View File
@@ -21,7 +21,7 @@ Simply download the UnrealIRCd Windows version from www.unrealircd.org
Alternatively you can compile UnrealIRCd for Windows yourself. However this is not straightforward and thus not recommended.
#### *BSD/Linux/OS X
#### *BSD/Linux/macOS
First you must compile the IRCd:
* Run `./Config`
@@ -39,7 +39,7 @@ Then open it in an editor and carefully modify it using the documentation and FA
### Step 3: Booting
#### Linux/*BSD/OS X
#### Linux/*BSD/macOS
Run `./unrealircd start` in the directory where you installed UnrealIRCd.
#### Windows
-3
View File
@@ -1,9 +1,6 @@
version: 4.0.x-devbuild-{build}
environment:
matrix:
- APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015"
TARGET: "Visual Studio 2012"
SHORTNAME: "vs2012"
- APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017"
TARGET: "Visual Studio 2017"
SHORTNAME: "vs2017"
Vendored
+58 -12
View File
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for unrealircd 4.0.18-devel.
# Generated by GNU Autoconf 2.69 for unrealircd 4.0.19-rc2.
#
# Report bugs to <http://bugs.unrealircd.org/>.
#
@@ -580,8 +580,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unrealircd'
PACKAGE_TARNAME='unrealircd'
PACKAGE_VERSION='4.0.18-devel'
PACKAGE_STRING='unrealircd 4.0.18-devel'
PACKAGE_VERSION='4.0.19-rc2'
PACKAGE_STRING='unrealircd 4.0.19-rc2'
PACKAGE_BUGREPORT='http://bugs.unrealircd.org/'
PACKAGE_URL='http://unrealircd.org/'
@@ -708,6 +708,7 @@ infodir
docdir
oldincludedir
includedir
runstatedir
localstatedir
sharedstatedir
sysconfdir
@@ -818,6 +819,7 @@ datadir='${datarootdir}'
sysconfdir='${prefix}/etc'
sharedstatedir='${prefix}/com'
localstatedir='${prefix}/var'
runstatedir='${localstatedir}/run'
includedir='${prefix}/include'
oldincludedir='/usr/include'
docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
@@ -1070,6 +1072,15 @@ do
| -silent | --silent | --silen | --sile | --sil)
silent=yes ;;
-runstatedir | --runstatedir | --runstatedi | --runstated \
| --runstate | --runstat | --runsta | --runst | --runs \
| --run | --ru | --r)
ac_prev=runstatedir ;;
-runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \
| --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \
| --run=* | --ru=* | --r=*)
runstatedir=$ac_optarg ;;
-sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
ac_prev=sbindir ;;
-sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
@@ -1207,7 +1218,7 @@ fi
for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \
datadir sysconfdir sharedstatedir localstatedir includedir \
oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
libdir localedir mandir
libdir localedir mandir runstatedir
do
eval ac_val=\$$ac_var
# Remove trailing slashes.
@@ -1320,7 +1331,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures unrealircd 4.0.18-devel to adapt to many kinds of systems.
\`configure' configures unrealircd 4.0.19-rc2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1360,6 +1371,7 @@ Fine tuning of the installation directories:
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
@@ -1385,7 +1397,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of unrealircd 4.0.18-devel:";;
short | recursive ) echo "Configuration of unrealircd 4.0.19-rc2:";;
esac
cat <<\_ACEOF
@@ -1539,7 +1551,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
unrealircd configure 4.0.18-devel
unrealircd configure 4.0.19-rc2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2145,7 +2157,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by unrealircd $as_me 4.0.18-devel, which was
It was created by unrealircd $as_me 4.0.19-rc2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2554,7 +2566,7 @@ _ACEOF
# Minor version number (e.g.: Z in X.Y.Z)
UNREAL_VERSION_MINOR="18"
UNREAL_VERSION_MINOR="19"
cat >>confdefs.h <<_ACEOF
#define UNREAL_VERSION_MINOR $UNREAL_VERSION_MINOR
@@ -2564,7 +2576,7 @@ _ACEOF
# The version suffix such as a beta marker or release candidate
# marker. (e.g.: -rcX for unrealircd-3.2.9-rcX). This macro is a
# string instead of an integer because it contains arbitrary data.
UNREAL_VERSION_SUFFIX="-devel"
UNREAL_VERSION_SUFFIX="-rc2"
cat >>confdefs.h <<_ACEOF
#define UNREAL_VERSION_SUFFIX "$UNREAL_VERSION_SUFFIX"
@@ -3534,6 +3546,40 @@ if test "$ac_cv_nfzl" = "yes"; then
CFLAGS="$CFLAGS -Wno-format-zero-length"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the compiler has a working -Wno-format-truncation" >&5
$as_echo_n "checking if the compiler has a working -Wno-format-truncation... " >&6; }
if ${ac_cv_nft+:} false; then :
$as_echo_n "(cached) " >&6
else
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -Wno-format-truncation -Werror"
cat confdefs.h - <<_ACEOF >conftest.$ac_ext
/* end confdefs.h. */
int
main ()
{
;
return 0;
}
_ACEOF
if ac_fn_c_try_compile "$LINENO"; then :
ac_cv_nft="yes"
else
ac_cv_nft="no"
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
CFLAGS="$save_cflags"
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_nft" >&5
$as_echo "$ac_cv_nft" >&6; }
if test "$ac_cv_nft" = "yes"; then
CFLAGS="$CFLAGS -Wno-format-truncation"
fi
# Extract the first word of "rm", so it can be a program name with args.
set dummy rm; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
@@ -9279,7 +9325,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by unrealircd $as_me 4.0.18-devel, which was
This file was extended by unrealircd $as_me 4.0.19-rc2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -9342,7 +9388,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
unrealircd config.status 4.0.18-devel
unrealircd config.status 4.0.19-rc2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
+14 -3
View File
@@ -8,7 +8,7 @@ dnl src/win32/unrealinst.iss
dnl .CHANGES.NEW
dnl src/version.c.SH
AC_INIT([unrealircd], [4.0.18-devel], [http://bugs.unrealircd.org/], [], [http://unrealircd.org/])
AC_INIT([unrealircd], [4.0.19-rc2], [http://bugs.unrealircd.org/], [], [http://unrealircd.org/])
AC_CONFIG_SRCDIR([src/ircd.c])
AC_CONFIG_HEADER([include/setup.h])
AC_CONFIG_AUX_DIR([autoconf])
@@ -36,13 +36,13 @@ UNREAL_VERSION_MAJOR=["0"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_MAJOR], [$UNREAL_VERSION_MAJOR], [Major version number (e.g.: Y for X.Y.Z)])
# Minor version number (e.g.: Z in X.Y.Z)
UNREAL_VERSION_MINOR=["18"]
UNREAL_VERSION_MINOR=["19"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_MINOR], [$UNREAL_VERSION_MINOR], [Minor version number (e.g.: Z for X.Y.Z)])
# The version suffix such as a beta marker or release candidate
# marker. (e.g.: -rcX for unrealircd-3.2.9-rcX). This macro is a
# string instead of an integer because it contains arbitrary data.
UNREAL_VERSION_SUFFIX=["-devel"]
UNREAL_VERSION_SUFFIX=["-rc2"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_SUFFIX], ["$UNREAL_VERSION_SUFFIX"], [Version suffix such as a beta marker or release candidate marker. (e.g.: -rcX for unrealircd-3.2.9-rcX)])
AC_PROG_CC
@@ -107,6 +107,17 @@ if test "$ac_cv_nfzl" = "yes"; then
CFLAGS="$CFLAGS -Wno-format-zero-length"
fi
dnl More and more and more....
AC_CACHE_CHECK(if the compiler has a working -Wno-format-truncation, ac_cv_nft, [
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -Wno-format-truncation -Werror"
AC_TRY_COMPILE(,, ac_cv_nft="yes", ac_cv_nft="no")
CFLAGS="$save_cflags"
])
if test "$ac_cv_nft" = "yes"; then
CFLAGS="$CFLAGS -Wno-format-truncation"
fi
AC_PATH_PROG(RM,rm)
AC_PATH_PROG(CP,cp)
AC_PATH_PROG(TOUCH,touch)
+107 -35
View File
@@ -1,48 +1,120 @@
UnrealIRCd 4.0.18-devel Release Notes
======================================
UnrealIRCd 4.0.19-rc2 Release Notes
====================================
UnrealIRCd 4.0.18-devel is work in progress.
==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]==
This is the second release candidate for UnrealIRCd 4.0.19. Please help
test this release and report all bugs to https://bugs.unrealircd.org/
Enhancements:
* None
* New option to disable a module: blacklist-module "modulename";
This will cause any 'loadmodule' lines for that module to be ignored.
This is especially useful if you only want to disable a few modules
that are (normally) automatically loaded by conf/modules.default.conf.
https://www.unrealircd.org/docs/Blacklist-module_directive
* Next three new features have to do with SASL. More information on SASL
in general can be found at https://www.unrealircd.org/docs/SASL
* A new require sasl { } block which allows you to force users on the
specified hostmask to use SASL. Any unauthenticated users matching
the specified hostmask are are rejected.
See https://www.unrealircd.org/docs/Require_sasl_block
* New "soft kline" and "soft gline". These will not be applied to users
that are authenticated to services using SASL.
These are just GLINE/KLINE's but prefixed with a percent sign:
Example: /GLINE %*@10.* 0 Only SASL allowed from here
* New "soft" ban actions for spamfilter, blacklist, antirandom, etc.
Actions such as "soft-kline" and "soft-kill" will only be applied to
unauthenticated users. Users who are authenticated to services (SASL)
are exempt from the corresponding spamfilter/blacklist/antirandom/..
See https://www.unrealircd.org/docs/Actions for the full action list.
* WARNING: If your network also contains UnrealIRCd servers below v4.0.19
then it is not recommended to use global soft bans (such as soft gline
or any spamfilter with soft-xx actions). There won't be havoc, but the
bans won't be effective on parts of the network.
* The following extban modules are not new but are now enabled by default:
extbans/textban, extbans/timedban and extbans/msgbypass.
In case you don't like them, use blacklist-module as mentioned earlier.
Just as a reminder, they provide the following functionality:
* TextBan: +b ~T:block:*badword* to block sentences with 'badword'
* Timed bans: ~t:duration:mask
These are bans that are automatically removed by the server.
The duration is in minutes and the mask can be any ban mask.
Some examples:
* A 5 minute ban on a host:
+b ~t:5:*!*@host
* A 5 minute quiet ban on a host (unable to speak):
+b ~t:5:~q:*!*@host
* An invite exception for 24 hours (1440 minutes):
+I ~t:1440:*!*@host
* A temporary exempt ban for a services account:
+e ~t:1440:~a:Account
* Allows someone to speak through +m for the next 24hrs:
+e ~t:1440:~m:moderated:*!*@host
* And any other crazy ideas you can come up with...
* Ban exception ~m:type:mask to allow bypassing of message restrictions.
Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
Some examples:
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
* Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
* Allow a services account to use color: +e ~m:color:~a:ColorBot
* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
* AntiRandom: The module will now (by default) exempt WEBIRC gateways
from antirandom checking because they frequently cause false positives.
This new behavior can be disabled via:
set { antirandom { except-webirc no; }; };
* Server linking attempts and errors are now also put in the log file.
* A new module that provides WHOX support, an enhanced and more standard
version of WHO (NOTE: the command is still "WHO").
This allows, among other things, the client to request additional
information, such as which services account each channel member is using.
The module is currently experimental. To use it, add this to your conf:
loadmodule "m_whox";
Major issues fixed:
* The new optional feature 'set::cloak-method ip' caused identical cloaks
* Blacklist: Potential crash issue when concurrently checking DNSBL
for the WEBIRC gateway and the spoofed host.
* Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists
were not always checked properly.
Minor issues fixed:
* When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload
the SSL certificate/key if you were using ssl-options in listen, sni or
link blocks. In short: it only reloaded the ones from set::ssl until now.
* Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18
(and possibly other Linux distributions as well)
* Timeouts during server linking attempts were not displayed.
* Delayjoin: Halfops did not see JOIN's when channel mode +D was set.
* IRCOps with minimal privileges lost their user modes on MODE change.
* IRCOps could not override channel mode +z (when not using SSL/TLS)
* Channel names sometimes truncated if using accents or special chars.
* TLSv1.3 ciphersuite setting was changed to reflect OpenSSL's behavior.
There is now set::ssl::ciphersuites, specifically for TLSv1.3.
Note that the default is perfectly fine so at this point in time it
shouldn't need any adjustment (but the option is there...).
Other:
* The built-in time synchronization feature is now disabled by default.
TimeSynch was added back in 2006 when lot's of operating systems did not
ship with time synchronization turned on by default. Since incorrect time
severely breaks IRC networks this was a major problem. Nowadays this is
completely different with most Linux distro's, OS X, Windows, etc. doing
time synchronization out of the box. Since UnrealIRCd's implementation is
less precise and lacks authentication it's best left over to the system.
You can still re-enable timesynch via:
set { timesynch { enabled yes; }; };
.. but you should really use NTP or similar for system-wide time
synchronization instead.
* Just as a reminder (this change was already in version 4.0.17):
UnrealIRCd will no longer give user mode +z to users on WEBIRC
gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
some assurance that the client<->webirc gateway connection is
also secure (eg: https).
This is the regular WEBIRC format:
WEBIRC password gateway hostname ip
This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure
Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.
Removed:
* allow::options::sasl has been removed. Use the new and more flexible
require sasl { } block instead.
Other changes:
* Windows users may be prompted to install the Visual C++ redistributable
package for Visual Studio 2017. This is because we now build on VS 2017
instead of VS 2012.
* We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.
* The except throttle { } block now also overrides any limitations from
set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
* Localhost connections are considered secure, so these can be used even
if you have a plaintext-policy of 'deny' or 'warn'. (This was already
the case for servers, but now also for users and opers)
* Allow slashes in vhost/chghost/sethost/.. (but not through DNS)
Module coders:
* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
* Windows: Be aware that we now build with Visual Studio 2017. This means
3rd party modules should be compiled with VS 2017 (or VS 2015) as well.
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
later this year. This will deny /OPER when used from a non-SSL connection.
For security, IRC Operators should really use SSL/TLS!
==[ CHANGES IN OLDER RELEASES ]==
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
+81
View File
@@ -3,6 +3,87 @@ See doc/RELEASE-NOTES for the latest release notes.
This file (doc/RELEASE-NOTES.old) contains the release notes
of OLDER releases for historical purposes.
==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]==
Enhancements:
* Support for checking IPv6 addresses in DNS blacklists
* For SSL/TLS we now set the default ECDH(E) curves to be
X25519:secp521r1:secp384r1:prime256v1 if using a recent version of
OpenSSL/LibreSSL. This can be overridden via set::ssl::ecdh-curve.
* The blacklist module now checks WEBIRC users as well.
* You can now require SASL for all clients via the allow block via:
allow { ip *; class clients; maxperip 2; options { sasl; }; };
This can be useful for a special sasl-only server which, for example,
only permits proxies and tor clients. In a future release the feature
will be made more flexible so it can be used for other purposes
as well.
Major issues fixed:
* A number of (potential) security issues were fixed:
* Memory leaks: this could allow an attacker to slowly consume all
available memory and ultimately cause UnrealIRCd to crash.
* Out of bounds read: in practice this does not seem to be
exploitable due to the many restrictions that are imposed.
* Compile issues on macOS
* Bug in blacklist module which could have caused false negatives,
allowing bad guys in which should have been denied.
* The new optional feature 'set::cloak-method ip' caused identical cloaks
Minor issues fixed:
* When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload
the SSL certificate/key if you were using ssl-options in listen, sni or
link blocks. In short: it only reloaded the ones from set::ssl until now.
* m_ircops sent a conflicting numeric, confusing some clients.
* Starting UnrealIRCd through a non-interactive(!) ssh session could cause
the ssh session to hang.
* An upgrade issue with non-system cURL causing compile problems.
Other changes:
* The built-in time synchronization feature is now disabled by default.
TimeSynch was added back in 2006 when lots of operating systems did not
ship with time synchronization turned on by default. Since incorrect time
severely breaks IRC networks this was a major problem. Nowadays this is
completely different with most Linux distro's, OS X, Windows, etc. doing
time synchronization out of the box. Since UnrealIRCd's implementation is
less precise and lacks authentication it's best left over to the system.
You can still re-enable timesynch via:
set { timesynch { enabled yes; }; };
.. but you should really use NTP or similar for system-wide time
synchronization instead.
* For developers there's now the --with-werror compile option which will
add -Werror.
* Added a lot more Travis-CI tests: various LibreSSL/OpenSSL versions
and also test macOS. This to prevent us from releasing broken stuff.
* Various code cleanups to get rid of lots of needless casts and to
eliminate compiler warnings.
* Just as a reminder (this change was already in version 4.0.17):
UnrealIRCd will no longer give user mode +z to users on WEBIRC
gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
some assurance that the client<->webirc gateway connection is
also secure (eg: https).
This is the regular WEBIRC format:
WEBIRC password gateway hostname ip
This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure
Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.
Module coders:
* HOOKTYPE_CHANNEL_SYNCED prototype changed, the 'merge' and 'removetheirs'
is now no longer an 'unsigned short' but an 'int' instead.
* HOOKTYPE_MODE_DEOP prototype changed, the 'modechar' is now no longer
a 'char' but an 'int' instead.
* In addition to safestrdup() there's now also safestrldup() which allows
you to specify a maximum allocated length (so including the nul byte).
This is used in m_pass.c and m_topic.c.
* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
later this year. This will deny /OPER when used from a non-SSL connection.
For security, IRC Operators should really use SSL/TLS!
==[ CHANGES BETWEEN 4.0.16.1 AND 4.0.17 ]==
Enhancements:
+189 -155
View File
@@ -1,57 +1,62 @@
/* UnrealIRCd 4.0 Yapılandırma Dosyası
/* UnrealIRCd 4.0 için yapılandırma dosyası
* Türkçe Çeviri: Diablo - (Serkan Sepetçi)
* İletişim: irc.trirc.com:6667 - diablo@unrealircd.org
*
* Biz buna basit bir 'unrealircd.conf' dosyası diyoruz.
* Bu dosyası satır satır editleyip conf/ dizinine kopyalayınız. (düzenleyin!)
* Biz buna basit bir 'unrealircd.conf' dosyası diyoruz.
* Bu dosyası satır satır editleyip conf/ dizinine kopyalayınız. (düzenleyin!)
*
* Önemli: Satırların hepsi, açılış başına { satır sonuna ;
* }; dahil edin. Bu çok önemli, eğer siz ayrıştırıcıyı ;
* eksik koyarsanız yapılandırma dosyası hata verecek
* ve dosya doğru işlemde olmayacaktır!
* Bu sizin UnrealIRCd yapılandırması ile ilk deneyiminiz ise
* dosyayı okumanız için birkaç dakika ayırmanızı öneniriz,
* bu size bilgi edinmeniz açısından yardımcı olacaktır:
* Önemli: Satırların hepsi, açılış başına { satır sonuna ;
* }; dahil edin. Bu çok önemli, eğer siz ayrıştırıcıyı ;
* eksik koyarsanız yapılandırma dosyası hata verecek
* ve dosya doğru işlemde olmayacaktır!
* Bu sizin UnrealIRCd yapılandırması ile ilk deneyiminiz ise
* dosyayı okumanız için birkaç dakika ayırmanızı öneniriz,
* bu size bilgi edinmeniz açısından yardımcı olacaktır:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* UnrealIRCd 4.0 belgeleme (çok geniş!):
* UnrealIRCd 4 belgeleme (çok geniş!):
* https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
*
* Sıkça Sorulan Sorular:
* Sıkça Sorulan Sorular:
* https://www.unrealircd.org/docs/FAQ
*
*/
/* Bu bir açıklamadır, burada tüm metin göz ardı edilir (açıklama tipi #1) */
// Bu da bir açıklamadır, bu satır göz ardı edilir (açıklama tipi #2)
# Bu da bir açıklamadır, bu satır yine göz ardı edilir (açıklama tipi #3)
/* Bu bir açıklamadır, burada tüm metin göz ardı edilir (açıklama tipi #1) */
// Bu da bir açıklamadır, bu satır göz ardı edilir (açıklama tipi #2)
# Bu da bir açıklamadır, bu satır yine göz ardı edilir (açıklama tipi #3)
/* UnrealIRCd yoğun modul kullanımını kolaylaştırır. UnrealIRCd'de
* etkinleştirmek istediğiniz özellikleri tamamen moduller ile aktif edebilirsiniz.
* Görmek için; https://www.unrealircd.org/docs/Modules
/* UnrealIRCd yoğun modul kullanımını kolaylaştırır. UnrealIRCd'de
* etkinleştirmek istediğiniz özellikleri tamamen moduller ile aktif edebilirsiniz.
* Görmek için; https://www.unrealircd.org/docs/Modules
*
* Biz 'modules.default.conf' dosyasını okumak için IRCd talimatı altında kullanarak
* UnrealIRCd ile birlikte gelen 150'den fazla modĂĽlleri yĂĽkleyecektir.
* Başka bir deyişle: Bu sadece UnrealIRCd'de mevcut tüm özelliklerini yükleyecektir.
* İlk kez UnrealIRCd kuruyorsanız size bunu kullanmanızı öneririz.
* Biz 'modules.default.conf' dosyasını okumak için IRCd talimatı altında kullanarak
* UnrealIRCd ile birlikte gelen 150'den fazla modĂĽlleri yĂĽkleyecektir.
* Başka bir deyişle: Bu sadece UnrealIRCd'de mevcut tüm özelliklerini yükleyecektir.
* İlk kez UnrealIRCd kuruyorsanız size bunu kullanmanızı öneririz.
* UnrealIRCd'yi ilk kez kuruyorsanız bunu kullanmanızı öneririz.
* Daha sonra her şey hazır olduğunda ve çalışıyorsa (eğer isterseniz)
* listeyi özelleştirmek için geri dönebilirsiniz.
*/
include "modules.default.conf";
/* Şimdi de diğer bazı dosyaları dahil edelim:
/* Şimdi de diğer bazı dosyaları dahil edelim:
* - help/help.conf /HELPOP sistemi
* - badwords.conf kanal ve kullanıcı modu için +G
* - spamfilter.conf için örnek olarak spamfilter kullanımı
* - operclass.default.conf oper bloklarında kullanabileceğiniz
* oper sınıflarını görüntüler.
* - badwords.conf kanal ve kullanıcı modu için +G
* - spamfilter.conf için örnek olarak spamfilter kullanımı
* - operclass.default.conf oper bloklarında kullanabileceğiniz
* oper sınıflarını görüntüler.
*/
include "help/help.conf";
include "badwords.conf";
include "spamfilter.conf";
include "operclass.default.conf";
/* me { } bloÄźu genelde kim olduÄźumuzu belirtir.
* Sunucumuz için isim, birkaç satır bazı bilgileri belirler "sid".
* Sunucu kimliği (sid) iki basamağı veya harf tarafından izlenen bir rakam ile
* başlamalıdır. Sid IRC ağı için benzersiz olmalıdır (her sunucu için
* kendi sid olmalıdır).
/* me { } bloÄźu genelde kim olduÄźumuzu belirtir.
* Sunucumuz için isim, birkaç satır bazı bilgileri belirler "sid".
* Sunucu kimliği (sid) iki basamağı veya harf tarafından izlenen bir rakam ile
* başlamalıdır. Sid IRC ağı için benzersiz olmalıdır (her sunucu için
* kendi sid olmalıdır).
*/
me {
name "irc.foonet.com";
@@ -59,8 +64,8 @@ me {
sid "001";
};
/* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
* Normalde yöneticiye ulaşma konusunda bilgi içerir.
/* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
* Normalde yöneticiye ulaşma konusunda bilgi içerir.
*/
admin {
"Bob Smith";
@@ -68,15 +73,15 @@ admin {
"widely@used.name";
};
/* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
* Class blokları aşağıdaki işlemlerden oluşur:
* - pingfreq: kullanıcı/sunucu için ping'ler arası zaman belirtir (saniyede)
* - connfreq: sunucuya bağlanmaya çalıştığınızda tekrar için zaman belirtir (saniyede)
* - sendq: bir bağlantı için maksimum veri boyutu
* - recvq: bir bağlantı için maksimum alınan veri boyutu (flood kontrol)
/* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
* Class blokları aşağıdaki işlemlerden oluşur:
* - pingfreq: kullanıcı/sunucu için ping'ler arası zaman belirtir (saniyede)
* - connfreq: sunucuya bağlanmaya çalıştığınızda tekrar için zaman belirtir (saniyede)
* - sendq: bir bağlantı için maksimum veri boyutu
* - recvq: bir bağlantı için maksimum alınan veri boyutu (flood kontrol)
*/
/* Kullanıcılar için varsayılan class ayarları */
/* Kullanıcılar için varsayılan class ayarları */
class clients
{
pingfreq 90;
@@ -85,7 +90,7 @@ class clients
recvq 8000;
};
/* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
/* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
class opers
{
pingfreq 90;
@@ -94,32 +99,32 @@ class opers
recvq 8000;
};
/* Sunucular için varsayılan class ayarları */
/* Sunucular için varsayılan class ayarları */
class servers
{
pingfreq 60;
connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
maxclients 10; /* maksimum kullanıcı */
connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
maxclients 10; /* maksimum kullanıcı */
sendq 5M;
};
/* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
* Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
* giriş izini verilebilir. Ayrıca IP başına ne kadar bağlantıya izin
* verileceÄźini belirtir.
* Görmeniz için: https://www.unrealircd.org/docs/Allow_block
/* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
* Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
* giriş izini verilebilir. Ayrıca IP başına ne kadar bağlantıya izin
* verileceÄźini belirtir.
* Görmeniz için: https://www.unrealircd.org/docs/Allow_block
*/
/* IP başına sadece 5 bağlantı izini verir */
/* IP başına sadece 5 bağlantı izini verir */
allow {
ip *@*;
class clients;
maxperip 5;
maxperip 3;
};
/* Örnek olarak özel bir IP bloğu izini:
* Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
* Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
/* Örnek olarak özel bir IP bloğu izini:
* Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
* Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
*/
allow {
ip *@192.0.2.1;
@@ -128,41 +133,46 @@ allow {
maxperip 20;
};
/* Oper bloğu, IRC Operatorleri tanımlar.
* IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
* örneğin diğer kullanıcılara /KILL uygulayabilmesi, sunucu birleştirmesinin başlatılması,
* /JOIN yaptığı odalardan banlansa bile tekrar giriş yapabilmesi, vs.
* Görmeniz için: https://www.unrealircd.org/docs/Oper_block
/* Oper bloğu, IRC Operatorleri tanımlar.
* IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
* örneğin diğer kullanıcılara /KILL uygulayabilmesi, sunucu birleştirmesinin başlatılması,
* /JOIN yaptığı odalardan banlansa bile tekrar giriş yapabilmesi, vs.
*
* IRCOp olmak ve nasıl Admin olunacağı hakkında daha fazla bilgi için
* https://www.unrealircd.org/docs/IRCOp_guide
*
* Oper {} bloğunun kendisi ile ilgili ayrıntıları görmeniz için
* https://www.unrealircd.org/docs/Oper_block
*/
/* Örnek bir oper bloğu için 'bobsmith' ile şifresi 'test'.
* Bunu değiştirmeniz GEREKİR!!
/* Örnek bir oper bloğu için 'bobsmith' ile şifresi 'test'.
* Bunu değiştirmeniz GEREKİR!!
*/
oper bobsmith {
class opers;
mask *@*;
password "test";
/* Oper izinleri bir "operclass 'bloğunda tanımlanır.
* Görmeniz için: https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd varsayılan bloklar makalesi için,
* tam listesine bakınız. Buradan 'netadmin' seçiyoruz.
/* Oper izinleri bir "operclass 'bloğunda tanımlanır.
* Görmeniz için: https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd varsayılan bloklar makalesi için,
* tam listesine bakınız. Buradan 'netadmin' seçiyoruz.
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.mynet.org;
};
/* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
* Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
* sunucuya bağlantı kurmasını sağlar.
/* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
* Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
* sunucuya bağlantı kurmasını sağlar.
*
* Kullanımı:
* Kullanımı:
* listen
* {
* ip <ip numarası>;
* port <port numarası>;
* ip <ip numarası>;
* port <port numarası>;
* options {
* <seçenekler....>;
* <seçenekler....>;
* };
* };
*/
@@ -180,24 +190,24 @@ listen {
options { ssl; };
};
/* Özel SSL/TLS sadece sunucuları bağlamak için port */
/* Özel SSL/TLS sadece sunucuları bağlamak için port */
listen {
ip *;
port 6900;
options { ssl; serversonly; };
};
/* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
* logunuzda olası 'Address already in use' hatasını alacaksınız
* ve ircd başlamayacaktır.
* Bunun anlamı '*' yerine belirli bir IP yazmanız GEREKİR anlamına gelir:
/* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
* logunuzda olası 'Address already in use' hatasını alacaksınız
* ve ircd başlamayacaktır.
* Bunun anlamı '*' yerine belirli bir IP yazmanız GEREKİR anlamına gelir:
* listen 1.2.3.4:6667;
* Açıkçası, IP yi önceden koyduğunuz IP ile değiştirin.
* Açıkçası, IP yi önceden koyduğunuz IP ile değiştirin.
*/
/*
* Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
* Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
* Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
* Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.mynet.org
{
@@ -206,41 +216,58 @@ link hub.mynet.org
};
outgoing {
bind-ip *; /* veya açıkça bir IP */
bind-ip *; /* veya açıkça bir IP */
hostname hub.mynet.org;
port 6900;
options { ssl; };
};
password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* diğer sunucu için SSL fingerprint */
/* Kimlik doğrulaması için diğer sunucunun SPKI parmak izini kullanıyoruz.
* Kullanmamız için diğer tarafda './unrealircd spkifp' uygulayıp çalıştırıyoruz.
* NOT: UnrealIRCd 4.0.16 veya üzeri versiyonları gerektirir.
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
class servers;
};
/* U-lines satırları sunuculara daha güç/komut kazandırır.
* Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
* ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
* ( Eğer servisler kaynağını görmek istiyorsanız bakınız;
* https://www.unrealircd.org/docs/Services )
/* Servis'ler için bağlantı bloğu genellikle çok daha basittir.
* Servis'lerin ne olduğu hakkında daha fazla bilgi için,
* https://www.unrealircd.org/docs/Services
*/
link services.mynet.org
{
incoming {
mask 127.0.0.1;
};
password "changemeplease";
class servers;
};
/* U-lines satırları sunuculara daha güç/komut kazandırır.
* Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
* ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
*/
ulines {
services.mynet.org;
};
/* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
* Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
* koruma sağlamak içindir.
/* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
* Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
* koruma sağlamak içindir.
*/
drpass {
restart "restart";
die "die";
};
/* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
* Görmeniz için: https://www.unrealircd.org/docs/Log_block
/* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
* Görmeniz için: https://www.unrealircd.org/docs/Log_block
*/
/* Varsayılan ayarlar, neredeyse her şeyi kaydedecektir */
/* Varsayılan ayarlar, neredeyse her şeyi kaydedecektir */
log "ircd.log" {
flags {
oper;
@@ -256,42 +283,42 @@ log "ircd.log" {
};
};
/* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
* takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
/* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
* takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
*
* Biz önceden ayarlanmış bir takma adı dosyaları dizini oluşturduk, alias/ dizini kontrol ediniz.
* Örnek olarak, burada anope servisler ve kullanılan tüm diğer servisler adları bulunmaktadır.
* Biz önceden ayarlanmış bir takma adı dosyaları dizini oluşturduk, alias/ dizini kontrol ediniz.
* Örnek olarak, burada anope servisler ve kullanılan tüm diğer servisler adları bulunmaktadır.
*/
include "aliases/anope.conf";
/* Ban nick bloğu bir nickin sunucuda kullanımını yasaklamanıza olanak sağlar */
/* Ban nick bloğu bir nickin sunucuda kullanımını yasaklamanıza olanak sağlar */
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Servisler için ayrılmış";
reason "Servisler için ayrılmış";
};
/* Ban ip.
* Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
* Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
*/
ban ip {
mask 195.86.232.81;
reason "Senden nefret ediyorum";
};
/* Ban server - bir sunucunun bağlanmasını devredışı kılar */
/* Ban server - bir sunucunun bağlanmasını devredışı kılar */
ban server {
mask eris.berkeley.edu;
reason "Defol git buradan.";
};
/* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
/* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Salak";
};
/* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak
* banlamanıza olanak sağlar.
/* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak
* banlamanıza olanak sağlar.
*/
ban realname {
mask "Swat Team";
@@ -303,45 +330,45 @@ ban realname {
reason "sub7";
};
/* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
* KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
* EÄźer statik IP (ve bu IP ĂĽzerinde gĂĽvenilmeyen kiĹźiler) ile bir IRCOp
* iseniz o zaman kendinizi burada eklemenizi öneririz. Yanlışlıkla kendinize
* bir *LINE ban koyarsanız bile yinede muaf tutulacaksınız.
/* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
* KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
* EÄźer statik IP (ve bu IP ĂĽzerinde gĂĽvenilmeyen kiĹźiler) ile bir IRCOp
* iseniz o zaman kendinizi burada eklemenizi öneririz. Yanlışlıkla kendinize
* bir *LINE ban koyarsanız bile yinede muaf tutulacaksınız.
*/
/* except ban bloğu, sizi KLINE ve ZLINE gibi banlardan koruyacaktır */
/* except ban bloğu, sizi KLINE ve ZLINE gibi banlardan koruyacaktır */
except ban {
mask *@192.0.2.1;
// burada daha fazla mask girdileri ekleyebilirsiniz..
};
/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
except tkl {
mask *@192.0.2.1;
type all;
};
/* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
/* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
deny dcc {
filename "*sub7*";
reason "Olası Sub7 Virüsü";
reason "Olası Sub7 Virüsü";
};
/* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
/* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
deny channel {
channel "*warez*";
reason "Warez is illegal";
class "clients";
};
/* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
* Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
/* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
* Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
*/
/* Kullanabileceğiniz örnek vhost. IRC tipi: /VHOST test test
* DiKKAT: Güvenlik açısından aşağıdaki vhost::mask yönergesinde
* maske 'unrealircd.com' olarak belirlenmiĹźtir.
/* Kullanabileceğiniz örnek vhost. IRC tipi: /VHOST test test
* DiKKAT: Güvenlik açısından aşağıdaki vhost::mask yönergesinde
* maske 'unrealircd.com' olarak belirlenmiĹźtir.
*/
vhost {
vhost i.hate.microsefrs.com;
@@ -350,10 +377,10 @@ vhost {
password "test";
};
/* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
/* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
/* include "klines.conf"; */
/* Ağ yapılandırması */
/* Ağ yapılandırması */
set {
network-name "MYNet";
default-server "irc.mynet.org";
@@ -363,68 +390,75 @@ set {
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Gizleme anahtarları ağ üzerindeki bütün sunucularda aynı olmalı.
* Bu anahtarlar maskeli hostlar yaratmak ve bunları saklamak için kullanılır.
* Anahtarlar 5-100 karakterlik (10-20 karakter yeterli) 3 rastgele diziden oluşmalı ve
* küçük harf (a-z), büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
* IPUCU: './unreal gencloak' Unreal sizin için rastgele 3 adet dizin oluşturur.
* Bunu NIX üzerinde çalıştırabilirsiniz.
/* Gizleme anahtarları ağ üzerindeki bütün sunucularda aynı olmalı.
* Bu anahtarlar maskeli hostlar yaratmak ve bunları saklamak için kullanılır.
* Anahtarlar 5-100 karakterlik (10-20 karakter yeterli) 3 rastgele diziden oluşmalı ve
* küçük harf (a-z), büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
* IPUCU: './unreal gencloak' Unreal sizin için rastgele 3 adet dizin oluşturur.
* Bunu NIX üzerinde çalıştırabilirsiniz.
*/
cloak-keys {
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"ve diÄźeri";
"ve diÄźeri";
"ve diÄźeri";
"ve diÄźeri";
};
};
/* Sunucunun kendine özgü yapılandırması */
/* Sunucunun kendine özgü yapılandırması */
set {
kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
modes-on-oper "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
modes-on-oper "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
options {
hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
};
maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
/* QUIT mesajının görüntülenebilmesi için, bir kullanıcının sunucuya bağlı kalması
* gereken süre. Bu durum umarım spamları durdurmak için yardımcı olacaktır.
/* QUIT mesajının görüntülenebilmesi için, bir kullanıcının sunucuya bağlı kalması
* gereken süre. Bu durum umarım spamları durdurmak için yardımcı olacaktır.
*/
anti-spam-quit-message-time 10s;
/* Kullanıcı sunucudan ayrılırken çıkış sebebini sabitler. /QUIT sebeb gözardı edilecektir. */
/* Kullanıcı sunucudan ayrılırken çıkış sebebini sabitler. /QUIT sebeb gözardı edilecektir. */
/* static-quit "Client quit"; */
/* static-part /PART komutu ile aynı işi görür */
/* static-part /PART komutu ile aynı işi görür */
/* static-part yes; */
/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
oper-only-stats "*";
/* Anti flood Koruması */
/* Anti flood Koruması */
anti-flood {
nick-flood 3:60; /* Her 60 saniyede 3 nick değişikliği (varsayılan) */
connect-flood 3:60; /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
away-flood 4:120; /* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
nick-flood 3:60; /* Her 60 saniyede 3 nick değişikliği (varsayılan) */
connect-flood 3:60; /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
away-flood 4:120; /* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
};
/* Spam filter Ayarları */
/* Spam filter Ayarları */
spamfilter {
ban-time 1d; /* varsayılan spamfilter tarafından ban süresini belirtir */
ban-reason "Spam/Advertising"; /* varsayılan sebep */
virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
ban-time 1d; /* varsayılan spamfilter tarafından ban süresini belirtir */
ban-reason "Spam/Advertising"; /* varsayılan sebep */
virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
/* except "#help"; Spamfilter'den muaf tutulacak kanal */
};
};
/* Son olarak, bir MOTD (Günün Mesajı) oluşturabilirsiniz, bu
* conf/ dizininde 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
* Bu dosyanın içeriği bağlantı kuran kullanıcılara gösterilecektir.
* Daha fazla bilgi için https://www.unrealircd.org/docs/MOTD_and_Rules bölümünü inceleyiniz.
*/
/*
* Sorununuza veya daha fazla yardımamı ihtiyacınız var?
* Sorununuza veya daha fazla yardımamı ihtiyacınız var?
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
* 2) https://www.unrealircd.org/docs/FAQ <- sorularınızın %80 ini kapsamakta!
* 3) Eğer probleminiz hala devam ediyorsa irc.unrealircd.org sunucusu #unreal-support kanalına girebilirsiniz
* DÖKÜMANTASYON ve FAQ kısmını okumanızı gerekli gördüğümüzü belirtiyoruz!
* 2) https://www.unrealircd.org/docs/FAQ <- sorularınızın %80 ini kapsamakta!
* 3) EÄźer probleminiz hala devam ediyorsa:
* - Forums: https://forums.unrealircd.org/
* - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support
* İlk önce Dökümantasyon ve FAQ kısmını okumanızı gerektirdiğini unutmayın!
*/
+285 -285
View File
File diff suppressed because it is too large Load Diff
+402 -402
View File
File diff suppressed because it is too large Load Diff
+903 -903
View File
File diff suppressed because it is too large Load Diff
+719 -776
View File
File diff suppressed because it is too large Load Diff
+15 -3
View File
@@ -6,9 +6,18 @@
* include "modules.default.conf";
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to customize the modules to load, make a copy of this
* file (eg: name it modules.custom.conf) and edit it.
* Then include that file from your unrealircd.conf instead of this one.
* If you want to customize the modules to load you have two options:
* 1) Keep the include for modules.default.conf as usual and make use
* of blacklist-module "xyz"; to selectively disable modules.
* See https://www.unrealircd.org/docs/Blacklist-module_directive
* 2) OR, make a copy of this file (eg: name it modules.custom.conf)
* and edit it. Then include that file from your unrealircd.conf
* instead of this one.
* The downside of option #2 is that you will need to track changes
* in the original modules.default.conf with each new UnrealIRCd
* release to make sure you don't miss any new functionality (as new
* important modules may be added you need to add them to your conf).
* You don't have this problem with option #1.
*/
/*** Cloaking (for user mode +x) ***/
@@ -179,6 +188,9 @@ loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services ac
loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
/*** CAP modules ***/
+12 -8
View File
@@ -31,14 +31,6 @@ set { staff-file "network.staff"; };
loadmodule "nocodes";
/*** Extended Bans ***/
/* See https://www.unrealircd.org/docs/Extended_bans for information */
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
/*** Other ***/
// The hideserver module will hide /MAP and /LINKS to regular users.
@@ -135,9 +127,21 @@ set {
mask 192.168.*;
mask 127.*;
};
/* EXCEPT-WEBIRC:
* This will make antirandom not check connections from WEBIRC gateways.
* ( see https://www.unrealircd.org/docs/WebIRC_block )
* It seems WEBIRC connections frequently cause false positives so the
* default is 'yes'.
*/
except-webirc yes;
};
};
// This adds websocket support. For more information, see:
// https://www.unrealircd.org/docs/WebSocket_support
loadmodule "websocket";
// This adds support for WHOX
// This is currently experimental!
loadmodule "m_whox";
+211 -519
View File
@@ -1,7 +1,7 @@
##
## Bundle of CA Root Certificates
##
## Certificate data from Mozilla as of: Wed Sep 20 03:12:05 2017 GMT
## Certificate data from Mozilla as of: Wed Mar 7 04:12:06 2018 GMT
##
## This is a bundle of X.509 certificates of public Certificate Authorities
## (CA). These were automatically extracted from Mozilla's root certificates
@@ -14,7 +14,7 @@
## Just configure this file as the SSLCACertificateFile.
##
## Conversion done with mk-ca-bundle.pl version 1.27.
## SHA256: 2b2dbe5244e0047e088c597998883a913f6c5fffd1cb5c0fe5a368c8466cb2ec
## SHA256: 704f02707ec6b4c4a7597a8c6039b020def11e64f3ef0605a9c3543d48038a57
##
@@ -283,25 +283,6 @@ YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
398znM/jra6O1I7mT1GvFpLgXPYHDw==
-----END CERTIFICATE-----
Certum Root CA
==============
-----BEGIN CERTIFICATE-----
MIIDDDCCAfSgAwIBAgIDAQAgMA0GCSqGSIb3DQEBBQUAMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQK
ExJVbml6ZXRvIFNwLiB6IG8uby4xEjAQBgNVBAMTCUNlcnR1bSBDQTAeFw0wMjA2MTExMDQ2Mzla
Fw0yNzA2MTExMDQ2MzlaMD4xCzAJBgNVBAYTAlBMMRswGQYDVQQKExJVbml6ZXRvIFNwLiB6IG8u
by4xEjAQBgNVBAMTCUNlcnR1bSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM6x
wS7TT3zNJc4YPk/EjG+AanPIW1H4m9LcuwBcsaD8dQPugfCI7iNS6eYVM42sLQnFdvkrOYCJ5JdL
kKWoePhzQ3ukYbDYWMzhbGZ+nPMJXlVjhNWo7/OxLjBos8Q82KxujZlakE403Daaj4GIULdtlkIJ
89eVgw1BS7Bqa/j8D35in2fE7SZfECYPCE/wpFcozo+47UX2bu4lXapuOb7kky/ZR6By6/qmW6/K
Uz/iDsaWVhFu9+lmqSbYf5VT7QqFiLpPKaVCjF62/IUgAKpoC6EahQGcxEZjgoi2IrHu/qpGWX7P
NSzVttpd90gzFFS269lvzs2I1qsb2pY7HVkCAwEAAaMTMBEwDwYDVR0TAQH/BAUwAwEB/zANBgkq
hkiG9w0BAQUFAAOCAQEAuI3O7+cUus/usESSbLQ5PqKEbq24IXfS1HeCh+YgQYHu4vgRt2PRFze+
GXYkHAQaTOs9qmdvLdTN/mUxcMUbpgIKumB7bVjCmkn+YzILa+M6wKyrO7Do0wlRjBCDxjTgxSvg
GrZgFCdsMneMvLJymM/NzD+5yCRCFNZX/OYmQ6kd5YCQzgNUKD73P9P4Te1qCjqTE5s7FCMTY5w/
0YcneeVMUeMBrYVdGjux1XMQpNPyvG5k9VpWkKjHDkx0Dy5xO/fIR/RpbxXyEV6DHpx8Uq79AtoS
qFlnGNu8cN2bsWntgM6JQEhqDjXKKWYVIZQs6GAqm4VKQPNriiTsBhYscw==
-----END CERTIFICATE-----
Comodo AAA Services root
========================
-----BEGIN CERTIFICATE-----
@@ -465,60 +446,6 @@ EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
llpwrN9M
-----END CERTIFICATE-----
Camerfirma Chambers of Commerce Root
====================================
-----BEGIN CERTIFICATE-----
MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe
QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i
ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx
NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp
cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn
MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC
AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU
xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH
NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW
DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV
d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud
EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v
cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P
AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh
bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD
VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi
fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD
L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN
UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n
ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1
erfutGWaIZDgqtCYvDi1czyL+Nw=
-----END CERTIFICATE-----
Camerfirma Global Chambersign Root
==================================
-----BEGIN CERTIFICATE-----
MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe
QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i
ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx
NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt
YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg
MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw
ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J
1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O
by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl
6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c
8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/
BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j
aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B
Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj
aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y
ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA
PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y
gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ
PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4
IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes
t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
-----END CERTIFICATE-----
XRamp Global CA Root
====================
-----BEGIN CERTIFICATE-----
@@ -591,47 +518,6 @@ KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
QBFGmh95DmK/D5fs4C8fF5Q=
-----END CERTIFICATE-----
StartCom Certification Authority
================================
-----BEGIN CERTIFICATE-----
MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN
U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu
ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0
NjM2WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y
o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/
Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d
eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt
2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z
6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ
osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/
untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc
UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT
37uMdBNSSwIDAQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE
FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9jZXJ0LnN0YXJ0
Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3JsLnN0YXJ0Y29tLm9yZy9zZnNj
YS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFMBgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUH
AgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRw
Oi8vY2VydC5zdGFydGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYg
U3RhcnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlhYmlsaXR5
LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2YgdGhlIFN0YXJ0Q29tIENl
cnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFpbGFibGUgYXQgaHR0cDovL2NlcnQuc3Rh
cnRjb20ub3JnL3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilT
dGFydENvbSBGcmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOC
AgEAFmyZ9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8jhvh
3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUWFjgKXlf2Ysd6AgXm
vB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJzewT4F+irsfMuXGRuczE6Eri8sxHk
fY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3
fsNrarnDy0RLrHiQi+fHLB5LEUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZ
EoalHmdkrQYuL6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq
yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuCO3NJo2pXh5Tl
1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6Vum0ABj6y6koQOdjQK/W/7HW/
lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkyShNOsF/5oirpt9P/FlUQqmMGqz9IgcgA38coro
g14=
-----END CERTIFICATE-----
Taiwan GRCA
===========
-----BEGIN CERTIFICATE-----
@@ -770,30 +656,6 @@ RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----
DST ACES CA X6
==============
-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG
EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT
MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha
MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE
CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI
DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa
pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow
GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy
MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud
EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu
Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy
dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU
CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2
5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t
Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs
vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3
oKfN5XozNmr6mis=
-----END CERTIFICATE-----
SwissSign Gold CA - G2
======================
-----BEGIN CERTIFICATE-----
@@ -1036,27 +898,6 @@ FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
-----END CERTIFICATE-----
Security Communication EV RootCA1
=================================
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh
dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE
BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl
Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO
/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX
WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z
ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4
bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK
9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm
iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG
Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW
mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW
T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
-----END CERTIFICATE-----
OISTE WISeKey Global Root GA CA
===============================
-----BEGIN CERTIFICATE-----
@@ -1177,34 +1018,6 @@ sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
-----END CERTIFICATE-----
T\xc3\x9c\x42\xC4\xB0TAK UEKAE K\xC3\xB6k Sertifika Hizmet Sa\xC4\x9Flay\xc4\xb1\x63\xc4\xb1s\xc4\xb1 - S\xC3\xBCr\xC3\xBCm 3
=============================================================================================================================
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgIBETANBgkqhkiG9w0BAQUFADCCASsxCzAJBgNVBAYTAlRSMRgwFgYDVQQH
DA9HZWJ6ZSAtIEtvY2FlbGkxRzBFBgNVBAoMPlTDvHJraXllIEJpbGltc2VsIHZlIFRla25vbG9q
aWsgQXJhxZ90xLFybWEgS3VydW11IC0gVMOcQsSwVEFLMUgwRgYDVQQLDD9VbHVzYWwgRWxla3Ry
b25payB2ZSBLcmlwdG9sb2ppIEFyYcWfdMSxcm1hIEVuc3RpdMO8c8O8IC0gVUVLQUUxIzAhBgNV
BAsMGkthbXUgU2VydGlmaWthc3lvbiBNZXJrZXppMUowSAYDVQQDDEFUw5xCxLBUQUsgVUVLQUUg
S8O2ayBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSAtIFPDvHLDvG0gMzAeFw0wNzA4
MjQxMTM3MDdaFw0xNzA4MjExMTM3MDdaMIIBKzELMAkGA1UEBhMCVFIxGDAWBgNVBAcMD0dlYnpl
IC0gS29jYWVsaTFHMEUGA1UECgw+VMO8cmtpeWUgQmlsaW1zZWwgdmUgVGVrbm9sb2ppayBBcmHF
n3TEsXJtYSBLdXJ1bXUgLSBUw5xCxLBUQUsxSDBGBgNVBAsMP1VsdXNhbCBFbGVrdHJvbmlrIHZl
IEtyaXB0b2xvamkgQXJhxZ90xLFybWEgRW5zdGl0w7xzw7wgLSBVRUtBRTEjMCEGA1UECwwaS2Ft
dSBTZXJ0aWZpa2FzeW9uIE1lcmtlemkxSjBIBgNVBAMMQVTDnELEsFRBSyBVRUtBRSBLw7ZrIFNl
cnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIC0gU8O8csO8bSAzMIIBIjANBgkqhkiG9w0B
AQEFAAOCAQ8AMIIBCgKCAQEAim1L/xCIOsP2fpTo6iBkcK4hgb46ezzb8R1Sf1n68yJMlaCQvEhO
Eav7t7WNeoMojCZG2E6VQIdhn8WebYGHV2yKO7Rm6sxA/OOqbLLLAdsyv9Lrhc+hDVXDWzhXcLh1
xnnRFDDtG1hba+818qEhTsXOfJlfbLm4IpNQp81McGq+agV/E5wrHur+R84EpW+sky58K5+eeROR
6Oqeyjh1jmKwlZMq5d/pXpduIF9fhHpEORlAHLpVK/swsoHvhOPc7Jg4OQOFCKlUAwUp8MmPi+oL
hmUZEdPpCSPeaJMDyTYcIW7OjGbxmTDY17PDHfiBLqi9ggtm/oLL4eAagsNAgQIDAQABo0IwQDAd
BgNVHQ4EFgQUvYiHyY/2pAoLquvF/pEjnatKijIwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAB18+kmPNOm3JpIWmgV050vQbTlswyb2zrgxvMTfvCr4
N5EY3ATIZJkrGG2AA1nJrvhY0D7twyOfaTyGOBye79oneNGEN3GKPEs5z35FBtYt2IpNeBLWrcLT
y9LQQfMmNkqblWwM7uXRQydmwYj3erMgbOqwaSvHIOgMA8RBBZniP+Rr+KCGgceExh/VS4ESshYh
LBOhgLJeDEoTniDYYkCrkOpkSi+sDQESeUWoL4cZaMjihccwsnX5OD+ywJO0a+IDRM5noN+J1q2M
dqMTw5RhK2vZbMEHCiIHhWyFJEapvj+LeISCfiQMnf2BN+MlqO02TpUsyZyQ2uypQjyttgI=
-----END CERTIFICATE-----
certSIGN ROOT CA
================
-----BEGIN CERTIFICATE-----
@@ -1452,37 +1265,6 @@ y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
-----END CERTIFICATE-----
ACEDICOM Root
=============
-----BEGIN CERTIFICATE-----
MIIFtTCCA52gAwIBAgIIYY3HhjsBggUwDQYJKoZIhvcNAQEFBQAwRDEWMBQGA1UEAwwNQUNFRElD
T00gUm9vdDEMMAoGA1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMB4XDTA4
MDQxODE2MjQyMloXDTI4MDQxMzE2MjQyMlowRDEWMBQGA1UEAwwNQUNFRElDT00gUm9vdDEMMAoG
A1UECwwDUEtJMQ8wDQYDVQQKDAZFRElDT00xCzAJBgNVBAYTAkVTMIICIjANBgkqhkiG9w0BAQEF
AAOCAg8AMIICCgKCAgEA/5KV4WgGdrQsyFhIyv2AVClVYyT/kGWbEHV7w2rbYgIB8hiGtXxaOLHk
WLn709gtn70yN78sFW2+tfQh0hOR2QetAQXW8713zl9CgQr5auODAKgrLlUTY4HKRxx7XBZXehuD
YAQ6PmXDzQHe3qTWDLqO3tkE7hdWIpuPY/1NFgu3e3eM+SW10W2ZEi5PGrjm6gSSrj0RuVFCPYew
MYWveVqc/udOXpJPQ/yrOq2lEiZmueIM15jO1FillUAKt0SdE3QrwqXrIhWYENiLxQSfHY9g5QYb
m8+5eaA9oiM/Qj9r+hwDezCNzmzAv+YbX79nuIQZ1RXve8uQNjFiybwCq0Zfm/4aaJQ0PZCOrfbk
HQl/Sog4P75n/TSW9R28MHTLOO7VbKvU/PQAtwBbhTIWdjPp2KOZnQUAqhbm84F9b32qhm2tFXTT
xKJxqvQUfecyuB+81fFOvW8XAjnXDpVCOscAPukmYxHqC9FK/xidstd7LzrZlvvoHpKuE1XI2Sf2
3EgbsCTBheN3nZqk8wwRHQ3ItBTutYJXCb8gWH8vIiPYcMt5bMlL8qkqyPyHK9caUPgn6C9D4zq9
2Fdx/c6mUlv53U3t5fZvie27k5x2IXXwkkwp9y+cAS7+UEaeZAwUswdbxcJzbPEHXEUkFDWug/Fq
TYl6+rPYLWbwNof1K1MCAwEAAaOBqjCBpzAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKaz
4SsrSbbXc6GqlPUB53NlTKxQMA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUprPhKytJttdzoaqU
9QHnc2VMrFAwRAYDVR0gBD0wOzA5BgRVHSAAMDEwLwYIKwYBBQUHAgEWI2h0dHA6Ly9hY2VkaWNv
bS5lZGljb21ncm91cC5jb20vZG9jMA0GCSqGSIb3DQEBBQUAA4ICAQDOLAtSUWImfQwng4/F9tqg
aHtPkl7qpHMyEVNEskTLnewPeUKzEKbHDZ3Ltvo/Onzqv4hTGzz3gvoFNTPhNahXwOf9jU8/kzJP
eGYDdwdY6ZXIfj7QeQCM8htRM5u8lOk6e25SLTKeI6RF+7YuE7CLGLHdztUdp0J/Vb77W7tH1Pwk
zQSulgUV1qzOMPPKC8W64iLgpq0i5ALudBF/TP94HTXa5gI06xgSYXcGCRZj6hitoocf8seACQl1
ThCojz2GuHURwCRiipZ7SkXp7FnFvmuD5uHorLUwHv4FB4D54SMNUI8FmP8sX+g7tq3PgbUhh8oI
KiMnMCArz+2UW6yyetLHKKGKC5tNSixthT8Jcjxn4tncB7rrZXtaAWPWkFtPF2Y9fwsZo5NjEFIq
nxQWWOLcpfShFosOkYuByptZ+thrkQdlVV9SH686+5DdaaVbnG0OLLb6zqylfDJKZ0DcMDQj3dcE
I2bw/FWAp/tmGYI1Z2JwOV5vx+qQQEQIHriy1tvuWacNGHk0vFQYXlPKNFHtRQrmjseCNj6nOGOp
MCwXEGCSn1WHElkQwg9naRHMTh5+Spqtr0CodaxWkHS4oJyleW/c6RrIaQXpuvoDs3zk4E7Czp3o
tkYNbn5XOmeUwssfnHdKZ05phkOTOPu220+DkdRgfks+KzgHVZhepA==
-----END CERTIFICATE-----
Microsec e-Szigno Root CA 2009
==============================
-----BEGIN CERTIFICATE-----
@@ -1843,37 +1625,6 @@ Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
-----END CERTIFICATE-----
Certinomis - Autorité Racine
============================
-----BEGIN CERTIFICATE-----
MIIFnDCCA4SgAwIBAgIBATANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJGUjETMBEGA1UEChMK
Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxJjAkBgNVBAMMHUNlcnRpbm9taXMg
LSBBdXRvcml0w6kgUmFjaW5lMB4XDTA4MDkxNzA4Mjg1OVoXDTI4MDkxNzA4Mjg1OVowYzELMAkG
A1UEBhMCRlIxEzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMSYw
JAYDVQQDDB1DZXJ0aW5vbWlzIC0gQXV0b3JpdMOpIFJhY2luZTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAJ2Fn4bT46/HsmtuM+Cet0I0VZ35gb5j2CN2DpdUzZlMGvE5x4jYF1AMnmHa
wE5V3udauHpOd4cN5bjr+p5eex7Ezyh0x5P1FMYiKAT5kcOrJ3NqDi5N8y4oH3DfVS9O7cdxbwly
Lu3VMpfQ8Vh30WC8Tl7bmoT2R2FFK/ZQpn9qcSdIhDWerP5pqZ56XjUl+rSnSTV3lqc2W+HN3yNw
2F1MpQiD8aYkOBOo7C+ooWfHpi2GR+6K/OybDnT0K0kCe5B1jPyZOQE51kqJ5Z52qz6WKDgmi92N
jMD2AR5vpTESOH2VwnHu7XSu5DaiQ3XV8QCb4uTXzEIDS3h65X27uK4uIJPT5GHfceF2Z5c/tt9q
c1pkIuVC28+BA5PY9OMQ4HL2AHCs8MF6DwV/zzRpRbWT5BnbUhYjBYkOjUjkJW+zeL9i9Qf6lSTC
lrLooyPCXQP8w9PlfMl1I9f09bze5N/NgL+RiH2nE7Q5uiy6vdFrzPOlKO1Enn1So2+WLhl+HPNb
xxaOu2B9d2ZHVIIAEWBsMsGoOBvrbpgT1u449fCfDu/+MYHB0iSVL1N6aaLwD4ZFjliCK0wi1F6g
530mJ0jfJUaNSih8hp75mxpZuWW/Bd22Ql095gBIgl4g9xGC3srYn+Y3RyYe63j3YcNBZFgCQfna
4NH4+ej9Uji29YnfAgMBAAGjWzBZMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0G
A1UdDgQWBBQNjLZh2kS40RR9w759XkjwzspqsDAXBgNVHSAEEDAOMAwGCiqBegFWAgIAAQEwDQYJ
KoZIhvcNAQEFBQADggIBACQ+YAZ+He86PtvqrxyaLAEL9MW12Ukx9F1BjYkMTv9sov3/4gbIOZ/x
WqndIlgVqIrTseYyCYIDbNc/CMf4uboAbbnW/FIyXaR/pDGUu7ZMOH8oMDX/nyNTt7buFHAAQCva
R6s0fl6nVjBhK4tDrP22iCj1a7Y+YEq6QpA0Z43q619FVDsXrIvkxmUP7tCMXWY5zjKn2BCXwH40
nJ+U8/aGH88bc62UeYdocMMzpXDn2NU4lG9jeeu/Cg4I58UvD0KgKxRA/yHgBcUn4YQRE7rWhh1B
CxMjidPJC+iKunqjo3M3NYB9Ergzd0A4wPpeMNLytqOx1qKVl4GbUu1pTP+A5FPbVFsDbVRfsbjv
JL1vnxHDx2TCDyhihWZeGnuyt++uNckZM6i4J9szVb9o4XVIRFb7zdNIu0eJOqxp9YDG5ERQL1TE
qkPFMTFYvZbF6nVsmnWxTfj3l/+WFvKXTej28xH5On2KOG4Ey+HTRRWqpdEdnV1j6CTmNhTih60b
WfVEm/vXd3wfAXBioSAaosUaKPQhA+4u2cGA6rnZgtZbdsLLO7XSAPCjDuGtbkD326C00EauFddE
wk01+dIL8hf2rGbVJLJP0RyZwG71fet0BLj5TXcJ17TPBzAJ8bgAVtkXFhYKK4bfjwEZGuW7gmP/
vgt2Fl43N+bYdJeimUV5
-----END CERTIFICATE-----
TWCA Root Certification Authority
=================================
-----BEGIN CERTIFICATE-----
@@ -2022,75 +1773,6 @@ l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl
iB6XzCGcKQENZetX2fNXlrtIzYE=
-----END CERTIFICATE-----
StartCom Certification Authority
================================
-----BEGIN CERTIFICATE-----
MIIHhzCCBW+gAwIBAgIBLTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMN
U3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmlu
ZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0
NjM3WhcNMzYwOTE3MTk0NjM2WjB9MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRk
LjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMg
U3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAw
ggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZkpMyONvg45iPwbm2xPN1y
o4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rfOQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/
Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/CJi/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/d
eMotHweXMAEtcnn6RtYTKqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt
2PZE4XNiHzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMMAv+Z
6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w+2OqqGwaVLRcJXrJ
osmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/
untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVc
UjyJthkqcwEKDwOzEmDyei+B26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT
37uMdBNSSwIDAQABo4ICEDCCAgwwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYD
VR0OBBYEFE4L7xqkQFulF2mHMMo0aEPQQa7yMB8GA1UdIwQYMBaAFE4L7xqkQFulF2mHMMo0aEPQ
Qa7yMIIBWgYDVR0gBIIBUTCCAU0wggFJBgsrBgEEAYG1NwEBATCCATgwLgYIKwYBBQUHAgEWImh0
dHA6Ly93d3cuc3RhcnRzc2wuY29tL3BvbGljeS5wZGYwNAYIKwYBBQUHAgEWKGh0dHA6Ly93d3cu
c3RhcnRzc2wuY29tL2ludGVybWVkaWF0ZS5wZGYwgc8GCCsGAQUFBwICMIHCMCcWIFN0YXJ0IENv
bW1lcmNpYWwgKFN0YXJ0Q29tKSBMdGQuMAMCAQEagZZMaW1pdGVkIExpYWJpbGl0eSwgcmVhZCB0
aGUgc2VjdGlvbiAqTGVnYWwgTGltaXRhdGlvbnMqIG9mIHRoZSBTdGFydENvbSBDZXJ0aWZpY2F0
aW9uIEF1dGhvcml0eSBQb2xpY3kgYXZhaWxhYmxlIGF0IGh0dHA6Ly93d3cuc3RhcnRzc2wuY29t
L3BvbGljeS5wZGYwEQYJYIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBG
cmVlIFNTTCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAgEAjo/n3JR5
fPGFf59Jb2vKXfuM/gTFwWLRfUKKvFO3lANmMD+x5wqnUCBVJX92ehQN6wQOQOY+2IirByeDqXWm
N3PH/UvSTa0XQMhGvjt/UfzDtgUx3M2FIk5xt/JxXrAaxrqTi3iSSoX4eA+D/i+tLPfkpLst0OcN
Org+zvZ49q5HJMqjNTbOx8aHmNrs++myziebiMMEofYLWWivydsQD032ZGNcpRJvkrKTlMeIFw6T
tn5ii5B/q06f/ON1FE8qMt9bDeD1e5MNq6HPh+GlBEXoPBKlCcWw0bdT82AUuoVpaiF8H3VhFyAX
e2w7QSlc4axa0c2Mm+tgHRns9+Ww2vl5GKVFP0lDV9LdJNUso/2RjSe15esUBppMeyG7Oq0wBhjA
2MFrLH9ZXF2RsXAiV+uKa0hK1Q8p7MZAwC+ITGgBF3f0JBlPvfrhsiAhS90a2Cl9qrjeVOwhVYBs
HvUwyKMQ5bLmKhQxw4UtjJixhlpPiVktucf3HMiKf8CdBUrmQk9io20ppB+Fq9vlgcitKj1MXVuE
JnHEhV5xJMqlG2zYYdMa4FTbzrqpMrUi9nNBCV24F10OD5mQ1kfabwo6YigUZ4LZ8dCAWZvLMdib
D4x3TrVoivJs9iQOLWxwxXPR3hTQcY+203sC9uO41Alua551hDnmfyWl8kgAwKQB2j8=
-----END CERTIFICATE-----
StartCom Certification Authority G2
===================================
-----BEGIN CERTIFICATE-----
MIIFYzCCA0ugAwIBAgIBOzANBgkqhkiG9w0BAQsFADBTMQswCQYDVQQGEwJJTDEWMBQGA1UEChMN
U3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkg
RzIwHhcNMTAwMTAxMDEwMDAxWhcNMzkxMjMxMjM1OTAxWjBTMQswCQYDVQQGEwJJTDEWMBQGA1UE
ChMNU3RhcnRDb20gTHRkLjEsMCoGA1UEAxMjU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgRzIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2iTZbB7cgNr2Cu+EWIAOVeq8O
o1XJJZlKxdBWQYeQTSFgpBSHO839sj60ZwNq7eEPS8CRhXBF4EKe3ikj1AENoBB5uNsDvfOpL9HG
4A/LnooUCri99lZi8cVytjIl2bLzvWXFDSxu1ZJvGIsAQRSCb0AgJnooD/Uefyf3lLE3PbfHkffi
Aez9lInhzG7TNtYKGXmu1zSCZf98Qru23QumNK9LYP5/Q0kGi4xDuFby2X8hQxfqp0iVAXV16iul
Q5XqFYSdCI0mblWbq9zSOdIxHWDirMxWRST1HFSr7obdljKF+ExP6JV2tgXdNiNnvP8V4so75qbs
O+wmETRIjfaAKxojAuuKHDp2KntWFhxyKrOq42ClAJ8Em+JvHhRYW6Vsi1g8w7pOOlz34ZYrPu8H
vKTlXcxNnw3h3Kq74W4a7I/htkxNeXJdFzULHdfBR9qWJODQcqhaX2YtENwvKhOuJv4KHBnM0D4L
nMgJLvlblnpHnOl68wVQdJVznjAJ85eCXuaPOQgeWeU1FEIT/wCc976qUM/iUUjXuG+v+E5+M5iS
FGI6dWPPe/regjupuznixL0sAA7IF6wT700ljtizkC+p2il9Ha90OrInwMEePnWjFqmveiJdnxMa
z6eg6+OGCtP95paV1yPIN93EfKo2rJgaErHgTuixO/XWb/Ew1wIDAQABo0IwQDAPBgNVHRMBAf8E
BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUS8W0QGutHLOlHGVuRjaJhwUMDrYwDQYJ
KoZIhvcNAQELBQADggIBAHNXPyzVlTJ+N9uWkusZXn5T50HsEbZH77Xe7XRcxfGOSeD8bpkTzZ+K
2s06Ctg6Wgk/XzTQLwPSZh0avZyQN8gMjgdalEVGKua+etqhqaRpEpKwfTbURIfXUfEpY9Z1zRbk
J4kd+MIySP3bmdCPX1R0zKxnNBFi2QwKN4fRoxdIjtIXHfbX/dtl6/2o1PXWT6RbdejF0mCy2wl+
JYt7ulKSnj7oxXehPOBKc2thz4bcQ///If4jXSRK9dNtD2IEBVeC2m6kMyV5Sy5UGYvMLD0w6dEG
/+gyRr61M3Z3qAFdlsHB1b6uJcDJHgoJIIihDsnzb02CVAAgp9KP5DlUFy6NHrgbuxu9mk47EDTc
nIhT76IxW1hPkWLIwpqazRVdOKnWvvgTtZ8SafJQYqz7Fzf07rh1Z2AQ+4NQ+US1dZxAF7L+/Xld
blhYXzD8AK6vM8EOTmy6p6ahfzLbOOCxchcKK5HsamMm7YnUeMx0HgX4a/6ManY5Ka5lIxKVCCIc
l85bBu4M4ru8H0ST9tg4RQUh7eStqxK2A6RCLi3ECToDZ2mEmuFZkIoohdVddLHRDiBYmxOlsGOm
7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulrso8uBtjRkcfGEvRM/TAXw8HaOFvjqerm
obp573PYtlNXLfbQ4ddI
-----END CERTIFICATE-----
Buypass Class 2 Root CA
=======================
-----BEGIN CERTIFICATE-----
@@ -2197,31 +1879,6 @@ uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU
dcGWxZ0=
-----END CERTIFICATE-----
TURKTRUST Certificate Services Provider Root 2007
=================================================
-----BEGIN CERTIFICATE-----
MIIEPTCCAyWgAwIBAgIBATANBgkqhkiG9w0BAQUFADCBvzE/MD0GA1UEAww2VMOcUktUUlVTVCBF
bGVrdHJvbmlrIFNlcnRpZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxMQswCQYDVQQGEwJUUjEP
MA0GA1UEBwwGQW5rYXJhMV4wXAYDVQQKDFVUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUg
QmlsacWfaW0gR8O8dmVubGnEn2kgSGl6bWV0bGVyaSBBLsWeLiAoYykgQXJhbMSxayAyMDA3MB4X
DTA3MTIyNTE4MzcxOVoXDTE3MTIyMjE4MzcxOVowgb8xPzA9BgNVBAMMNlTDnFJLVFJVU1QgRWxl
a3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsTELMAkGA1UEBhMCVFIxDzAN
BgNVBAcMBkFua2FyYTFeMFwGA1UECgxVVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp
bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4gKGMpIEFyYWzEsWsgMjAwNzCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKu3PgqMyKVYFeaK7yc9SrToJdPNM8Ig3BnuiD9N
YvDdE3ePYakqtdTyuTFYKTsvP2qcb3N2Je40IIDu6rfwxArNK4aUyeNgsURSsloptJGXg9i3phQv
KUmi8wUG+7RP2qFsmmaf8EMJyupyj+sA1zU511YXRxcw9L6/P8JorzZAwan0qafoEGsIiveGHtya
KhUG9qPw9ODHFNRRf8+0222vR5YXm3dx2KdxnSQM9pQ/hTEST7ruToK4uT6PIzdezKKqdfcYbwnT
rqdUKDT74eA7YH2gvnmJhsifLfkKS8RQouf9eRbHegsYz85M733WB2+Y8a+xwXrXgTW4qhe04MsC
AwEAAaNCMEAwHQYDVR0OBBYEFCnFkKslrxHkYb+j/4hhkeYO/pyBMA4GA1UdDwEB/wQEAwIBBjAP
BgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAQDdr4Ouwo0RSVgrESLFF6QSU2TJ/s
Px+EnWVUXKgWAkD6bho3hO9ynYYKVZ1WKKxmLNA6VpM0ByWtCLCPyA8JWcqdmBzlVPi5RX9ql2+I
aE1KBiY3iAIOtsbWcpnOa3faYjGkVh+uX4132l32iPwa2Z61gfAyuOOI0JzzaqC5mxRZNTZPz/OO
Xl0XrRWV2N2y1RVuAE6zS89mlOTgzbUF2mNXi+WzqtvALhyQRNsaXRik7r4EW5nVcV9VZWRi1aKb
BFmGyGJ353yCRWo9F7/snXUMrqNvWtMvmDb08PUZqxFdyKbjKlhqQgnDvZImZjINXQhVdP+MmNAK
poRq0Tl9
-----END CERTIFICATE-----
D-TRUST Root Class 3 CA 2 2009
==============================
-----BEGIN CERTIFICATE-----
@@ -2271,84 +1928,6 @@ NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
w9y4AyHqnxbxLFS1
-----END CERTIFICATE-----
PSCProcert
==========
-----BEGIN CERTIFICATE-----
MIIJhjCCB26gAwIBAgIBCzANBgkqhkiG9w0BAQsFADCCAR4xPjA8BgNVBAMTNUF1dG9yaWRhZCBk
ZSBDZXJ0aWZpY2FjaW9uIFJhaXogZGVsIEVzdGFkbyBWZW5lem9sYW5vMQswCQYDVQQGEwJWRTEQ
MA4GA1UEBxMHQ2FyYWNhczEZMBcGA1UECBMQRGlzdHJpdG8gQ2FwaXRhbDE2MDQGA1UEChMtU2lz
dGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMUMwQQYDVQQLEzpTdXBl
cmludGVuZGVuY2lhIGRlIFNlcnZpY2lvcyBkZSBDZXJ0aWZpY2FjaW9uIEVsZWN0cm9uaWNhMSUw
IwYJKoZIhvcNAQkBFhZhY3JhaXpAc3VzY2VydGUuZ29iLnZlMB4XDTEwMTIyODE2NTEwMFoXDTIw
MTIyNTIzNTk1OVowgdExJjAkBgkqhkiG9w0BCQEWF2NvbnRhY3RvQHByb2NlcnQubmV0LnZlMQ8w
DQYDVQQHEwZDaGFjYW8xEDAOBgNVBAgTB01pcmFuZGExKjAoBgNVBAsTIVByb3ZlZWRvciBkZSBD
ZXJ0aWZpY2Fkb3MgUFJPQ0VSVDE2MDQGA1UEChMtU2lzdGVtYSBOYWNpb25hbCBkZSBDZXJ0aWZp
Y2FjaW9uIEVsZWN0cm9uaWNhMQswCQYDVQQGEwJWRTETMBEGA1UEAxMKUFNDUHJvY2VydDCCAiIw
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANW39KOUM6FGqVVhSQ2oh3NekS1wwQYalNo97BVC
wfWMrmoX8Yqt/ICV6oNEolt6Vc5Pp6XVurgfoCfAUFM+jbnADrgV3NZs+J74BCXfgI8Qhd19L3uA
3VcAZCP4bsm+lU/hdezgfl6VzbHvvnpC2Mks0+saGiKLt38GieU89RLAu9MLmV+QfI4tL3czkkoh
RqipCKzx9hEC2ZUWno0vluYC3XXCFCpa1sl9JcLB/KpnheLsvtF8PPqv1W7/U0HU9TI4seJfxPmO
EO8GqQKJ/+MMbpfg353bIdD0PghpbNjU5Db4g7ayNo+c7zo3Fn2/omnXO1ty0K+qP1xmk6wKImG2
0qCZyFSTXai20b1dCl53lKItwIKOvMoDKjSuc/HUtQy9vmebVOvh+qBa7Dh+PsHMosdEMXXqP+UH
0quhJZb25uSgXTcYOWEAM11G1ADEtMo88aKjPvM6/2kwLkDd9p+cJsmWN63nOaK/6mnbVSKVUyqU
td+tFjiBdWbjxywbk5yqjKPK2Ww8F22c3HxT4CAnQzb5EuE8XL1mv6JpIzi4mWCZDlZTOpx+FIyw
Bm/xhnaQr/2v/pDGj59/i5IjnOcVdo/Vi5QTcmn7K2FjiO/mpF7moxdqWEfLcU8UC17IAggmosvp
r2uKGcfLFFb14dq12fy/czja+eevbqQ34gcnAgMBAAGjggMXMIIDEzASBgNVHRMBAf8ECDAGAQH/
AgEBMDcGA1UdEgQwMC6CD3N1c2NlcnRlLmdvYi52ZaAbBgVghl4CAqASDBBSSUYtRy0yMDAwNDAz
Ni0wMB0GA1UdDgQWBBRBDxk4qpl/Qguk1yeYVKIXTC1RVDCCAVAGA1UdIwSCAUcwggFDgBStuyId
xuDSAaj9dlBSk+2YwU2u06GCASakggEiMIIBHjE+MDwGA1UEAxM1QXV0b3JpZGFkIGRlIENlcnRp
ZmljYWNpb24gUmFpeiBkZWwgRXN0YWRvIFZlbmV6b2xhbm8xCzAJBgNVBAYTAlZFMRAwDgYDVQQH
EwdDYXJhY2FzMRkwFwYDVQQIExBEaXN0cml0byBDYXBpdGFsMTYwNAYDVQQKEy1TaXN0ZW1hIE5h
Y2lvbmFsIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExQzBBBgNVBAsTOlN1cGVyaW50ZW5k
ZW5jaWEgZGUgU2VydmljaW9zIGRlIENlcnRpZmljYWNpb24gRWxlY3Ryb25pY2ExJTAjBgkqhkiG
9w0BCQEWFmFjcmFpekBzdXNjZXJ0ZS5nb2IudmWCAQowDgYDVR0PAQH/BAQDAgEGME0GA1UdEQRG
MESCDnByb2NlcnQubmV0LnZloBUGBWCGXgIBoAwMClBTQy0wMDAwMDKgGwYFYIZeAgKgEgwQUklG
LUotMzE2MzUzNzMtNzB2BgNVHR8EbzBtMEagRKBChkBodHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52
ZS9sY3IvQ0VSVElGSUNBRE8tUkFJWi1TSEEzODRDUkxERVIuY3JsMCOgIaAfhh1sZGFwOi8vYWNy
YWl6LnN1c2NlcnRlLmdvYi52ZTA3BggrBgEFBQcBAQQrMCkwJwYIKwYBBQUHMAGGG2h0dHA6Ly9v
Y3NwLnN1c2NlcnRlLmdvYi52ZTBBBgNVHSAEOjA4MDYGBmCGXgMBAjAsMCoGCCsGAQUFBwIBFh5o
dHRwOi8vd3d3LnN1c2NlcnRlLmdvYi52ZS9kcGMwDQYJKoZIhvcNAQELBQADggIBACtZ6yKZu4Sq
T96QxtGGcSOeSwORR3C7wJJg7ODU523G0+1ng3dS1fLld6c2suNUvtm7CpsR72H0xpkzmfWvADmN
g7+mvTV+LFwxNG9s2/NkAZiqlCxB3RWGymspThbASfzXg0gTB1GEMVKIu4YXx2sviiCtxQuPcD4q
uxtxj7mkoP3YldmvWb8lK5jpY5MvYB7Eqvh39YtsL+1+LrVPQA3uvFd359m21D+VJzog1eWuq2w1
n8GhHVnchIHuTQfiSLaeS5UtQbHh6N5+LwUeaO6/u5BlOsju6rEYNxxik6SgMexxbJHmpHmJWhSn
FFAFTKQAVzAswbVhltw+HoSvOULP5dAssSS830DD7X9jSr3hTxJkhpXzsOfIt+FTvZLm8wyWuevo
5pLtp4EJFAv8lXrPj9Y0TzYS3F7RNHXGRoAvlQSMx4bEqCaJqD8Zm4G7UaRKhqsLEQ+xrmNTbSjq
3TNWOByyrYDT13K9mmyZY+gAu0F2BbdbmRiKw7gSXFbPVgx96OLP7bx0R/vu0xdOIk9W/1DzLuY5
poLWccret9W6aAjtmcz9opLLabid+Qqkpj5PkygqYWwHJgD/ll9ohri4zspV4KuxPX+Y1zMOWj3Y
eMLEYC/HYvBhkdI4sPaeVdtAgAUSM84dkpvRabP/v/GSCmE1P93+hvS84Bpxs2Km
-----END CERTIFICATE-----
CA Disig Root R1
================
-----BEGIN CERTIFICATE-----
MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw
EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx
EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy
3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8
u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2
m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk
CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa
YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6
vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL
LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX
ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is
XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV
HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ
04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR
xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B
LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM
CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb
VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85
YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS
ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix
lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N
UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ
a7+h89n07eLw4+1knj0vllJPgFOL
-----END CERTIFICATE-----
CA Disig Root R2
================
-----BEGIN CERTIFICATE-----
@@ -2752,66 +2331,6 @@ G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
82Z+
-----END CERTIFICATE-----
WoSign
======
-----BEGIN CERTIFICATE-----
MIIFdjCCA16gAwIBAgIQXmjWEXGUY1BWAGjzPsnFkTANBgkqhkiG9w0BAQUFADBVMQswCQYDVQQG
EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxKjAoBgNVBAMTIUNlcnRpZmljYXRpb24g
QXV0aG9yaXR5IG9mIFdvU2lnbjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMFUxCzAJ
BgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEqMCgGA1UEAxMhQ2VydGlmaWNh
dGlvbiBBdXRob3JpdHkgb2YgV29TaWduMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA
vcqNrLiRFVaXe2tcesLea9mhsMMQI/qnobLMMfo+2aYpbxY94Gv4uEBf2zmoAHqLoE1UfcIiePyO
CbiohdfMlZdLdNiefvAA5A6JrkkoRBoQmTIPJYhTpA2zDxIIFgsDcSccf+Hb0v1naMQFXQoOXXDX
2JegvFNBmpGN9J42Znp+VsGQX+axaCA2pIwkLCxHC1l2ZjC1vt7tj/id07sBMOby8w7gLJKA84X5
KIq0VC6a7fd2/BVoFutKbOsuEo/Uz/4Mx1wdC34FMr5esAkqQtXJTpCzWQ27en7N1QhatH/YHGkR
+ScPewavVIMYe+HdVHpRaG53/Ma/UkpmRqGyZxq7o093oL5d//xWC0Nyd5DKnvnyOfUNqfTq1+ez
EC8wQjchzDBwyYaYD8xYTYO7feUapTeNtqwylwA6Y3EkHp43xP901DfA4v6IRmAR3Qg/UDaruHqk
lWJqbrDKaiFaafPz+x1wOZXzp26mgYmhiMU7ccqjUu6Du/2gd/Tkb+dC221KmYo0SLwX3OSACCK2
8jHAPwQ+658geda4BmRkAjHXqc1S+4RFaQkAKtxVi8QGRkvASh0JWzko/amrzgD5LkhLJuYwTKVY
yrREgk/nkR4zw7CT/xH8gdLKH3Ep3XZPkiWvHYG3Dy+MwwbMLyejSuQOmbp8HkUff6oZRZb9/D0C
AwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFOFmzw7R
8bNLtwYgFP6HEtX2/vs+MA0GCSqGSIb3DQEBBQUAA4ICAQCoy3JAsnbBfnv8rWTjMnvMPLZdRtP1
LOJwXcgu2AZ9mNELIaCJWSQBnfmvCX0KI4I01fx8cpm5o9dU9OpScA7F9dY74ToJMuYhOZO9sxXq
T2r09Ys/L3yNWC7F4TmgPsc9SnOeQHrAK2GpZ8nzJLmzbVUsWh2eJXLOC62qx1ViC777Y7NhRCOj
y+EaDveaBk3e1CNOIZZbOVtXHS9dCF4Jef98l7VNg64N1uajeeAz0JmWAjCnPv/So0M/BVoG6kQC
2nz4SNAzqfkHx5Xh9T71XXG68pWpdIhhWeO/yloTunK0jF02h+mmxTwTv97QRCbut+wucPrXnbes
5cVAWubXbHssw1abR80LzvobtCHXt2a49CUwi1wNuepnsvRtrtWhnk/Yn+knArAdBtaP4/tIEp9/
EaEQPkxROpaw0RPxx9gmrjrKkcRpnd8BKWRRb2jaFOwIQZeQjdCygPLPwj2/kWjFgGcexGATVdVh
mVd8upUPYUk6ynW8yQqTP2cOEvIo4jEbwFcW3wh8GcF+Dx+FHgo2fFt+J7x6v+Db9NpSvd4MVHAx
kUOVyLzwPt0JfjBkUO1/AaQzZ01oT74V77D2AhGiGxMlOtzCWfHjXEa7ZywCRuoeSKbmW9m1vFGi
kpbbqsY3Iqb+zCB0oy2pLmvLwIIRIbWTee5Ehr7XHuQe+w==
-----END CERTIFICATE-----
WoSign China
============
-----BEGIN CERTIFICATE-----
MIIFWDCCA0CgAwIBAgIQUHBrzdgT/BtOOzNy0hFIjTANBgkqhkiG9w0BAQsFADBGMQswCQYDVQQG
EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMMEkNBIOayg+mAmuagueiv
geS5pjAeFw0wOTA4MDgwMTAwMDFaFw0zOTA4MDgwMTAwMDFaMEYxCzAJBgNVBAYTAkNOMRowGAYD
VQQKExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAwwSQ0Eg5rKD6YCa5qC56K+B5LmmMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA0EkhHiX8h8EqwqzbdoYGTufQdDTc7WU1/FDWiD+k
8H/rD195L4mx/bxjWDeTmzj4t1up+thxx7S8gJeNbEvxUNUqKaqoGXqW5pWOdO2XCld19AXbbQs5
uQF/qvbW2mzmBeCkTVL829B0txGMe41P/4eDrv8FAxNXUDf+jJZSEExfv5RxadmWPgxDT74wwJ85
dE8GRV2j1lY5aAfMh09Qd5Nx2UQIsYo06Yms25tO4dnkUkWMLhQfkWsZHWgpLFbE4h4TV2TwYeO5
Ed+w4VegG63XX9Gv2ystP9Bojg/qnw+LNVgbExz03jWhCl3W6t8Sb8D7aQdGctyB9gQjF+BNdeFy
b7Ao65vh4YOhn0pdr8yb+gIgthhid5E7o9Vlrdx8kHccREGkSovrlXLp9glk3Kgtn3R46MGiCWOc
76DbT52VqyBPt7D3h1ymoOQ3OMdc4zUPLK2jgKLsLl3Az+2LBcLmc272idX10kaO6m1jGx6KyX2m
+Jzr5dVjhU1zZmkR/sgO9MHHZklTfuQZa/HpelmjbX7FF+Ynxu8b22/8DU0GAbQOXDBGVWCvOGU6
yke6rCzMRh+yRpY/8+0mBe53oWprfi1tWFxK1I5nuPHa1UaKJ/kR8slC/k7e3x9cxKSGhxYzoacX
GKUN5AXlK8IrC6KVkLn9YDxOiT7nnO4fuwECAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1Ud
EwEB/wQFMAMBAf8wHQYDVR0OBBYEFOBNv9ybQV0T6GTwp+kVpOGBwboxMA0GCSqGSIb3DQEBCwUA
A4ICAQBqinA4WbbaixjIvirTthnVZil6Xc1bL3McJk6jfW+rtylNpumlEYOnOXOvEESS5iVdT2H6
yAa+Tkvv/vMx/sZ8cApBWNromUuWyXi8mHwCKe0JgOYKOoICKuLJL8hWGSbueBwj/feTZU7n85iY
r83d2Z5AiDEoOqsuC7CsDCT6eiaY8xJhEPRdF/d+4niXVOKM6Cm6jBAyvd0zaziGfjk9DgNyp115
j0WKWa5bIW4xRtVZjc8VX90xJc/bYNaBRHIpAlf2ltTW/+op2znFuCyKGo3Oy+dCMYYFaA6eFN0A
kLppRQjbbpCBhqcqBT/mhDn4t/lXX0ykeVoQDF7Va/81XwVRHmyjdanPUIPTfPRm94KNPQx96N97
qA4bLJyuQHCH2u2nFoJavjVsIE4iYdm8UXrNemHcSxH5/mc0zy4EZmFcV5cjjPOGG0jfKq+nwf/Y
jj4Du9gqsPoUJbJRa4ZDhS4HIxaAjUz7tGM7zMN07RujHv41D198HRaG9Q7DlfEvr10lO1Hm13ZB
ONFLAzkopR6RctR9q5czxNM+4Gm2KHmgCY0c0f9BckgG/Jou5yD5m6Leie2uPAmvylezkolwQOQv
T8Jwg0DXJCxr5wkf09XHwQj02w47HAcLQxGEIYbpgNR12KvxAmLBsX5VYc8T1yaw15zLKYs4SgsO
kI26oQ==
-----END CERTIFICATE-----
COMODO RSA Certification Authority
==================================
-----BEGIN CERTIFICATE-----
@@ -3193,42 +2712,6 @@ HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
-----END CERTIFICATE-----
Certification Authority of WoSign G2
====================================
-----BEGIN CERTIFICATE-----
MIIDfDCCAmSgAwIBAgIQayXaioidfLwPBbOxemFFRDANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQG
EwJDTjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxLTArBgNVBAMTJENlcnRpZmljYXRpb24g
QXV0aG9yaXR5IG9mIFdvU2lnbiBHMjAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMFgx
CzAJBgNVBAYTAkNOMRowGAYDVQQKExFXb1NpZ24gQ0EgTGltaXRlZDEtMCsGA1UEAxMkQ2VydGlm
aWNhdGlvbiBBdXRob3JpdHkgb2YgV29TaWduIEcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvsXEoCKASU+/2YcRxlPhuw+9YH+v9oIOH9ywjj2X4FA8jzrvZjtFB5sg+OPXJYY1kBai
XW8wGQiHC38Gsp1ij96vkqVg1CuAmlI/9ZqD6TRay9nVYlzmDuDfBpgOgHzKtB0TiGsOqCR3A9Du
W/PKaZE1OVbFbeP3PU9ekzgkyhjpJMuSA93MHD0JcOQg5PGurLtzaaNjOg9FD6FKmsLRY6zLEPg9
5k4ot+vElbGs/V6r+kHLXZ1L3PR8du9nfwB6jdKgGlxNIuG12t12s9R23164i5jIFFTMaxeSt+BK
v0mUYQs4kI9dJGwlezt52eJ+na2fmKEG/HgUYFf47oB3sQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+mCp62XF3RYUCE4MD42b4Pdkr2cwDQYJKoZI
hvcNAQELBQADggEBAFfDejaCnI2Y4qtAqkePx6db7XznPWZaOzG73/MWM5H8fHulwqZm46qwtyeY
P0nXYGdnPzZPSsvxFPpahygc7Y9BMsaV+X3avXtbwrAh449G3CE4Q3RM+zD4F3LBMvzIkRfEzFg3
TgvMWvchNSiDbGAtROtSjFA9tWwS1/oJu2yySrHFieT801LYYRf+epSEj3m2M1m6D8QL4nCgS3gu
+sif/a+RZQp4OBXllxcU3fngLDT4ONCEIgDAFFEYKwLcMFrw6AF8NTojrwjkr6qOKEJJLvD1mTS+
7Q9LGOHSJDy7XUe3IfKN0QqZjuNuPq1w4I+5ysxugTH2e5x6eeRncRg=
-----END CERTIFICATE-----
CA WoSign ECC Root
==================
-----BEGIN CERTIFICATE-----
MIICCTCCAY+gAwIBAgIQaEpYcIBr8I8C+vbe6LCQkDAKBggqhkjOPQQDAzBGMQswCQYDVQQGEwJD
TjEaMBgGA1UEChMRV29TaWduIENBIExpbWl0ZWQxGzAZBgNVBAMTEkNBIFdvU2lnbiBFQ0MgUm9v
dDAeFw0xNDExMDgwMDU4NThaFw00NDExMDgwMDU4NThaMEYxCzAJBgNVBAYTAkNOMRowGAYDVQQK
ExFXb1NpZ24gQ0EgTGltaXRlZDEbMBkGA1UEAxMSQ0EgV29TaWduIEVDQyBSb290MHYwEAYHKoZI
zj0CAQYFK4EEACIDYgAE4f2OuEMkq5Z7hcK6C62N4DrjJLnSsb6IOsq/Srj57ywvr1FQPEd1bPiU
t5v8KB7FVMxjnRZLU8HnIKvNrCXSf4/CwVqCXjCLelTOA7WRf6qU0NGKSMyCBSah1VES1ns2o0Iw
QDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUqv3VWqP2h4syhf3R
MluARZPzA7gwCgYIKoZIzj0EAwMDaAAwZQIxAOSkhLCB1T2wdKyUpOgOPQB0TKGXa/kNUTyh2Tv0
Daupn75OcsqF1NnstTJFGG+rrQIwfcf3aWMvoeGY7xMQ0Xk/0f7qO3/eVvSQsRUR2LIiFdAvwyYu
a/GRspBl9JrmkO5K
-----END CERTIFICATE-----
SZAFIR ROOT CA2
===============
-----BEGIN CERTIFICATE-----
@@ -3644,3 +3127,212 @@ lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
-----END CERTIFICATE-----
GDCA TrustAUTH R5 ROOT
======================
-----BEGIN CERTIFICATE-----
MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
+PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
-----END CERTIFICATE-----
TrustCor RootCert CA-1
======================
-----BEGIN CERTIFICATE-----
MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP
MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx
MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu
YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe
VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy
dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq
jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4
pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0
JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h
gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw
/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j
BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5
mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf
ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C
qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P
3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk=
-----END CERTIFICATE-----
TrustCor RootCert CA-2
======================
-----BEGIN CERTIFICATE-----
MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w
DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT
eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0
eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy
MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U
cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0
IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb
ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk
RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1
oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb
XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1
/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q
jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP
eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg
rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh
8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU
2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD
VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h
Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp
kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv
2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3
S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv
DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU
RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE
xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX
RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ
-----END CERTIFICATE-----
TrustCor ECA-1
==============
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP
MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw
N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5
MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR
MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23
xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc
p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+
fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj
YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL
f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u
/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F
hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs
J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC
jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g==
-----END CERTIFICATE-----
SSL.com Root Certification Authority RSA
========================================
-----BEGIN CERTIFICATE-----
MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
-----END CERTIFICATE-----
SSL.com Root Certification Authority ECC
========================================
-----BEGIN CERTIFICATE-----
MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
-----END CERTIFICATE-----
SSL.com EV Root Certification Authority RSA R2
==============================================
-----BEGIN CERTIFICATE-----
MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
+qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
-----END CERTIFICATE-----
SSL.com EV Root Certification Authority ECC
===========================================
-----BEGIN CERTIFICATE-----
MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
-----END CERTIFICATE-----
+6
View File
@@ -14,6 +14,12 @@ export MAKE="make -j3"
export CPPFLAGS="-DFAKELAG_CONFIGURABLE"
extras/build-tests/nix/select-config $BUILDCONFIG
# Read config.settings, this makes a couple of variables available to us.
. ./config.settings
if [ "$SSLDIR" != "" ]; then
# In case we build local openssl/libressl
export LD_LIBRARY_PATH="$SSLDIR/lib"
fi
./Config -quick || (tail -n 5000 config.log; echo '*** now tre:'; tail -n 5000 extras/tre-0.8.0-git/config.log; echo '** end of tre config.log **'; exit 1)
$MAKE
yes ''|make pem
+11
View File
@@ -33,6 +33,9 @@ else
fi
cd ..
# Install 'cipherscan'
git clone https://github.com/mozilla/cipherscan
# Install 'unrealircd-tests'
git clone https://github.com/unrealircd/unrealircd-tests.git
cd unrealircd-tests
@@ -46,6 +49,14 @@ bin/unrealircd -f irc1.conf
bin/unrealircd -f irc2.conf
cd -
# Do cipherscan test
sleep 2
cd ../cipherscan
./cipherscan --no-colors 127.0.0.1:5900
#./cipherscan --json 127.0.0.1:5900 >.........
sleep 5
cd -
# Back in unrealircd-tests, run the tests!
if [[ "$OSTYPE" == "darwin"* ]]; then
bundle exec rake
+33
View File
@@ -4,6 +4,20 @@
# It is not meant to be used by end-users
#
function build_ssl {
DIR="$2"
URL="$1/$2.tar.gz"
savewd="$PWD"
cd ~
wget "$URL" || exit 1
tar xzvf $DIR.tar.gz
cd "$DIR"
(./configure --prefix=$HOME/ssl || ./config --prefix=$HOME/ssl -fPIC) || exit 1
(make -j2 && make install) || exit 1
cd "$savewd"
echo "SSLDIR=$HOME/ssl" >>config.settings
}
if [ ! -d extras ]; then
echo "This tool is supposed to be run from the source root, so ~/unrealircd-4.0.x or similar"
exit 1
@@ -18,6 +32,7 @@ cp extras/build-tests/nix/configs/default ./config.settings
# Also for our FreeBSD machine we have to uninstall some stuff since a clean
# environment is not guaranteed...
if [ "$OSTYPE" = "linux-gnu" ]; then
sudo apt-get -qq update
sudo apt-get install libtool -qq
elif [[ "$OSTYPE" == "freebsd"* ]]; then
sudo pkg install -y libtool
@@ -67,9 +82,27 @@ do
fi
echo 'REMOTEINC=1' >>config.settings
echo "CURLDIR=`pwd`/extras/curl" >>config.settings
elif [ "$1" = "libressl-25" ]; then
build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.5.5
elif [ "$1" = "libressl-26" ]; then
build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.6.4
elif [ "$1" = "libressl-27" ]; then
build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.7.2
elif [ "$1" = "openssl-102" ]; then
build_ssl https://www.openssl.org/source openssl-1.0.2o
elif [ "$1" = "openssl-110" ]; then
build_ssl https://www.openssl.org/source openssl-1.1.0h
elif [ "$1" = "openssl-111" ]; then
build_ssl https://www.openssl.org/source openssl-1.1.1-pre7
else
echo "Unknown option $1"
exit 1
fi
shift
done
if [[ "$OSTYPE" == "darwin"* ]]; then
echo "NOTE: Not building with -Werror for now on macOS..."
else
echo 'EXTRAPARA="--enable-werror"' >>config.settings
fi
+2 -3
View File
@@ -1,7 +1,6 @@
rem Build script for appveyor
rem Initialize Visual Studio variables
if "%TARGET%" == "Visual Studio 2012" call "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcvarsall.bat" x86
if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat"
rem Installing tools
@@ -16,8 +15,8 @@ cd \projects
mkdir unrealircd-deps
cd unrealircd-deps
wget https://www.unrealircd.org/files/dev/win/SetACL.exe
wget https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-4.0.16.zip
unzip unrealircd-libraries-4.0.16.zip
wget https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-devel.zip
unzip unrealircd-libraries-devel.zip
cd \projects\unrealircd
@@ -1,28 +0,0 @@
rem Build command for Visual Studio 2012
rem This version needs a patch of the makefile.win32
IF EXIST rollback409410.rar GOTO nopatch
rem Patch to support Visual Studio 2012
wget https://www.unrealircd.org/files/dev/win/rollback409410.rar
unrar x rollback409410.rar
patch -p1 -R <rollback409.makefile.patch
patch -p1 -R <rollback409.unrealinst.patch
:nopatch
nmake -f makefile.win32 ^
USE_SSL=1 ^
OPENSSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
OPENSSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\x86" ^
USE_REMOTEINC=1 ^
LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc110\cares\dll-release" ^
CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
CARESLIB="cares.lib" ^
TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
TRELIB="tre.lib" ^
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\build" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\build\release" ^
PCRE2LIB="pcre2-8.lib" %*
@@ -2,17 +2,17 @@ rem Build command for Visual Studio 2017
nmake -f makefile.win32 ^
LIBRESSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\x86" ^
SSLLIB="libcrypto-41.lib libssl-43.lib libtls-15.lib" ^
LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\lib" ^
SSLLIB="crypto-43.lib ssl-45.lib" ^
USE_REMOTEINC=1 ^
LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc110\cares\dll-release" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc\cares\dll-release" ^
CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
CARESLIB="cares.lib" ^
TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
TRELIB="tre.lib" ^
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\build" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\build\release" ^
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\include" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\lib" ^
PCRE2LIB="pcre2-8.lib" %*
+2 -2
View File
@@ -130,7 +130,7 @@ const char *inet_ntop(int, const void *, char *, size_t);
int inet_pton(int af, const char *src, void *dst);
#endif
MODVAR int global_count, max_global_count;
extern MODVAR int global_count, max_global_count;
extern char *myctime(time_t);
extern char *strtoken(char **, char *, char *);
@@ -291,7 +291,7 @@ extern int lu_noninv, lu_inv, lu_serv, lu_oper,
lu_unknown, lu_channel, lu_lu, lu_lulocal, lu_lserv,
lu_clu, lu_mlu, lu_cglobalu, lu_mglobalu;
MODVAR TS now;
extern MODVAR TS now;
#ifndef _WIN32
#if defined(__STDC__)
+6 -1
View File
@@ -313,11 +313,16 @@
*/
#undef EXPERIMENTAL
/* Default SSL/TLS cipherlist.
/* Default SSL/TLS cipherlist (except for TLS1.3, see further down).
* This can be changed via set::ssl::options::ciphers in the config file.
*/
#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA"
/* Default TLS 1.3 ciphersuites.
* This can be changed via set::ssl::options::ciphersuites in the config file.
*/
#define UNREALIRCD_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256"
/* Default SSL/TLS curves for ECDH(E)
* This can be changed via set::ssl::options::ecdh-curve in the config file.
* NOTE: This requires openssl 1.0.2 or newer, otherwise these defaults
+5 -4
View File
@@ -290,6 +290,7 @@ extern void sendto_snomask_normal(int snomask, char *pattern, ...) __attribute__
extern void sendto_snomask_normal_global(int snomask, char *pattern, ...) __attribute__((format(printf,2,3)));
extern void sendnotice(aClient *to, char *pattern, ...) __attribute__((format(printf,2,3)));
extern void sendto_server(aClient *one, unsigned long caps, unsigned long nocaps, const char *format, ...) __attribute__((format(printf, 4,5)));
extern void sendto_ops_and_log(char *pattern, ...) __attribute__((format(printf,1,2)));
extern MODVAR int writecalls, writeb[];
extern int deliver_it(aClient *, char *, int);
@@ -620,17 +621,16 @@ extern MODVAR int (*register_user)(aClient *cptr, aClient *sptr, char *nick, cha
extern MODVAR int (*tkl_hash)(unsigned int c);
extern MODVAR char (*tkl_typetochar)(int type);
extern MODVAR aTKline *(*tkl_add_line)(int type, char *usermask, char *hostmask, char *reason, char *setby,
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type);
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type, int soft);
extern MODVAR aTKline *(*tkl_del_line)(aTKline *tkl);
extern MODVAR void (*tkl_check_local_remove_shun)(aTKline *tmp);
extern MODVAR aTKline *(*tkl_expire)(aTKline * tmp);
extern MODVAR EVENT((*tkl_check_expire));
extern MODVAR int (*find_tkline_match)(aClient *cptr, int xx);
extern MODVAR int (*find_tkline_match)(aClient *cptr, int skip_soft);
extern MODVAR int (*find_shun)(aClient *cptr);
extern MODVAR int (*find_spamfilter_user)(aClient *sptr, int flags);
extern MODVAR aTKline *(*find_qline)(aClient *cptr, char *nick, int *ishold);
extern MODVAR int (*find_tkline_match_zap)(aClient *cptr);
extern MODVAR int (*find_tkline_match_zap_ex)(aClient *cptr, aTKline **rettk);
extern MODVAR aTKline *(*find_tkline_match_zap)(aClient *cptr);
extern MODVAR void (*tkl_stats)(aClient *cptr, int type, char *para);
extern MODVAR void (*tkl_synch)(aClient *sptr);
extern MODVAR int (*m_tkl)(aClient *cptr, aClient *sptr, int parc, char *parv[]);
@@ -797,3 +797,4 @@ extern MODVAR int current_serial;
extern char *spki_fingerprint(aClient *acptr);
extern int is_module_loaded(char *name);
extern void close_std_descriptors(void);
extern int banned_client(aClient *acptr, char *bantype, char *reason, int global, int noexit);
+35 -33
View File
@@ -489,10 +489,10 @@ typedef struct _ModuleObject {
#define MODERR_INVALID 3
#define MODERR_NOTFOUND 4
unsigned int ModuleGetError(Module *module);
const char *ModuleGetErrorStr(Module *module);
unsigned int ModuleGetOptions(Module *module);
unsigned int ModuleSetOptions(Module *module, unsigned int options, int action);
extern unsigned int ModuleGetError(Module *module);
extern const char *ModuleGetErrorStr(Module *module);
extern unsigned int ModuleGetOptions(Module *module);
extern unsigned int ModuleSetOptions(Module *module, unsigned int options, int action);
struct _Module
{
@@ -560,8 +560,6 @@ struct _eventinfo {
};
/* Huh? Why are those not marked as extern?? -- Syzop */
extern MODVAR Hook *Hooks[MAXHOOKTYPES];
extern MODVAR Hooktype Hooktypes[MAXCUSTOMHOOKS];
extern MODVAR Callback *Callbacks[MAXCALLBACKS], *RCallbacks[MAXCALLBACKS];
@@ -569,31 +567,32 @@ extern MODVAR Efunction *Efunctions[MAXEFUNCTIONS];
extern MODVAR ClientCapability *clicaps;
#define EventAdd(name, every, howmany, event, data) EventAddEx(NULL, name, every, howmany, event, data)
Event *EventAddEx(Module *, char *name, long every, long howmany,
extern Event *EventAddEx(Module *, char *name, long every, long howmany,
vFP event, void *data);
Event *EventDel(Event *event);
Event *EventMarkDel(Event *event);
Event *EventFind(char *name);
int EventMod(Event *event, EventInfo *mods);
void DoEvents(void);
void EventStatus(aClient *sptr);
void SetupEvents(void);
void LockEventSystem(void);
void UnlockEventSystem(void);
extern Event *EventDel(Event *event);
extern Event *EventMarkDel(Event *event);
extern Event *EventFind(char *name);
extern int EventMod(Event *event, EventInfo *mods);
extern void DoEvents(void);
extern void EventStatus(aClient *sptr);
extern void SetupEvents(void);
extern void LockEventSystem(void);
extern void UnlockEventSystem(void);
void Module_Init(void);
char *Module_Create(char *path);
void Init_all_testing_modules(void);
void Unload_all_loaded_modules(void);
void Unload_all_testing_modules(void);
int Module_Unload(char *name);
vFP Module_Sym(char *name);
vFP Module_SymX(char *name, Module **mptr);
int Module_free(Module *mod);
extern void Module_Init(void);
extern char *Module_Create(char *path);
extern char *Module_TransformPath(char *path_);
extern void Init_all_testing_modules(void);
extern void Unload_all_loaded_modules(void);
extern void Unload_all_testing_modules(void);
extern int Module_Unload(char *name);
extern vFP Module_Sym(char *name);
extern vFP Module_SymX(char *name, Module **mptr);
extern int Module_free(Module *mod);
#ifdef __OpenBSD__
void *obsd_dlsym(void *handle, char *symbol);
extern void *obsd_dlsym(void *handle, char *symbol);
#endif
extern Versionflag *VersionflagAdd(Module *module, char flag);
@@ -699,18 +698,19 @@ extern Callback *CallbackDel(Callback *cb);
extern Efunction *EfunctionAddMain(Module *module, int eftype, int (*intfunc)(), void (*voidfunc)(), void *(*pvoidfunc)(), char *(*pcharfunc)());
extern Efunction *EfunctionDel(Efunction *cb);
Command *CommandAdd(Module *module, char *cmd, int (*func)(aClient *cptr, aClient *sptr, int parc, char *parv[]), unsigned char params, int flags);
void CommandDel(Command *command);
int CommandExists(char *name);
Cmdoverride *CmdoverrideAdd(Module *module, char *cmd, int (*func)(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]));
void CmdoverrideDel(Cmdoverride *ovr);
int CallCmdoverride(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]);
extern Command *CommandAdd(Module *module, char *cmd, int (*func)(aClient *cptr, aClient *sptr, int parc, char *parv[]), unsigned char params, int flags);
extern void CommandDel(Command *command);
extern int CommandExists(char *name);
extern Cmdoverride *CmdoverrideAdd(Module *module, char *cmd, int (*func)(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]));
extern Cmdoverride *CmdoverrideAddEx(Module *module, char *name, int priority, int (*func)(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]));
extern void CmdoverrideDel(Cmdoverride *ovr);
extern int CallCmdoverride(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]);
extern void moddata_free_client(aClient *acptr);
extern void moddata_free_channel(aChannel *chptr);
extern void moddata_free_member(Member *m);
extern void moddata_free_membership(Membership *m);
ModDataInfo *findmoddata_byname(char *name, ModDataType type);
extern ModDataInfo *findmoddata_byname(char *name, ModDataType type);
extern int moddata_client_set(aClient *acptr, char *varname, char *value);
extern char *moddata_client_get(aClient *acptr, char *varname);
@@ -1011,6 +1011,7 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
#define CALLBACKTYPE_CLOAK 1
#define CALLBACKTYPE_CLOAKKEYCSUM 2
#define CALLBACKTYPE_CLOAK_EX 3
#define CALLBACKTYPE_BLACKLIST_CHECK 4
/* Efunction types */
#define EFUNC_DO_JOIN 1
@@ -1090,6 +1091,7 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
#define CONFIG_ALLOW 6
#define CONFIG_CLOAKKEYS 7
#define CONFIG_SET_ANTI_FLOOD 8
#define CONFIG_REQUIRE 9
#define MOD_HEADER(name) Mod_Header
#define MOD_TEST(name) DLLFUNC int Mod_Test(ModuleInfo *modinfo)
+39 -12
View File
@@ -116,6 +116,7 @@ typedef struct _configitem_unknown_ext ConfigItem_unknown_ext;
typedef struct _configitem_alias ConfigItem_alias;
typedef struct _configitem_alias_format ConfigItem_alias_format;
typedef struct _configitem_include ConfigItem_include;
typedef struct _configitem_blacklist_module ConfigItem_blacklist_module;
typedef struct _configitem_help ConfigItem_help;
typedef struct _configitem_offchans ConfigItem_offchans;
typedef struct liststruct ListStruct;
@@ -713,10 +714,10 @@ struct Server {
/* tkl:
* TKL_KILL|TKL_GLOBAL = Global K:Line (G:Line)
* TKL_ZAP|TKL_GLOBAL = Global Z:Line (ZLINE)
* TKL_KILL = Timed local K:Line
* TKL_ZAP = Local Z:Line
* TKL_KILL|TKL_GLOBAL = Global K-Line (GLINELine)
* TKL_ZAP|TKL_GLOBAL = Global Z-Line (ZLINE)
* TKL_KILL = Local K-Line
* TKL_ZAP = Local Z-Line
*/
#define TKL_KILL 0x0001
#define TKL_ZAP 0x0002
@@ -747,10 +748,13 @@ struct _spamfilter {
TS tkl_duration;
};
#define TKL_SUBTYPE_NONE 0x0000
#define TKL_SUBTYPE_SOFT 0x0001 /* (require SASL) */
struct t_kline {
aTKline *prev, *next;
int type;
unsigned short subtype; /* subtype (currently spamfilter only), see SPAMF_* */
unsigned short subtype; /* subtype: for spamfilter see SPAMF_*, otherwise TKL_SUBTYPE_* */
union {
Spamfilter *spamf;
} ptr;
@@ -951,12 +955,13 @@ struct _configflag_tld
unsigned rulesptr : 1;
};
#define CONF_BAN_NICK 1
#define CONF_BAN_IP 2
#define CONF_BAN_SERVER 3
#define CONF_BAN_USER 4
#define CONF_BAN_REALNAME 5
#define CONF_BAN_VERSION 6
#define CONF_BAN_NICK 1
#define CONF_BAN_IP 2
#define CONF_BAN_SERVER 3
#define CONF_BAN_USER 4
#define CONF_BAN_REALNAME 5
#define CONF_BAN_VERSION 6
#define CONF_BAN_UNAUTHENTICATED 7
#define CONF_BAN_TYPE_CONF 0
#define CONF_BAN_TYPE_AKILL 1
@@ -965,16 +970,29 @@ struct _configflag_tld
/* Ban actions. These must be ordered by severity (!) */
#define BAN_ACT_GZLINE 1100
#define BAN_ACT_GLINE 1000
#define BAN_ACT_SOFT_GLINE 950
#define BAN_ACT_ZLINE 900
#define BAN_ACT_KLINE 800
#define BAN_ACT_SOFT_KLINE 850
#define BAN_ACT_SHUN 700
#define BAN_ACT_SOFT_SHUN 650
#define BAN_ACT_KILL 600
#define BAN_ACT_SOFT_KILL 550
#define BAN_ACT_TEMPSHUN 500
#define BAN_ACT_SOFT_TEMPSHUN 450
#define BAN_ACT_VIRUSCHAN 400
#define BAN_ACT_SOFT_VIRUSCHAN 350
#define BAN_ACT_DCCBLOCK 300
#define BAN_ACT_SOFT_DCCBLOCK 250
#define BAN_ACT_BLOCK 200
#define BAN_ACT_SOFT_BLOCK 150
#define BAN_ACT_WARN 100
#define BAN_ACT_SOFT_WARN 50
#define IsSoftBanAction(x) ((x == BAN_ACT_SOFT_GLINE) || (x == BAN_ACT_SOFT_KLINE) || \
(x == BAN_ACT_SOFT_SHUN) || (x == BAN_ACT_SOFT_KILL) || \
(x == BAN_ACT_SOFT_TEMPSHUN) || (x == BAN_ACT_SOFT_VIRUSCHAN) || \
(x == BAN_ACT_SOFT_DCCBLOCK) || (x == BAN_ACT_SOFT_BLOCK) || \
(x == BAN_ACT_SOFT_WARN))
#define CRULE_ALL 0
#define CRULE_AUTO 1
@@ -1108,6 +1126,7 @@ struct _ssloptions {
char *trusted_ca_file;
unsigned int protocols;
char *ciphers;
char *ciphersuites;
char *ecdh_curves;
long options;
int renegotiate_bytes;
@@ -1334,6 +1353,11 @@ struct _configitem_include {
int included_from_line;
};
struct _configitem_blacklist_module {
ConfigItem_blacklist_module *prev, *next;
char *name;
};
struct _configitem_help {
ConfigItem_help *prev, *next;
ConfigFlag flag;
@@ -1681,6 +1705,7 @@ struct Command {
struct _cmdoverride {
Cmdoverride *prev, *next;
int priority;
Module *owner;
aCommand *command;
int (*func)();
@@ -1764,6 +1789,8 @@ typedef enum {
PLAINTEXT_POLICY_DENY=3
} PlaintextPolicy;
#define NO_EXIT_CLIENT 99
#endif /* __struct_include__ */
#include "dynconf.h"
+1 -1
View File
@@ -56,7 +56,7 @@
*/
#define UNREAL_VERSION_TIME 201552
#define UnrealProtocol 4018
#define UnrealProtocol 4019
#define PATCH1 macro_to_str(UNREAL_VERSION_GENERATION)
#define PATCH2 "." macro_to_str(UNREAL_VERSION_MAJOR)
#define PATCH3 "." macro_to_str(UNREAL_VERSION_MINOR)
+2 -2
View File
@@ -84,10 +84,10 @@
#define UNREAL_VERSION_MAJOR 0
/* Minor version number (e.g.: 1 for Unreal3.2.1) */
#define UNREAL_VERSION_MINOR 18
#define UNREAL_VERSION_MINOR 19
/* Version suffix such as a beta marker or release candidate marker. (e.g.:
-rcX for unrealircd-3.2.9-rcX) */
#define UNREAL_VERSION_SUFFIX "-devel"
#define UNREAL_VERSION_SUFFIX "-rc2"
#endif
+4
View File
@@ -168,6 +168,7 @@ OBJ_FILES=$(EXP_OBJ_FILES) SRC/GUI.OBJ SRC/SERVICE.OBJ SRC/DEBUG.OBJ SRC/RTF.OBJ
DLL_FILES=SRC/MODULES/M_CHGHOST.DLL SRC/MODULES/M_SDESC.DLL SRC/MODULES/M_SETIDENT.DLL \
SRC/MODULES/M_SETNAME.DLL SRC/MODULES/M_SETHOST.DLL SRC/MODULES/M_CHGIDENT.DLL \
SRC/MODULES/M_SVSMOTD.DLL SRC/MODULES/M_SVSNLINE.DLL SRC/MODULES/M_WHO.DLL \
SRC/MODULES/M_WHOX.DLL \
SRC/MODULES/M_SWHOIS.DLL SRC/MODULES/M_SVSMODE.DLL SRC/MODULES/M_AWAY.DLL \
SRC/MODULES/M_SVSNOOP.DLL SRC/MODULES/M_MKPASSWD.DLL \
SRC/MODULES/M_SVSNICK.DLL \
@@ -552,6 +553,9 @@ src/modules/m_svsnline.dll: src/modules/m_svsnline.c $(INCLUDES)
src/modules/m_who.dll: src/modules/m_who.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_who.c $(MODLFLAGS)
src/modules/m_whox.dll: src/modules/m_whox.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_whox.c $(MODLFLAGS)
src/modules/m_away.dll: src/modules/m_away.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_away.c $(MODLFLAGS)
+1 -1
View File
@@ -1048,7 +1048,7 @@ void clean_channelname(char *cn)
* or some such.
* --Wizzu
*/
if (*ch < 33 || *ch == ',' || *ch == ':' || *ch == 160)
if (*ch < 33 || *ch == ',' || *ch == ':')
{
*ch = '\0';
return;
+8 -1
View File
@@ -544,6 +544,13 @@ EVENT(check_unknowns)
{
if (cptr->local->firsttime && ((TStime() - cptr->local->firsttime) > iConf.handshake_timeout))
{
if (cptr->serv && *cptr->serv->by)
{
/* If this is a handshake timeout to an outgoing server then notify ops & log it */
sendto_ops_and_log("Connection handshake timeout while connecting to server '%s' (%s)",
cptr->name, cptr->ip?cptr->ip:"<unknown ip>");
}
(void)exit_client(cptr, cptr, &me, "Registration Timeout");
continue;
}
@@ -581,7 +588,7 @@ int check_ping(aClient *cptr)
IsHandshake(cptr)
|| IsSSLConnectHandshake(cptr)
) {
sendto_realops
sendto_ops_and_log
("No response from %s, closing link",
get_client_name(cptr, FALSE));
sendto_server(&me, 0, 0,
+42 -25
View File
@@ -91,23 +91,22 @@ int (*register_user)(aClient *cptr, aClient *sptr, char *nick, char *username, c
int (*tkl_hash)(unsigned int c);
char (*tkl_typetochar)(int type);
aTKline *(*tkl_add_line)(int type, char *usermask, char *hostmask, char *reason, char *setby,
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type);
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type, int soft);
aTKline *(*tkl_del_line)(aTKline *tkl);
void (*tkl_check_local_remove_shun)(aTKline *tmp);
aTKline *(*tkl_expire)(aTKline * tmp);
EVENT((*tkl_check_expire));
int (*find_tkline_match)(aClient *cptr, int xx);
int (*find_tkline_match)(aClient *cptr, int skip_soft);
int (*find_shun)(aClient *cptr);
int(*find_spamfilter_user)(aClient *sptr, int flags);
aTKline *(*find_qline)(aClient *cptr, char *nick, int *ishold);
int (*find_tkline_match_zap)(aClient *cptr);
aTKline *(*find_tkline_match_zap)(aClient *cptr);
void (*tkl_stats)(aClient *cptr, int type, char *para);
void (*tkl_synch)(aClient *sptr);
int (*m_tkl)(aClient *cptr, aClient *sptr, int parc, char *parv[]);
int (*place_host_ban)(aClient *sptr, int action, char *reason, long duration);
int (*dospamfilter)(aClient *sptr, char *str_in, int type, char *target, int flags, aTKline **rettk);
int (*dospamfilter_viruschan)(aClient *sptr, aTKline *tk, int type);
int (*find_tkline_match_zap_ex)(aClient *cptr, aTKline **rettk);
void (*send_list)(aClient *cptr);
unsigned char *(*StripColors)(unsigned char *text);
const char *(*StripControlCodes)(unsigned char *text);
@@ -166,11 +165,11 @@ static const EfunctionsList efunction_table[MAXEFUNCTIONS] = {
/* 23 */ {"place_host_ban", (void *)&place_host_ban},
/* 24 */ {"dospamfilter", (void *)&dospamfilter},
/* 25 */ {"dospamfilter_viruschan", (void *)&dospamfilter_viruschan},
/* 26 */ {"find_tkline_match_zap_ex", (void *)&find_tkline_match_zap_ex},
/* 26 */ {NULL, NULL},
/* 27 */ {"send_list", (void *)&send_list},
/* 28 */ {NULL,NULL},
/* 29 */ {NULL,NULL},
/* 30 */ {NULL,NULL},
/* 28 */ {NULL, NULL},
/* 29 */ {NULL, NULL},
/* 30 */ {NULL, NULL},
/* 31 */ {"StripColors", (void *)&StripColors},
/* 32 */ {"StripControlCodes", (void *)&StripControlCodes},
/* 33 */ {"spamfilter_build_user_string", (void *)&spamfilter_build_user_string},
@@ -344,6 +343,31 @@ unsigned int maj, min, plevel;
snprintf(buf, buflen, "%d.%d.%d", maj, min, plevel);
}
/** Transform a loadmodule path like "third/la" to
* something like "/home/xyz/unrealircd/modules/third/la.so
* (and other tricks)
*/
char *Module_TransformPath(char *path_)
{
static char path[1024];
/* Prefix the module path with MODULESDIR, unless it's an absolute path
* (we check for "/", "\" and things like "C:" to detect absolute paths).
*/
if ((*path_ != '/') && (*path_ != '\\') && !(*path_ && (path_[1] == ':')))
{
snprintf(path, sizeof(path), "%s/%s", MODULESDIR, path_);
} else {
strlcpy(path, path_, sizeof(path));
}
/* Auto-suffix .dll / .so */
if (!strstr(path, MODULE_SUFFIX))
strlcat(path, MODULE_SUFFIX, sizeof(path));
return path;
}
/*
* Returns an error if insucessful .. yes NULL is OK!
*/
@@ -361,8 +385,7 @@ char *Module_Create(char *path_)
char *Mod_Version;
unsigned int *compiler_version;
static char errorbuf[1024];
char path[1024];
char *tmppath;
char *path, *tmppath;
ModuleHeader *mod_header = NULL;
int ret = 0;
Module *mod = NULL, **Mod_Handle = NULL;
@@ -371,20 +394,8 @@ char *Module_Create(char *path_)
long modsys_ver = 0;
Debug((DEBUG_DEBUG, "Attempting to load module from %s", path_));
/* Prefix the module path with MODULESDIR, unless it's an absolute path
* (we check for "/", "\" and things like "C:" to detect absolute paths).
_ */
if ((*path_ != '/') && (*path_ != '\\') && !(*path_ && (path_[1] == ':')))
{
snprintf(path, sizeof(path), "%s/%s", MODULESDIR, path_);
} else {
strlcpy(path, path_, sizeof(path));
}
path = Module_TransformPath(path_);
/* auto-suffix .dll / .so */
if (!strstr(path, MODULE_SUFFIX))
strlcat(path, MODULE_SUFFIX, sizeof(path));
tmppath = unreal_mktemp(TMPDIR, unreal_getmodfilename(path));
if (!tmppath)
return "Unable to create temporary file!";
@@ -1435,7 +1446,7 @@ Efunction *p, *q;
return NULL;
}
Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
Cmdoverride *CmdoverrideAddEx(Module *module, char *name, int priority, iFP function)
{
aCommand *p;
Cmdoverride *ovr;
@@ -1458,6 +1469,7 @@ Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
ovr = MyMallocEx(sizeof(Cmdoverride));
ovr->func = function;
ovr->owner = module; /* TODO: module objects */
ovr->priority = priority;
if (module)
{
ModuleObject *cmdoverobj = MyMallocEx(sizeof(ModuleObject));
@@ -1469,7 +1481,7 @@ Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
ovr->command = p;
if (!p->overriders)
p->overridetail = ovr;
AddListItem(ovr, p->overriders);
AddListItemPrio(ovr, p->overriders, ovr->priority);
if (p->friend)
{
if (!p->friend->overriders)
@@ -1479,6 +1491,11 @@ Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
return ovr;
}
Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
{
return CmdoverrideAddEx(module, name, 0, function);
}
void CmdoverrideDel(Cmdoverride *cmd)
{
if (!cmd->next)
+5 -1
View File
@@ -37,7 +37,7 @@ INCLUDES = ../include/auth.h ../include/channel.h \
R_MODULES= \
m_sethost.so m_chghost.so m_chgident.so m_setname.so \
m_setident.so m_sdesc.so m_svsmode.so m_swhois.so\
m_svsmotd.so m_svsnline.so m_who.so m_mkpasswd.so \
m_svsmotd.so m_svsnline.so m_who.so m_whox.so m_mkpasswd.so \
m_away.so m_svsnoop.so m_svsnick.so \
m_chgname.so m_kill.so \
m_lag.so m_message.so m_oper.so m_pingpong.so \
@@ -174,6 +174,10 @@ m_who.so: m_who.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_who.so m_who.c
m_whox.so: m_whox.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_whox.so m_whox.c
m_mkpasswd.so: m_mkpasswd.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_mkpasswd.so m_mkpasswd.c
+41 -7
View File
@@ -556,6 +556,7 @@ struct {
int show_failedconnects;
int fullstatus_on_load;
ConfigItem_mask *except_hosts;
int except_webirc;
} cfg;
/* Forward declarations */
@@ -568,7 +569,7 @@ int antirandom_config_test(ConfigFile *, ConfigEntry *, int, int *);
int antirandom_config_run(ConfigFile *, ConfigEntry *, int);
int antirandom_config_posttest(int *);
int antirandom_preconnect(aClient *sptr);
static int is_except_host(aClient *sptr);
static int is_exempt(aClient *sptr);
MOD_TEST(antirandom)
{
@@ -588,11 +589,14 @@ MOD_INIT(antirandom)
free_stuff();
return MOD_FAILED;
}
cfg.fullstatus_on_load = 1; /* default */
cfg.convert_to_lowercase = 1; /* default */
HookAdd(modinfo->handle, HOOKTYPE_PRE_LOCAL_CONNECT, 0, antirandom_preconnect);
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, antirandom_config_run);
/* Some default values: */
cfg.fullstatus_on_load = 1;
cfg.convert_to_lowercase = 1;
cfg.except_webirc = 1;
return MOD_SUCCESS;
}
@@ -657,6 +661,19 @@ ConfigEntry *cep;
if (!strcmp(cep->ce_varname, "except-hosts"))
{
} else
if (!strcmp(cep->ce_varname, "except-webirc"))
{
/* This should normally be UNDER the generic 'set::antirandom::%s with no value'
* stuff but I put it here because people may think it's a hostlist and then
* the error can be a tad confusing. -- Syzop
*/
if (!cep->ce_vardata)
{
config_error("%s:%i: set::antirandom::except-webirc should be 'yes' or 'no'",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
errors++;
}
} else
if (!cep->ce_vardata)
{
config_error("%s:%i: set::antirandom::%s with no value",
@@ -722,6 +739,10 @@ int antirandom_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
for (cep2 = cep->ce_entries; cep2; cep2 = cep2->ce_next)
unreal_add_masks(&cfg.except_hosts, cep2);
} else
if (!strcmp(cep->ce_varname, "except-webirc"))
{
cfg.except_webirc = config_checkval(cep->ce_vardata, CFG_YESNO);
} else
if (!strcmp(cep->ce_varname, "threshold"))
{
cfg.threshold = atoi(cep->ce_vardata);
@@ -1034,7 +1055,7 @@ void check_all_users(void)
{
if (IsPerson(acptr))
{
if (is_except_host(acptr))
if (is_exempt(acptr))
continue;
score = get_spam_score(acptr);
@@ -1056,7 +1077,7 @@ int antirandom_preconnect(aClient *sptr)
{
int score;
if (!is_except_host(sptr))
if (!is_exempt(sptr))
{
score = get_spam_score(sptr);
if (score > cfg.threshold)
@@ -1105,8 +1126,21 @@ Triples *t, *t_next;
triples = NULL;
}
/** Finds out if the host is on the except list. 1 if yes, 0 if no */
static int is_except_host(aClient *sptr)
/** Is this user exempt from antirandom interventions? */
static int is_exempt(aClient *sptr)
{
/* WEBIRC gateway and exempt? */
if (cfg.except_webirc)
{
char *val = moddata_client_get(sptr, "webirc");
if (val && (atoi(val)>0))
return 1;
}
/* Soft ban and logged in? */
if (IsSoftBanAction(cfg.ban_action) && IsLoggedIn(sptr))
return 1;
/* On except host? */
return unreal_mask_match(sptr, cfg.except_hosts);
}
+82 -30
View File
@@ -1,5 +1,5 @@
/*
* Blacklist support (currently just DNS Blacklists)
* Blacklist support (currently only DNS Blacklists)
* (C) Copyright 2015-.. Bram Matthys (Syzop) and the UnrealIRCd team
*
* This program is free software; you can redistribute it and/or modify
@@ -77,6 +77,11 @@ typedef struct _bluser BLUser;
struct _bluser {
aClient *cptr;
int refcnt;
/* The following save_* fields are used by softbans: */
int save_action;
long save_tkltime;
char *save_opernotice;
char *save_reason;
};
/* Global variables */
@@ -90,7 +95,7 @@ void blacklist_free_conf(void);
void delete_blacklist_block(Blacklist *e);
void blacklist_md_free(ModData *md);
int blacklist_handshake(aClient *cptr);
int blacklist_quit(aClient *cptr, char *comment);
int blacklist_preconnect(aClient *sptr);
void blacklist_resolver_callback(void *arg, int status, int timeouts, struct hostent *he);
int blacklist_start_check(aClient *cptr);
int blacklist_dns_request(aClient *cptr, Blacklist *bl);
@@ -107,6 +112,8 @@ long SNO_BLACKLIST = 0L;
MOD_TEST(blacklist)
{
HookAdd(modinfo->handle, HOOKTYPE_CONFIGTEST, 0, blacklist_config_test);
CallbackAddEx(modinfo->handle, CALLBACKTYPE_BLACKLIST_CHECK, blacklist_start_check);
return MOD_SUCCESS;
}
@@ -131,8 +138,7 @@ MOD_INIT(blacklist)
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, blacklist_config_run);
HookAdd(modinfo->handle, HOOKTYPE_HANDSHAKE, 0, blacklist_handshake);
HookAdd(modinfo->handle, HOOKTYPE_LOCAL_QUIT, 0, blacklist_quit);
HookAdd(modinfo->handle, HOOKTYPE_UNKUSER_QUIT, 0, blacklist_quit);
HookAdd(modinfo->handle, HOOKTYPE_PRE_LOCAL_CONNECT, 0, blacklist_preconnect);
HookAdd(modinfo->handle, HOOKTYPE_REHASH, 0, blacklist_rehash);
HookAdd(modinfo->handle, HOOKTYPE_REHASH_COMPLETE, 0, blacklist_rehash_complete);
@@ -533,8 +539,12 @@ int blacklist_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
void blacklist_md_free(ModData *md)
{
/* we have nothing to free actually, but we must set to zero */
md->l = 0;
BLUser *bl = md->ptr;
/* Mark bl->cptr as dead. Free the struct, if able. */
blacklist_free_bluser_if_able(bl);
md->ptr = NULL;
}
int blacklist_handshake(aClient *cptr)
@@ -556,11 +566,6 @@ int blacklist_start_check(aClient *cptr)
SetBLUser(cptr, MyMallocEx(sizeof(BLUser)));
BLUSER(cptr)->cptr = cptr;
}
#ifdef DEBUGMODE
else {
abort(); /* hmmm. unless we add some /Blacklist CHECK command. then this needs to be removed */
}
#endif
for (bl = conf_blacklist; bl; bl = bl->next)
{
@@ -573,10 +578,6 @@ int blacklist_start_check(aClient *cptr)
blacklist_dns_request(cptr, bl);
}
/* Free bluser entry. This only happens if you have no blacklist configured or they fail very early */
if (BLUSER(cptr))
blacklist_free_bluser_if_able(BLUSER(cptr));
return 0;
}
@@ -643,14 +644,24 @@ int blacklist_quit(aClient *cptr, char *comment)
return 0;
}
/** Free the BLUSER() struct, if we are able to do so.
* This should only be called if the underlying client is dead or dyeing
* and not earlier.
* Reasons why we 'are not able' are: refcnt is non-zero, that is:
* there is still an outstanding resolver request (eg: slow blacklist).
* In that case, no worries, we will be called again after that request
* is finished.
*/
void blacklist_free_bluser_if_able(BLUser *bl)
{
if (bl->cptr)
bl->cptr = NULL;
if (bl->refcnt > 0)
return; /* unable, still have DNS requests/replies in-flight */
if (bl->cptr)
SetBLUser(bl->cptr, NULL);
safefree(bl->save_opernotice);
safefree(bl->save_reason);
MyFree(bl);
}
@@ -690,23 +701,33 @@ int blacklist_parse_reply(struct hostent *he, int entry)
return atoi(p+1);
}
/** Take the actual ban action.
* Called from blacklist_hit() and for immediate bans and
* from blacklist_preconnect() for softbans that need to be delayed
* as to give the user the opportunity to do SASL Authentication.
*/
int blacklist_action(aClient *acptr, char *opernotice, int ban_action, char *ban_reason, long ban_time)
{
sendto_snomask(SNO_BLACKLIST, "%s", opernotice);
ircd_log(LOG_KILL, "%s", opernotice);
return place_host_ban(acptr, ban_action, ban_reason, ban_time);
}
void blacklist_hit(aClient *acptr, Blacklist *bl, int reply)
{
char buf[512];
char opernotice[512], banbuf[512];
char *name[4], *value[4];
BLUser *blu = BLUSER(acptr);
if (find_tkline_match(acptr, 0) < 0)
if (find_tkline_match(acptr, 1) < 0)
return; /* already klined/glined. Don't send the warning from below. */
if (IsPerson(acptr))
snprintf(buf, sizeof(buf), "[Blacklist] IP %s (%s) matches blacklist %s (%s/reply=%d)",
snprintf(opernotice, sizeof(opernotice), "[Blacklist] IP %s (%s) matches blacklist %s (%s/reply=%d)",
GetIP(acptr), acptr->name, bl->name, bl->backend->dns->name, reply);
else
snprintf(buf, sizeof(buf), "[Blacklist] IP %s matches blacklist %s (%s/reply=%d)",
snprintf(opernotice, sizeof(opernotice), "[Blacklist] IP %s matches blacklist %s (%s/reply=%d)",
GetIP(acptr), bl->name, bl->backend->dns->name, reply);
sendto_snomask(SNO_BLACKLIST, "%s", buf);
ircd_log(LOG_KILL, "%s", buf);
name[0] = "ip";
value[0] = GetIP(acptr);
@@ -715,9 +736,19 @@ void blacklist_hit(aClient *acptr, Blacklist *bl, int reply)
name[2] = NULL;
value[2] = NULL;
buildvarstring(bl->reason, buf, sizeof(buf), name, value);
place_host_ban(acptr, bl->action, buf, bl->ban_time);
buildvarstring(bl->reason, banbuf, sizeof(banbuf), name, value);
if (IsSoftBanAction(bl->action) && blu)
{
/* For soft bans, delay the action until later (so user can do SASL auth) */
blu->save_action = bl->action;
blu->save_tkltime = bl->ban_time;
safestrdup(blu->save_opernotice, opernotice);
safestrdup(blu->save_reason, banbuf);
} else {
/* Otherwise, execute the action immediately */
blacklist_action(acptr, opernotice, bl->action, banbuf, bl->ban_time);
}
}
void blacklist_process_result(aClient *acptr, int status, struct hostent *he)
@@ -760,13 +791,34 @@ void blacklist_resolver_callback(void *arg, int status, int timeouts, struct hos
{
BLUser *blu = (BLUser *)arg;
aClient *acptr = blu->cptr;
blu->refcnt--; /* one less outstanding DNS request remaining */
blacklist_free_bluser_if_able(blu);
/* If we are the last to resolve something and the client is gone
* already then free the struct.
*/
if ((blu->refcnt == 0) && !acptr)
blacklist_free_bluser_if_able(blu);
blu = NULL;
if (!acptr)
return; /* Client left already */
/* ^^ note: do not merge this with the other 'if' a few lines up (refcnt!) */
blacklist_process_result(acptr, status, he);
}
int blacklist_preconnect(aClient *acptr)
{
BLUser *blu = BLUSER(acptr);
if (!blu || !blu->save_action)
return 0;
/* There was a pending softban... has the user authenticated via SASL by now? */
if (IsLoggedIn(acptr))
return 0; /* yup, so the softban does not apply. */
return blacklist_action(acptr, blu->save_opernotice, blu->save_action, blu->save_reason, blu->save_tkltime);
}
+14 -10
View File
@@ -1177,6 +1177,7 @@ void floodprottimer_del(aChannel *chptr, char mflag)
return;
DelListItem(e, removefld_list);
MyFree(e);
if (chp)
{
@@ -1216,13 +1217,14 @@ Cmode_t get_extmode_bitbychar(char m)
EVENT(modef_event)
{
RemoveFld *e = removefld_list;
RemoveFld *e, *e_next;
time_t now;
now = TStime();
while(e)
for (e = removefld_list; e; e = e_next)
{
e_next = e->next;
if (e->when <= now)
{
/* Remove chanmode... */
@@ -1245,27 +1247,29 @@ EVENT(modef_event)
}
/* And delete... */
e = (RemoveFld *)DelListItem(e, removefld_list);
DelListItem(e, removefld_list);
MyFree(e);
} else {
#ifdef NEWFLDDBG
sendto_realops("modef_event: chan %s mode -%c about %d seconds",
e->chptr->chname, e->m, e->when - now);
#endif
e = e->next;
}
}
}
void floodprottimer_stopchantimers(aChannel *chptr)
{
RemoveFld *e = removefld_list;
while(e)
RemoveFld *e, *e_next;
for (e = removefld_list; e; e = e_next)
{
e_next = e->next;
if (e->chptr == chptr)
e = (RemoveFld *)DelListItem(e, removefld_list);
else
e = e->next;
{
DelListItem(e, removefld_list);
MyFree(e);
}
}
}
+3 -2
View File
@@ -100,9 +100,10 @@ DLLFUNC int operonly_require_oper(aClient *cptr, aChannel *chptr, char mode, cha
if (!MyClient(cptr) || ValidatePermissionsForPath("channel:operonly",cptr,NULL,chptr,NULL))
return EX_ALLOW;
if (checkt == EXCHK_ACCESS_ERR)
sendto_one(cptr, err_str(ERR_CANNOTCHANGECHANMODE),
me.name, cptr->name, 'O', "You are not an IRC operator");
sendto_one(cptr, err_str(ERR_CANNOTCHANGECHANMODE),
me.name, cptr->name, 'O', "You are not an IRC operator");
return EX_DENY;
}
+3 -1
View File
@@ -42,7 +42,9 @@ static int permanent_is_ok(aClient *cptr, aChannel *chptr, char mode, char *para
{
if (!IsOper(cptr))
{
sendto_one(cptr, err_str(ERR_NOPRIVILEGES), me.name, cptr->name);
if (checkt == EXCHK_ACCESS_ERR)
sendto_one(cptr, err_str(ERR_NOPRIVILEGES), me.name, cptr->name);
return EX_DENY;
}
+5 -2
View File
@@ -185,8 +185,11 @@ int cleaned = 0;
continue;
}
/* Hunt for end of word */
for (endw = pold; ((*endw != '\0') && (!iswseperator(*endw))); endw++);
/* Hunt for end of word
* Fix for bug #4909: word will be at least 'searchn' long so we can skip
* 'searchn' bytes and avoid stopping half-way the badword.
*/
for (endw = pold+searchn; ((*endw != '\0') && (!iswseperator(*endw))); endw++);
if (!(type & TEXTBAN_WORD_RIGHT) && (pold+searchn != endw)) {
/* not matched */
+2
View File
@@ -74,6 +74,8 @@ MOD_INIT(timedban)
{
ExtbanInfo extban;
MARK_AS_OFFICIAL_MODULE(modinfo);
memset(&extban, 0, sizeof(ExtbanInfo));
extban.flag = 't';
extban.options |= EXTBOPT_ACTMODIFIER; /* not really, but ours shouldn't be stacked from group 1 */
+14 -10
View File
@@ -68,6 +68,7 @@ MOD_UNLOAD(m_chgname)
CMD_FUNC(m_chgname)
{
aClient *acptr;
ConfigItem_ban *bconf;
if (!ValidatePermissionsForPath("client:name",sptr,NULL,NULL,NULL))
{
@@ -98,16 +99,7 @@ CMD_FUNC(m_chgname)
if ((acptr = find_person(parv[1], NULL)))
{
/* set the realname first to make n:line checking work */
ircsnprintf(acptr->info, sizeof(acptr->info), "%s", parv[2]);
/* only check for n:lines if the person who's name is being changed is not an oper */
if (!ValidatePermissionsForPath("immune:realnameban",acptr,NULL,NULL,NULL) && Find_ban(NULL, acptr->info, CONF_BAN_REALNAME)) {
int xx;
xx =
exit_client(cptr, sptr, &me,
"Your GECOS (real name) is banned from this server");
return xx;
}
/* Let's log this first */
if (!IsULine(sptr))
{
sendto_snomask(SNO_EYES,
@@ -121,6 +113,18 @@ CMD_FUNC(m_chgname)
GetHost(acptr), parv[2]);
}
/* set the realname to make ban checking work */
ircsnprintf(acptr->info, sizeof(acptr->info), "%s", parv[2]);
/* only check for realname bans if the person who's name is being changed is NOT an oper */
if (!ValidatePermissionsForPath("immune:realnameban",acptr,NULL,NULL,NULL) &&
((bconf = Find_ban(NULL, acptr->info, CONF_BAN_REALNAME))))
{
int xx = banned_client(acptr, "realname", bconf->reason?bconf->reason:"", 0, 0);
if (sptr == acptr)
return xx; /* we just killed ourselves */
return 0;
}
sendto_server(cptr, 0, 0, ":%s CHGNAME %s :%s",
sptr->name, acptr->name, parv[2]);
+10
View File
@@ -234,6 +234,16 @@ CMD_FUNC(m_invite)
sptr->name, sptr->user->username, sptr->user->realhost, chptr->chname);
}
else if (has_channel_mode(chptr, 'z'))
{
sendto_snomask_global(SNO_EYES,
"*** OperOverride -- %s (%s@%s) invited him/herself into %s (overriding +z).",
sptr->name, sptr->user->username, sptr->user->realhost, chptr->chname);
/* Logging implementation added by XeRXeS */
ircd_log(LOG_OVERRIDE,"OVERRIDE: %s (%s@%s) invited him/herself into %s (Overriding SSL-Only)",
sptr->name, sptr->user->username, sptr->user->realhost, chptr->chname);
}
#ifdef OPEROVERRIDE_VERIFY
else if (chptr->mode.mode & MODE_SECRET || chptr->mode.mode & MODE_PRIVATE)
override = -1;
+7 -1
View File
@@ -201,13 +201,19 @@ void _send_join_to_local_users(aClient *sptr, aChannel *chptr)
if (!MyConnect(acptr))
continue; /* only locally connected clients */
if (chanops_only && !(lp->flags & (CHFL_CHANOP|CHFL_CHANOWNER|CHFL_CHANPROT)) && (sptr != acptr))
if (chanops_only && !(lp->flags & (CHFL_HALFOP|CHFL_CHANOP|CHFL_CHANOWNER|CHFL_CHANPROT)) && (sptr != acptr))
continue; /* skip non-ops if requested to (used for mode +D), but always send to 'sptr' */
if (acptr->local->proto & PROTO_CAP_EXTENDED_JOIN)
sendbufto_one(acptr, exjoinbuf, 0);
else
sendbufto_one(acptr, joinbuf, 0);
if (sptr->user->away && (acptr->local->proto & PROTO_AWAY_NOTIFY))
{
sendto_one(acptr, ":%s!%s@%s AWAY :%s",
sptr->name, sptr->user->username, GetHost(sptr), sptr->user->away);
}
}
}
+12 -1
View File
@@ -552,7 +552,7 @@ size_t n = strlen(f);
* 0: block
* <0: immediately return with this value (could be FLUSH_BUFFER)
* HISTORY:
* F:Line stuff by _Jozeph_ added by Stskeeps with comments.
* Dcc ban stuff by _Jozeph_ added by Stskeeps with comments.
* moved and various improvements by Syzop.
*/
static int check_dcc(aClient *sptr, char *target, aClient *targetcli, char *text)
@@ -839,6 +839,12 @@ char *_StripControlCodes(unsigned char *text)
case 29:
/* italic */
break;
case 30:
/* strikethrough */
break;
case 17:
/* monospace */
break;
default:
new_str[i] = *text;
i++;
@@ -865,7 +871,12 @@ int ban_version(aClient *sptr, char *text)
text[len-1] = '\0'; /* remove CTCP REPLY terminator (ASCII 1) */
if ((ban = Find_ban(NULL, text, CONF_BAN_VERSION)))
{
if (IsSoftBanAction(ban->action) && IsLoggedIn(sptr))
return 0; /* we are exempt */
return place_host_ban(sptr, ban->action, ban->reason, BAN_VERSION_TKL_TIME);
}
return 0;
}
+54 -5
View File
@@ -695,7 +695,7 @@ void make_mode_str(aChannel *chptr, long oldm, Cmode_t oldem, long oldl, int pco
chptr->mode.extmode = oldem;
}
z = strlen(para_buf);
if (para_buf[z - 1] == ' ')
if ((z > 0) && (para_buf[z - 1] == ' '))
para_buf[z - 1] = '\0';
*x = '\0';
if (*mode_buf == '\0')
@@ -1065,7 +1065,7 @@ int do_mode_char(aChannel *chptr, long modetype, char modechar, char *param,
if (BadPtr(tmpstr))
{
/* Invalid ban. See if we can send an error about that */
if ((param[0] == '~') && MyClient(cptr) && !bounce)
if ((param[0] == '~') && MyClient(cptr) && !bounce && (strlen(param) > 2))
{
Extban *p = findmod_by_bantype(param[1]);
if (p && p->is_ok)
@@ -1113,7 +1113,7 @@ int do_mode_char(aChannel *chptr, long modetype, char modechar, char *param,
tmpstr = clean_ban_mask(param, what, cptr);
if (BadPtr(tmpstr))
break; /* ignore except, but eat param */
if ((tmpstr[0] == '~') && MyClient(cptr) && !bounce)
if ((tmpstr[0] == '~') && MyClient(cptr) && !bounce && (strlen(param) > 2))
{
/* extban: check access if needed */
Extban *p = findmod_by_bantype(tmpstr[1]);
@@ -1152,7 +1152,7 @@ int do_mode_char(aChannel *chptr, long modetype, char modechar, char *param,
tmpstr = clean_ban_mask(param, what, cptr);
if (BadPtr(tmpstr))
break; /* ignore except, but eat param */
if ((tmpstr[0] == '~') && MyClient(cptr) && !bounce)
if ((tmpstr[0] == '~') && MyClient(cptr) && !bounce && (strlen(param) > 2))
{
/* extban: check access if needed */
Extban *p = findmod_by_bantype(tmpstr[1]);
@@ -1547,6 +1547,7 @@ CMD_FUNC(_m_umode)
aClient *acptr;
int what, setsnomask = 0;
long oldumodes = 0;
int oldsnomasks = 0;
/* (small note: keep 'what' as an int. -- Syzop). */
short rpterror = 0, umode_restrict_err = 0, chk_restrict = 0, modex_err = 0;
@@ -1592,6 +1593,10 @@ CMD_FUNC(_m_umode)
if ((sptr->umodes & Usermode_Table[i].mode))
oldumodes |= Usermode_Table[i].mode;
for (i = 0; i <= Snomask_highest; i++)
if ((sptr->user->snomask & Snomask_Table[i].mode))
oldsnomasks |= Snomask_Table[i].mode;
if (RESTRICT_USERMODES && MyClient(sptr) && !ValidatePermissionsForPath("self:restrictedumodes",sptr,NULL,NULL,NULL))
chk_restrict = 1;
@@ -1729,7 +1734,51 @@ CMD_FUNC(_m_umode)
/* Don't let non-ircops set ircop-only modes or snomasks */
if (!ValidatePermissionsForPath("self:restrictedumodes",sptr,NULL,NULL,NULL))
{
remove_oper_privileges(sptr, 0);
if ((oldumodes & UMODE_OPER) && IsOper(sptr))
{
/* User is an oper but does not have the self:restrictedumodes capability.
* This only happens for heavily restricted IRCOps.
* Fixes bug https://bugs.unrealircd.org/view.php?id=5130
*/
int i;
/* MODES */
for (i = 0; i <= Usermode_highest; i++)
{
if (!Usermode_Table[i].flag)
continue;
if (Usermode_Table[i].unset_on_deoper)
{
/* This is an oper mode. Is it set now and wasn't earlier?
* then it needs to be stripped, as setting it is not
* permitted.
*/
long m = Usermode_Table[i].mode;
if ((sptr->umodes & m) && !(oldumodes & m))
sptr->umodes &= ~Usermode_Table[i].mode; /* remove */
}
}
/* SNOMASKS */
for (i = 0; i <= Snomask_highest; i++)
{
if (!Snomask_Table[i].flag)
continue;
if (Snomask_Table[i].unset_on_deoper)
{
/* This is an oper snomask. Is it set now and wasn't earlier?
* then it needs to be stripped, as setting it is not
* permitted.
*/
int sno = Snomask_Table[i].mode;
if ((sptr->user->snomask & sno) && !(oldsnomasks & sno))
sptr->user->snomask &= ~Snomask_Table[i].mode; /* remove */
}
}
} else {
/* User isn't an ircop at all. The solution is simple: */
remove_oper_privileges(sptr, 0);
}
}
if (MyClient(sptr) && !ValidatePermissionsForPath("override:secure",sptr,NULL,NULL,NULL) &&
+18 -26
View File
@@ -353,9 +353,9 @@ CMD_FUNC(m_uid)
if (IsServer(sptr) && !ishold) /* server introducing new client */
{
acptrs = find_server(sptr->user == NULL ? parv[6] : sptr->user->server, NULL);
/* (NEW: no unregistered q:line msgs anymore during linking) */
/* (NEW: no unregistered Q-Line msgs anymore during linking) */
if (!acptrs || (acptrs->serv && acptrs->serv->flags.synced))
sendto_snomask(SNO_QLINE, "Q:lined nick %s from %s on %s", nick,
sendto_snomask(SNO_QLINE, "Q-Lined nick %s from %s on %s", nick,
(*sptr->name != 0
&& !IsServer(sptr) ? sptr->name : "<unregistered>"),
acptrs ? acptrs->name : "unknown server");
@@ -363,7 +363,7 @@ CMD_FUNC(m_uid)
if (IsServer(cptr) && IsPerson(sptr) && !ishold) /* remote user changing nick */
{
sendto_snomask(SNO_QLINE, "Q:lined nick %s from %s on %s", nick,
sendto_snomask(SNO_QLINE, "Q-Lined nick %s from %s on %s", nick,
sptr->name, sptr->srvptr ? sptr->srvptr->name : "<unknown>");
}
}
@@ -695,9 +695,9 @@ CMD_FUNC(m_nick)
if (IsServer(sptr) && !ishold) /* server introducing new client */
{
acptrs = find_server(sptr->user == NULL ? parv[6] : sptr->user->server, NULL);
/* (NEW: no unregistered q:line msgs anymore during linking) */
/* (NEW: no unregistered Q-Line msgs anymore during linking) */
if (!acptrs || (acptrs->serv && acptrs->serv->flags.synced))
sendto_snomask(SNO_QLINE, "Q:lined nick %s from %s on %s", nick,
sendto_snomask(SNO_QLINE, "Q-Lined nick %s from %s on %s", nick,
(*sptr->name != 0
&& !IsServer(sptr) ? sptr->name : "<unregistered>"),
acptrs ? acptrs->name : "unknown server");
@@ -705,7 +705,7 @@ CMD_FUNC(m_nick)
if (IsServer(cptr) && IsPerson(sptr) && !ishold) /* remote user changing nick */
{
sendto_snomask(SNO_QLINE, "Q:lined nick %s from %s on %s", nick,
sendto_snomask(SNO_QLINE, "Q-Lined nick %s from %s on %s", nick,
sptr->name, sptr->srvptr ? sptr->srvptr->name : "<unknown>");
}
@@ -1327,31 +1327,23 @@ int _register_user(aClient *cptr, aClient *sptr, char *nick, char *username, cha
else
u1 = NULL;
/*
* following block for the benefit of time-dependent K:-lines
*/
/* Check ban user { } blocks (K-lines in conf) */
if ((bconf = Find_ban(sptr, NULL, CONF_BAN_USER)))
{
ircstp->is_ref++;
sendto_one(cptr,
":%s %d %s :*** You are not welcome on this server (%s)"
" Email %s for more information.",
me.name, ERR_YOUREBANNEDCREEP,
cptr->name, bconf->reason ? bconf->reason : "",
KLINE_ADDRESS);
return exit_client(cptr, cptr, cptr, "You are banned");
return banned_client(sptr, "K-Lined", bconf->reason?bconf->reason:"", 0, 0);
}
/* Check ban realname { } blocks */
if ((bconf = Find_ban(NULL, sptr->info, CONF_BAN_REALNAME)))
{
ircstp->is_ref++;
sendto_one(cptr,
":%s %d %s :*** Your GECOS (real name) is not allowed on this server (%s)"
" Please change it and reconnect",
me.name, ERR_YOUREBANNEDCREEP,
cptr->name, bconf->reason ? bconf->reason : "");
return exit_client(cptr, sptr, &me,
"Your GECOS (real name) is banned from this server");
return banned_client(sptr, "realname", bconf->reason?bconf->reason:"", 0, 0);
}
/* Check require sasl { } blocks */
if (!IsLoggedIn(sptr) && (bconf = Find_ban(sptr, NULL, CONF_BAN_UNAUTHENTICATED)))
{
ircstp->is_ref++;
return banned_client(sptr, "Require-SASL", bconf->reason?bconf->reason:"", 0, 0);
}
tkl_check_expire(NULL);
/* Check G/Z lines before shuns -- kill before quite -- codemastr */
@@ -1583,7 +1575,7 @@ int _register_user(aClient *cptr, aClient *sptr, char *nick, char *username, cha
sendto_one(sptr, rpl_str(RPL_SNOMASK),
me.name, sptr->name, get_snostr(user->snomask));
if (!IsSecure(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_WARN))
if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_WARN))
sendnotice(sptr, "%s", iConf.plaintext_policy_user_message);
/* Make creation time the real 'online since' time, excluding registration time.
@@ -1699,7 +1691,7 @@ int AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam
static char uhost[HOSTLEN + USERLEN + 3];
static char fullname[HOSTLEN + 1];
if (!IsSecure(cptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
if (!IsSecure(cptr) && !IsLocal(cptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
{
return exit_client(cptr, cptr, &me, iConf.plaintext_policy_user_message);
}
+2 -2
View File
@@ -114,7 +114,7 @@ CMD_FUNC(m_oper)
name = parv[1];
password = (parc > 2) ? parv[2] : "";
if (!IsSecure(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_DENY))
if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_DENY))
{
/* Reject early */
sendnotice(sptr, "%s", iConf.plaintext_policy_oper_message);
@@ -304,7 +304,7 @@ CMD_FUNC(m_oper)
return FLUSH_BUFFER;
}
if (!IsSecure(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_WARN))
if (!IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_oper == PLAINTEXT_POLICY_WARN))
{
sendnotice(sptr, "%s", iConf.plaintext_policy_oper_message);
sendto_snomask_global
+6 -13
View File
@@ -69,24 +69,17 @@ MOD_UNLOAD(m_pass)
/** Handles zlines/gzlines/throttling/unknown connections */
DLLFUNC int _check_banned(aClient *cptr)
{
int i, j;
aTKline *tk;
aClient *acptr, *acptr2;
ConfigItem_ban *bconf;
j = 1;
aTKline *tk;
aClient *acptr;
ConfigItem_ban *bconf;
if ((bconf = Find_ban(cptr, NULL, CONF_BAN_IP)))
{
ircsnprintf(zlinebuf, BUFSIZE,
"You are not welcome on this server: %s. Email %s for more information.",
bconf->reason ? bconf->reason : "no reason", KLINE_ADDRESS);
return exit_client(cptr, cptr, &me, zlinebuf);
return banned_client(cptr, "K-Lined", bconf->reason ? bconf->reason : "", 0, 0);
}
else if (find_tkline_match_zap_ex(cptr, &tk) != -1)
else if ((tk = find_tkline_match_zap(cptr)))
{
ircsnprintf(zlinebuf, BUFSIZE, "Z:Lined (%s)", tk->reason);
return exit_client(cptr, cptr, &me, zlinebuf);
return banned_client(cptr, "Z-Lined", tk->reason, (tk->type & TKL_GLOBAL)?1:0, 0);
}
else
{
+1 -1
View File
@@ -305,7 +305,7 @@ int sasl_capability_visible(aClient *sptr)
if (!SASL_SERVER || !find_server(SASL_SERVER, NULL))
return 0;
if (sptr && !IsSecure(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
if (sptr && !IsSecure(sptr) && !IsLocal(sptr) && (iConf.plaintext_policy_user == PLAINTEXT_POLICY_DENY))
return 0;
return 1;
+22 -24
View File
@@ -271,7 +271,7 @@ int _verify_link(aClient *cptr, aClient *sptr, char *servername, ConfigItem_link
servername);
sendto_one(cptr, "ERROR :%s", xerrmsg);
sendto_umode(UMODE_OPER, "Outgoing link aborted to %s(%s@%s) (%s) %s",
sendto_ops_and_log("Outgoing link aborted to %s(%s@%s) (%s) %s",
cptr->serv->conf->servername, cptr->username, cptr->local->sockhost, xerrmsg, inpath);
return exit_client(cptr, sptr, &me, xerrmsg);
}
@@ -307,7 +307,7 @@ errlink:
"ERROR :Link denied (No link block found named '%s' or link::incoming::mask did not match your IP %s) %s",
servername, GetIP(cptr), inpath);
/* And send the "verbose" error msg only to locally connected ircops */
sendto_umode(UMODE_OPER, "Link denied for %s(%s@%s) (%s) %s",
sendto_ops_and_log("Link denied for %s(%s@%s) (%s) %s",
servername, cptr->username, cptr->local->sockhost, xerrmsg, inpath);
return exit_client(cptr, sptr, &me,
"Link denied (No link block found with your server name or link::incoming::mask did not match)");
@@ -320,7 +320,7 @@ skip_host_check:
sendto_one(cptr,
"ERROR :Link '%s' denied (Authentication failed) %s",
servername, inpath);
sendto_umode(UMODE_OPER, "Link denied for '%s' (Authentication failed [Bad password?]) %s",
sendto_ops_and_log("Link denied for '%s' (Authentication failed [Bad password?]) %s",
servername, inpath);
return exit_client(cptr, sptr, &me,
"Link denied (Authentication failed)");
@@ -336,7 +336,7 @@ skip_host_check:
sendto_one(cptr,
"ERROR :Link '%s' denied (Not using SSL/TLS) %s",
servername, inpath);
sendto_umode(UMODE_OPER, "Link denied for '%s' (Not using SSL/TLS and verify-certificate is on) %s",
sendto_ops_and_log("Link denied for '%s' (Not using SSL/TLS and verify-certificate is on) %s",
servername, inpath);
return exit_client(cptr, sptr, &me,
"Link denied (Not using SSL/TLS)");
@@ -346,9 +346,9 @@ skip_host_check:
sendto_one(cptr,
"ERROR :Link '%s' denied (Certificate verification failed) %s",
servername, inpath);
sendto_umode(UMODE_OPER, "Link denied for '%s' (Certificate verification failed) %s",
sendto_ops_and_log("Link denied for '%s' (Certificate verification failed) %s",
servername, inpath);
sendto_umode(UMODE_OPER, "Reason for certificate verification failure: %s", errstr);
sendto_ops_and_log("Reason for certificate verification failure: %s", errstr);
return exit_client(cptr, sptr, &me,
"Link denied (Certificate verification failed)");
}
@@ -364,7 +364,7 @@ skip_host_check:
if (IsMe(acptr))
{
sendto_realops("Link %s rejected, server trying to link with my name (%s)",
sendto_ops_and_log("Link %s rejected, server trying to link with my name (%s)",
get_client_name(sptr, TRUE), me.name);
sendto_one(sptr, "ERROR: Server %s exists (it's me!)", me.name);
return exit_client(sptr, sptr, sptr, "Server Exists");
@@ -379,7 +379,7 @@ skip_host_check:
"ERROR :Server %s already exists from %s",
servername,
(ocptr->from ? ocptr->from->name : "<nobody>"));
sendto_realops
sendto_ops_and_log
("Link %s cancelled, server %s already exists from %s",
get_client_name(acptr, TRUE), servername,
(ocptr->from ? ocptr->from->name : "<nobody>"));
@@ -388,7 +388,7 @@ skip_host_check:
}
if ((bconf = Find_ban(NULL, servername, CONF_BAN_SERVER)))
{
sendto_realops
sendto_ops_and_log
("Cancelling link %s, banned server",
get_client_name(cptr, TRUE));
sendto_one(cptr, "ERROR :Banned server (%s)", bconf->reason ? bconf->reason : "no reason");
@@ -396,15 +396,14 @@ skip_host_check:
}
if (link->class->clients + 1 > link->class->maxclients)
{
sendto_realops
("Cancelling link %s, full class",
sendto_ops_and_log("Cancelling link %s, full class",
get_client_name(cptr, TRUE));
return exit_client(cptr, cptr, &me, "Full class");
}
if (!IsLocal(cptr) && (iConf.plaintext_policy_server == PLAINTEXT_POLICY_DENY) && !IsSecure(cptr))
{
sendto_one(cptr, "ERROR :Servers need to use SSL/TLS (set::plaintext-policy::server is 'deny')");
sendto_realops("Rejected insecure server. See https://www.unrealircd.org/docs/FAQ#ERROR:_Servers_need_to_use_SSL.2FTLS");
sendto_ops_and_log("Rejected insecure server %s. See https://www.unrealircd.org/docs/FAQ#ERROR:_Servers_need_to_use_SSL.2FTLS", cptr->name);
return exit_client(cptr, sptr, &me, "Servers need to use SSL/TLS (set::plaintext-policy::server is 'deny')");
}
if (link_out)
@@ -556,7 +555,7 @@ CMD_FUNC(m_server)
{
if (deny->flag.type == CRULE_ALL && !match(deny->mask, servername)
&& crule_eval(deny->rule)) {
sendto_ops("Refused connection from %s.",
sendto_ops_and_log("Refused connection from %s. Rejected by deny link { } block.",
get_client_host(cptr));
return exit_client(cptr, cptr, cptr,
"Disallowed by connection rule");
@@ -600,7 +599,7 @@ CMD_FUNC(m_server_remote)
if (IsMe(acptr))
{
sendto_realops("Link %s rejected, server trying to link with my name (%s)",
sendto_ops_and_log("Link %s rejected, server trying to link with my name (%s)",
get_client_name(sptr, TRUE), me.name);
sendto_one(sptr, "ERROR: Server %s exists (it's me!)", me.name);
return exit_client(sptr, sptr, sptr, "Server Exists");
@@ -615,7 +614,7 @@ CMD_FUNC(m_server_remote)
"ERROR :Server %s already exists from %s",
servername,
(ocptr->from ? ocptr->from->name : "<nobody>"));
sendto_realops
sendto_ops_and_log
("Link %s cancelled, server %s already exists from %s",
get_client_name(acptr, TRUE), servername,
(ocptr->from ? ocptr->from->name : "<nobody>"));
@@ -633,8 +632,7 @@ CMD_FUNC(m_server_remote)
}
if ((bconf = Find_ban(NULL, servername, CONF_BAN_SERVER)))
{
sendto_realops
("Cancelling link %s, banned server %s",
sendto_ops_and_log("Cancelling link %s, banned server %s",
get_client_name(cptr, TRUE), servername);
sendto_one(cptr, "ERROR :Banned server (%s)", bconf->reason ? bconf->reason : "no reason");
return exit_client(cptr, cptr, &me, "Brought in banned server");
@@ -644,19 +642,19 @@ CMD_FUNC(m_server_remote)
strlcpy(info, parv[parc - 1], sizeof(info));
if (!cptr->serv->conf)
{
sendto_realops("Lost conf for %s!!, dropping link", cptr->name);
sendto_ops_and_log("Internal error: lost conf for %s!!, dropping link", cptr->name);
return exit_client(cptr, cptr, cptr, "Lost configuration");
}
aconf = cptr->serv->conf;
if (!aconf->hub)
{
sendto_umode(UMODE_OPER, "Link %s cancelled, is Non-Hub but introduced Leaf %s",
sendto_ops_and_log("Link %s cancelled, is Non-Hub but introduced Leaf %s",
cptr->name, servername);
return exit_client(cptr, cptr, cptr, "Non-Hub Link");
}
if (match(aconf->hub, servername))
{
sendto_umode(UMODE_OPER, "Link %s cancelled, linked in %s, which hub config disallows",
sendto_ops_and_log("Link %s cancelled, linked in %s, which hub config disallows",
cptr->name, servername);
return exit_client(cptr, cptr, cptr, "Not matching hub configuration");
}
@@ -664,14 +662,14 @@ CMD_FUNC(m_server_remote)
{
if (match(aconf->leaf, servername))
{
sendto_umode(UMODE_OPER, "Link %s(%s) cancelled, disallowed by leaf configuration",
sendto_ops_and_log("Link %s(%s) cancelled, disallowed by leaf configuration",
cptr->name, servername);
return exit_client(cptr, cptr, cptr, "Disallowed by leaf configuration");
}
}
if (aconf->leaf_depth && (hop > aconf->leaf_depth))
{
sendto_umode(UMODE_OPER, "Link %s(%s) cancelled, too deep depth",
sendto_ops_and_log("Link %s(%s) cancelled, too deep depth",
cptr->name, servername);
return exit_client(cptr, cptr, cptr, "Too deep link depth (leaf)");
}
@@ -688,8 +686,8 @@ CMD_FUNC(m_server_remote)
acptr->serv->up = find_or_add(acptr->srvptr->name);
SetServer(acptr);
ircd_log(LOG_SERVER, "SERVER %s (from %s)", acptr->name, acptr->srvptr->name);
/* Taken from bahamut makes it so all servers behind a U:lined
* server are also U:lined, very helpful if HIDE_ULINES is on
/* Taken from bahamut makes it so all servers behind a U-Lined
* server are also U-Lined, very helpful if HIDE_ULINES is on
*/
if (IsULine(sptr)
|| (Find_uline(acptr->name)))
+29 -24
View File
@@ -61,14 +61,15 @@ MOD_UNLOAD(m_setname)
*/
CMD_FUNC(m_setname)
{
int xx;
char tmpinfo[REALLEN + 1];
char spamfilter_user[NICKLEN + USERLEN + HOSTLEN + REALLEN + 64];
int xx;
char tmpinfo[REALLEN + 1];
char spamfilter_user[NICKLEN + USERLEN + HOSTLEN + REALLEN + 64];
ConfigItem_ban *bconf;
if ((parc < 2) || BadPtr(parv[1]))
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, sptr->name, "SETNAME");
return 0;
if ((parc < 2) || BadPtr(parv[1]))
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS), me.name, sptr->name, "SETNAME");
return 0;
}
if (strlen(parv[1]) > REALLEN)
@@ -81,29 +82,33 @@ CMD_FUNC(m_setname)
return 0;
}
/* set temp info for spamfilter check*/
strcpy(tmpinfo, sptr->info);
/* set the new name before we check, but don't send to servers unless it is ok */
strcpy(sptr->info, parv[1]);
spamfilter_build_user_string(spamfilter_user, sptr->name, sptr);
xx = dospamfilter(sptr, spamfilter_user, SPAMF_USER, NULL, 0, NULL);
if (xx < 0)
{
if (xx != FLUSH_BUFFER)
strcpy(sptr->info, tmpinfo); /* restore (if client wasn't killed already, that is) */
return xx;
}
/* set temp info for spamfilter check*/
strcpy(tmpinfo, sptr->info);
/* set the new name before we check, but don't send to servers unless it is ok */
strcpy(sptr->info, parv[1]);
spamfilter_build_user_string(spamfilter_user, sptr->name, sptr);
xx = dospamfilter(sptr, spamfilter_user, SPAMF_USER, NULL, 0, NULL);
if (xx < 0)
{
if (xx != FLUSH_BUFFER)
strcpy(sptr->info, tmpinfo); /* restore (if client wasn't killed already, that is) */
return xx;
}
/* Check for n:lines here too */
if (!ValidatePermissionsForPath("immune:namecheck",sptr,NULL,NULL,NULL) && Find_ban(NULL, sptr->info, CONF_BAN_REALNAME))
return exit_client(cptr, sptr, &me,
"Your GECOS (real name) is banned from this server");
/* Check for realname bans here too */
if (!ValidatePermissionsForPath("immune:realnameban",sptr,NULL,NULL,NULL) &&
((bconf = Find_ban(NULL, sptr->info, CONF_BAN_REALNAME))))
{
return banned_client(sptr, "realname", bconf->reason?bconf->reason:"", 0, 0);
}
sendto_server(cptr, 0, 0, ":%s SETNAME :%s", sptr->name, parv[1]);
if (MyConnect(sptr))
{
sendnotice(sptr, "Your \"real name\" is now set to be %s - you have to set it manually to undo it",
parv[1]);
parv[1]);
}
return 0;
}
+2 -2
View File
@@ -59,8 +59,8 @@ CMD_FUNC(m_svsfline)
switch (*parv[1])
{
/* Allow non-U:lines to send ONLY SVSFLINE +, but don't send it out
* unless it is from a U:line -- codemastr */
/* Allow non-U-Lines to send ONLY SVSFLINE +, but don't send it out
* unless it is from a U-Line -- codemastr */
case '+':
{
if (parc < 4)
+23
View File
@@ -508,6 +508,29 @@ int do_svsmode(aClient *cptr, aClient *sptr, int parc, char *parv[], int show_c
acptr->user->virthost);
}
goto setmodex;
case 't':
/* We support -t nowadays, which means we remove the vhost and set the cloaked host
* (note that +t is a NOOP, that code is in +x)
*/
if (what == MODE_DEL)
{
/* First, check if there's a change at all. Perhaps it's a -t on someone
* with no virthost or virthost being cloakedhost?
* Also, check to make sure user->cloakedhost exists at all.
* This so we won't crash in weird cases like non-conformant servers.
*/
if (acptr->user->virthost && *acptr->user->cloakedhost && strcasecmp(acptr->user->cloakedhost, GetHost(acptr)))
{
/* Make the change effective: */
safestrdup(acptr->user->virthost, acptr->user->cloakedhost);
/* And broadcast the change to VHP servers */
if (MyClient(acptr))
sendto_server(NULL, PROTO_VHP, 0, ":%s SETHOST :%s", acptr->name,
acptr->user->virthost);
}
goto setmodex;
}
break;
case 'z':
/* Setting and unsetting user mode 'z' remotely is not supported */
break;
+2 -2
View File
@@ -92,8 +92,8 @@ CMD_FUNC(m_svsnline)
switch (*parv[1])
{
/* Allow non-U:lines to send ONLY SVSNLINE +, but don't send it out
* unless it is from a U:line -- codemastr */
/* Allow non-U-Lines to send ONLY SVSNLINE +, but don't send it out
* unless it is from a U-Line -- codemastr */
case '+':
{
if (parc < 4)
+368 -323
View File
File diff suppressed because it is too large Load Diff
+2 -2
View File
@@ -173,11 +173,11 @@ CMD_FUNC(m_tsctl)
timediff = atol(parv[2]);
timediff = timediff - time(NULL);
ircd_log(LOG_ERROR, "TSCTL: U:line %s set time to be %li (timediff: %li, was %li)",
ircd_log(LOG_ERROR, "TSCTL: U-Line %s set time to be %li (timediff: %li, was %li)",
sptr->name, atol(parv[2]), timediff, TSoffset);
TSoffset = timediff;
sendto_ops
("TS Control - U:line set time to be %li (timediff: %li)",
("TS Control - U-Line set time to be %li (timediff: %li)",
atol(parv[2]), timediff);
sendto_server(cptr, 0, 0, ":%s TSCTL svstime %li",
sptr->name, atol(parv[2]));
+796
View File
@@ -0,0 +1,796 @@
/* m_whox.c / WHOX.
* based on code from charybdis and ircu.
* was originally made for tircd and modified to work with u4.
* - 2018 i <ircd@servx.org>
* GPLv2
*/
#include "unrealircd.h"
#define MSG_WHO "WHO"
#define FLAGS_MARK 0x400000 /* marked client (was hybnotice) */
#define FIELD_CHANNEL 0x0001
#define FIELD_HOP 0x0002
#define FIELD_FLAGS 0x0004
#define FIELD_HOST 0x0008
#define FIELD_IP 0x0010
#define FIELD_IDLE 0x0020
#define FIELD_NICK 0x0040
#define FIELD_INFO 0x0080
#define FIELD_SERVER 0x0100
#define FIELD_QUERYTYPE 0x0200 /* cookie for client */
#define FIELD_USER 0x0400
#define FIELD_ACCOUNT 0x0800
#define FIELD_OPLEVEL 0x1000 /* meaningless and stupid, but whatever */
#define FIELD_REALHOST 0x2000
#define FIELD_MODES 0x4000
#define WMATCH_NICK 0x0001
#define WMATCH_USER 0x0002
#define WMATCH_OPER 0x0004
#define WMATCH_HOST 0x0008
#define WMATCH_INFO 0x0010
#define WMATCH_SERVER 0x0020
#define WMATCH_ACCOUNT 0x0040
#define WMATCH_IP 0x0080
#define WMATCH_MODES 0x0100
#define RPL_WHOSPCRPL 354
#define WHO_ADD 1
#define WHO_DEL 2
#define SetMark(x) ((x)->flags |= FLAGS_MARK)
#define ClearMark(x) ((x)->flags &= ~FLAGS_MARK)
#define IsMarked(x) ((x)->flags & FLAGS_MARK)
#define HasField(x, y) ((x)->fields & (y))
#define IsMatch(x, y) ((x)->matchsel & (y))
struct who_format
{
int fields;
int matchsel;
int umodes;
int noumodes;
const char *querytype;
};
CMD_FUNC(m_whox);
static void who_global(aClient *sptr, char *mask, int operspy, struct who_format *fmt);
static void do_who(aClient *sptr, aClient *acptr, aChannel *chptr, struct who_format *fmt);
static void do_who_on_channel(aClient *sptr, aChannel *chptr,
int member, int operspy, struct who_format *fmt);
static int override_who(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]);
ModuleHeader MOD_HEADER(m_whox)
= {
"m_whox",
"4.0",
"command /who",
"3.2-b8-1",
NULL
};
MOD_INIT(m_whox)
{
//CommandAdd(modinfo->handle, MSG_WHO, m_whox, MAXPARA, M_USER);
MARK_AS_OFFICIAL_MODULE(modinfo);
IsupportAdd(NULL, "WHOX", NULL);
return MOD_SUCCESS;
}
MOD_LOAD(m_whox)
{
CmdoverrideAddEx(modinfo->handle, "WHO", 9999999, override_who);
return MOD_SUCCESS;
}
MOD_UNLOAD(m_whox)
{
Isupport *hunted = IsupportFind("WHOX");
if (hunted)
IsupportDel(hunted);
return MOD_SUCCESS;
}
/* Temporary glue until this module becomes the new m_who */
static int override_who(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[])
{
/* We are always last (and we need to be), thanks to our cmdoverride priority */
return m_whox(cptr, sptr, parc, parv);
}
/*
** m_whox
** parv[1] = nickname mask list
** parv[2] = additional selection flag and format options
*/
CMD_FUNC(m_whox)
{
static time_t last_used = 0;
char *mask;
char ch; /* Scratch char register */
char *p; /* Scratch char pointer */
int member;
int operspy = 0;
struct who_format fmt;
const char *s;
char maskcopy[BUFSIZE];
Membership *lp;
aClient *acptr;
if (!MyClient(sptr))
return 0;
if ((parc < 2) && (IsPerson(sptr)))
{
sendto_one(sptr, err_str(ERR_NEEDMOREPARAMS),
me.name, sptr->name, "WHO");
return 0;
}
fmt.fields = 0;
fmt.matchsel = 0;
fmt.umodes = 0;
fmt.noumodes = 0;
fmt.querytype = NULL;
/* Evaluate the flags now, we consider the second parameter
* as "matchFlags%fieldsToInclude,querytype" */
if ((parc > 2) && parv[2] && *parv[2])
{
p = parv[2];
while (((ch = *(p++))) && (ch != '%') && (ch != ','))
{
switch (ch)
{
case 'o': fmt.matchsel |= WMATCH_OPER; continue;
case 'n': fmt.matchsel |= WMATCH_NICK; continue;
case 'u': fmt.matchsel |= WMATCH_USER; continue;
case 'h': fmt.matchsel |= WMATCH_HOST; continue;
case 'i': fmt.matchsel |= WMATCH_IP; continue;
case 'r': fmt.matchsel |= WMATCH_INFO; continue;
case 's': fmt.matchsel |= WMATCH_SERVER; continue;
case 'a': fmt.matchsel |= WMATCH_ACCOUNT; continue;
case 'm': fmt.matchsel |= WMATCH_MODES; continue;
}
}
}
if ((parc > 2) && (s = strchr(parv[2], '%')) != NULL)
{
s++;
for (; *s != '\0'; s++)
{
switch (*s)
{
case 'c': fmt.fields |= FIELD_CHANNEL; break;
case 'd': fmt.fields |= FIELD_HOP; break;
case 'f': fmt.fields |= FIELD_FLAGS; break;
case 'h': fmt.fields |= FIELD_HOST; break;
case 'H': fmt.fields |= FIELD_REALHOST; break;
case 'i': fmt.fields |= FIELD_IP; break;
case 'l': fmt.fields |= FIELD_IDLE; break;
case 'n': fmt.fields |= FIELD_NICK; break;
case 'r': fmt.fields |= FIELD_INFO; break;
case 's': fmt.fields |= FIELD_SERVER; break;
case 't': fmt.fields |= FIELD_QUERYTYPE; break;
case 'u': fmt.fields |= FIELD_USER; break;
case 'a': fmt.fields |= FIELD_ACCOUNT; break;
case 'm': fmt.fields |= FIELD_MODES; break;
case 'o': fmt.fields |= FIELD_OPLEVEL; break;
case ',':
s++;
fmt.querytype = s;
s += strlen(s);
s--;
break;
}
}
if (BadPtr(fmt.querytype) || (strlen(fmt.querytype) > 3))
fmt.querytype = "0";
}
strlcpy(maskcopy, parv[1], sizeof maskcopy);
mask = maskcopy;
collapse(mask);
/* '/who *' */
if ((*(mask + 1) == '\0') && (*mask == '*'))
{
if(sptr->user == NULL)
return 0;
if ((lp = sptr->user->channel) != NULL)
do_who_on_channel(sptr, lp->chptr, 1, 0, &fmt);
sendto_one(sptr, getreply(RPL_ENDOFWHO), me.name, sptr->name, "*");
return 0;
}
if ((ValidatePermissionsForPath("override:see:who:secret",sptr,NULL,NULL,NULL) ||
ValidatePermissionsForPath("override:see:whois",sptr,NULL,NULL,NULL)) && (*mask == '!'))
{
mask++;
operspy = 1;
if (BadPtr(mask))
{
sendto_one(sptr, getreply(RPL_ENDOFWHO), me.name, sptr->name, parv[1]);
return 0;
}
}
if (fmt.matchsel & WMATCH_MODES)
{
char *s = mask;
int *umodes;
int what = WHO_ADD;
while (*s)
{
int i;
switch (*s)
{
case '+':
what = WHO_ADD;
s++;
break;
case '-':
what = WHO_DEL;
s++;
break;
}
if (!*s)
break;
if (what == WHO_ADD)
umodes = &fmt.umodes;
else
umodes = &fmt.noumodes;
for (i = 0; i <= Usermode_highest; i++)
{
if (*s == Usermode_Table[i].flag)
{
*umodes |= Usermode_Table[i].mode;
break;
}
}
s++;
}
if (!IsOper(sptr))
{
/* these are usermodes regular users may search for. just oper now. */
fmt.umodes &= UMODE_OPER;
fmt.noumodes &= UMODE_OPER;
}
}
/* '/who #some_channel' */
if (IsChannelName(mask))
{
aChannel *chptr = NULL;
/* List all users on a given channel */
if ((chptr = find_channel(parv[1] + operspy, NULL)) != NULL)
{
if (operspy)
{
sendto_snomask_global(SNO_EYES, "*** %s (%s@%s) did a /who on %s",
sptr->name, sptr->user->username, GetHost(sptr),
chptr->chname);
}
if (IsMember(sptr, chptr) || operspy)
do_who_on_channel(sptr, chptr, 1, operspy, &fmt);
else if (!SecretChannel(chptr))
do_who_on_channel(sptr, chptr, 0, operspy, &fmt);
}
sendto_one(sptr, getreply(RPL_ENDOFWHO), me.name, sptr->name, mask);
return 0;
}
/* '/who nick' */
if (((acptr = find_person(mask, NULL)) != NULL) &&
(!(fmt.matchsel & WMATCH_MODES)) &&
(!(fmt.matchsel & WMATCH_OPER) || IsOper(acptr)))
{
int isinvis = 0;
int i = 0;
Hook *h;
isinvis = IsInvisible(acptr);
for (lp = acptr->user->channel; lp; lp = lp->next)
{
member = IsMember(sptr, lp->chptr);
if (isinvis && !member)
continue;
for (h = Hooks[HOOKTYPE_VISIBLE_IN_CHANNEL]; h; h = h->next)
{
i = (*(h->func.intfunc))(acptr,lp->chptr);
if (i != 0)
break;
}
if (i != 0 && !(is_skochanop(sptr, lp->chptr)) && !(is_skochanop(acptr, lp->chptr) || has_voice(acptr,lp->chptr)))
continue;
if (member || (!isinvis && PubChannel(lp->chptr)))
break;
}
if (lp != NULL)
do_who(sptr, acptr, lp->chptr, &fmt);
else
do_who(sptr, acptr, NULL, &fmt);
sendto_one(sptr, getreply(RPL_ENDOFWHO), me.name, sptr->name, parv[1]);
return 0;
}
if (ValidatePermissionsForPath("override:see:who:secret",sptr,NULL,NULL,NULL) ||
ValidatePermissionsForPath("override:see:whois",sptr,NULL,NULL,NULL))
{
operspy = 1;
}
/* '/who 0' for a global list. this forces clients to actually
* request a full list. I presume its because of too many typos
* with "/who" ;) --fl
*/
if ((*(mask + 1) == '\0') && (*mask == '0'))
who_global(sptr, NULL, 0, &fmt);
else
who_global(sptr, mask, operspy, &fmt);
sendto_one(sptr, getreply(RPL_ENDOFWHO), me.name, sptr->name, mask);
return 0;
}
/* do_match
* inputs - pointer to client requesting who
* - pointer to client to do who on
* - char * mask to match
* - format options
* output - 1 if match, 0 if no match
* side effects - NONE
*/
static int do_match(aClient *sptr, aClient *acptr, char *mask, struct who_format *fmt)
{
if (mask == NULL)
return 1;
/* default */
if (fmt->matchsel == 0 && (!match(mask, acptr->name) ||
!match(mask, acptr->user->username) ||
!match(mask, GetHost(acptr)) ||
(IsOper(sptr) &&
(!match(mask, acptr->user->realhost) ||
(acptr->ip &&
!match(mask, acptr->ip))))))
{
return 1;
}
/* match nick */
if (IsMatch(fmt, WMATCH_NICK) && !match(mask, acptr->name))
return 1;
/* match username */
if (IsMatch(fmt, WMATCH_USER) && !match(mask, acptr->user->username))
return 1;
/* match server */
if (IsMatch(fmt, WMATCH_SERVER) && IsOper(sptr) && !match(mask, acptr->user->server))
return 1;
/* match hostname */
if (IsMatch(fmt, WMATCH_HOST) && (!match(mask, GetHost(acptr)) ||
(IsOper(sptr) && (!match(mask, acptr->user->realhost) ||
(acptr->ip && !match(mask, acptr->ip))))))
{
return 1;
}
/* match realname */
if (IsMatch(fmt, WMATCH_INFO) && !match(mask, acptr->info))
return 1;
/* match ip address */
if (IsMatch(fmt, WMATCH_IP) && IsOper(sptr) && acptr->ip && !match(mask, acptr->ip))
return 1;
/* match account */
if (IsMatch(fmt, WMATCH_ACCOUNT) && !BadPtr(acptr->user->svid) &&
!isdigit(*acptr->user->svid) && !match(mask, acptr->user->svid))
{
return 1;
}
/* match usermodes */
if (IsMatch(fmt, WMATCH_MODES) &&
((acptr->umodes & fmt->umodes) &&
!(acptr->umodes & fmt->noumodes) &&
(!(acptr->umodes & UMODE_HIDEOPER) || IsOper(sptr))))
{
return 1;
}
return 0;
}
/* who_common_channel
* inputs - pointer to client requesting who
* - pointer to channel.
* - char * mask to match
* - int if oper on a server or not
* - pointer to int maxmatches
* - format options
* output - NONE
* side effects - lists matching invisible clients on specified channel,
* marks matched clients.
*/
static void who_common_channel(aClient *sptr, aChannel *chptr,
char *mask, int *maxmatches, struct who_format *fmt)
{
Member *cm = chptr->members;
aClient *acptr;
Hook *h;
int i = 0;
for (cm = chptr->members; cm; cm = cm->next)
{
acptr = cm->cptr;
if (!IsInvisible(acptr) || IsMarked(acptr))
continue;
if(IsMatch(fmt, WMATCH_OPER) && !IsOper(acptr))
continue;
for (h = Hooks[HOOKTYPE_VISIBLE_IN_CHANNEL]; h; h = h->next)
{
i = (*(h->func.intfunc))(acptr,chptr);
if (i != 0)
break;
}
if (i != 0 && !(is_skochanop(sptr, chptr)) && !(is_skochanop(acptr, chptr) || has_voice(acptr,chptr)))
continue;
SetMark(acptr);
if(*maxmatches > 0)
{
if (do_match(sptr, acptr, mask, fmt))
{
do_who(sptr, acptr, NULL, fmt);
--(*maxmatches);
}
}
}
}
/*
* who_global
*
* inputs - pointer to client requesting who
* - char * mask to match
* - int if oper on a server or not
* - int if operspy or not
* - format options
* output - NONE
* side effects - do a global scan of all clients looking for match
* this is slightly expensive on EFnet ...
* marks assumed cleared for all clients initially
* and will be left cleared on return
*/
static void who_global(aClient *sptr, char *mask, int operspy, struct who_format *fmt)
{
aClient *acptr;
int maxmatches = WHOLIMIT ? WHOLIMIT : 100;
/* first, list all matching INvisible clients on common channels
* if this is not an operspy who
*/
if(!operspy)
{
Membership *lp;
for (lp = sptr->user->channel; lp; lp = lp->next)
who_common_channel(sptr, lp->chptr, mask, &maxmatches, fmt);
}
/* second, list all matching visible clients and clear all marks
* on invisible clients
* if this is an operspy who, list all matching clients, no need
* to clear marks
*/
list_for_each_entry(acptr, &client_list, client_node)
{
if(!IsPerson(acptr))
continue;
if(IsInvisible(acptr) && !operspy)
{
ClearMark(acptr);
continue;
}
if(IsMatch(fmt, WMATCH_OPER) && !IsOper(acptr))
continue;
if(maxmatches > 0)
{
if (do_match(sptr, acptr, mask, fmt))
{
do_who(sptr, acptr, NULL, fmt);
--maxmatches;
}
}
}
if (maxmatches <= 0)
sendto_one(sptr, ":%s 416 %s %s :output too large, truncated", me.name, sptr->name, "WHO"); /* ERR_TOOMANYMATCHES */
}
/*
* do_who_on_channel
*
* inputs - pointer to client requesting who
* - pointer to channel to do who on
* - The "real name" of this channel
* - int if sptr is a server oper or not
* - int if client is member or not
* - format options
* output - NONE
* side effects - do a who on given channel
*/
static void do_who_on_channel(aClient *sptr, aChannel *chptr,
int member, int operspy, struct who_format *fmt)
{
Member *cm = chptr->members;
Hook *h;
int i = 0;
for (cm = chptr->members; cm; cm = cm->next)
{
aClient *acptr = cm->cptr;
if (IsMatch(fmt, WMATCH_OPER) && !IsOper(acptr))
continue;
for (h = Hooks[HOOKTYPE_VISIBLE_IN_CHANNEL]; h; h = h->next)
{
i = (*(h->func.intfunc))(acptr,chptr);
if (i != 0)
break;
}
if (!operspy && (acptr != sptr) && i != 0 && !(is_skochanop(sptr, chptr)) && !(is_skochanop(acptr, chptr) || has_voice(acptr,chptr)))
continue;
if(member || !IsInvisible(acptr))
do_who(sptr, acptr, chptr, fmt);
}
}
/*
* append_format
*
* inputs - pointer to buffer
* - size of buffer
* - pointer to position
* - format string
* - arguments for format
* output - NONE
* side effects - position incremented, possibly beyond size of buffer
* this allows detecting overflow
*/
static void append_format(char *buf, size_t bufsize, size_t *pos, const char *fmt, ...)
{
size_t max, result;
va_list ap;
max = *pos >= bufsize ? 0 : bufsize - *pos;
va_start(ap, fmt);
result = vsnprintf(buf + *pos, max, fmt, ap);
va_end(ap);
*pos += result;
}
/*
* show_ip() - asks if the true IP should be shown when source is
* asking for info about target
*
* Inputs - sptr who is asking
* - acptr who do we want the info on
* Output - returns 1 if clear IP can be shown, otherwise 0
* Side Effects - none
*/
static int show_ip(aClient *sptr, aClient *acptr)
{
if (IsServer(acptr))
return 0;
else if ((sptr != NULL) && (MyConnect(sptr) && !IsOper(sptr)) && (sptr == acptr))
return 1;
else if (IsHidden(acptr) && ((sptr != NULL) && !IsOper(sptr)))
return 0;
else
return 1;
}
/*
* do_who
*
* inputs - pointer to client requesting who
* - pointer to client to do who on
* - channel or NULL
* - format options
* output - NONE
* side effects - do a who on given person
*/
static void do_who(aClient *sptr, aClient *acptr, aChannel *chptr, struct who_format *fmt)
{
char status[20];
char str[510 + 1];
size_t pos;
int hide = (FLAT_MAP && !IsOper(sptr)) ? 1 : 0;
int i = 0;
Hook *h;
if (acptr->user->away)
status[i++] = 'G';
else
status[i++] = 'H';
if (IsARegNick(acptr))
status[i++] = 'r';
for (h = Hooks[HOOKTYPE_WHO_STATUS]; h; h = h->next)
{
int ret = (*(h->func.intfunc))(sptr, acptr, NULL, NULL, status, 0);
if (ret != 0)
status[i++] = (char)ret;
}
if (IsOper(acptr) && (!IsHideOper(acptr) || sptr == acptr || IsOper(sptr)))
status[i++] = '*';
if (IsOper(acptr) && (IsHideOper(acptr) && sptr != acptr && IsOper(sptr)))
status[i++] = '!';
if (chptr)
{
Membership *lp;
if ((lp = find_membership_link(acptr->user->channel, chptr)))
{
if (!(fmt->fields || SupportNAMESX(sptr)))
{
/* Standard NAMES reply */
#ifdef PREFIX_AQ
if (lp->flags & CHFL_CHANOWNER)
status[i++] = '~';
else if (lp->flags & CHFL_CHANPROT)
status[i++] = '&';
else
#endif
if (lp->flags & CHFL_CHANOP)
status[i++] = '@';
else if (lp->flags & CHFL_HALFOP)
status[i++] = '%';
else if (lp->flags & CHFL_VOICE)
status[i++] = '+';
}
else
{
/* NAMES reply with all rights included (NAMESX) */
#ifdef PREFIX_AQ
if (lp->flags & CHFL_CHANOWNER)
status[i++] = '~';
if (lp->flags & CHFL_CHANPROT)
status[i++] = '&';
#endif
if (lp->flags & CHFL_CHANOP)
status[i++] = '@';
if (lp->flags & CHFL_HALFOP)
status[i++] = '%';
if (lp->flags & CHFL_VOICE)
status[i++] = '+';
}
}
}
status[i] = '\0';
if (fmt->fields == 0)
{
sendto_one(sptr, getreply(RPL_WHOREPLY), me.name,
sptr->name, chptr ? chptr->chname : "*",
acptr->user->username, GetHost(acptr),
hide ? "*" : acptr->user->server,
acptr->name, status, hide ? 0 : acptr->hopcount, acptr->info);
} else
{
str[0] = '\0';
pos = 0;
append_format(str, sizeof str, &pos, ":%s %d %s", me.name, RPL_WHOSPCRPL, sptr->name);
if (HasField(fmt, FIELD_QUERYTYPE))
append_format(str, sizeof str, &pos, " %s", fmt->querytype);
if (HasField(fmt, FIELD_CHANNEL))
append_format(str, sizeof str, &pos, " %s", chptr ? chptr->chname : "*");
if (HasField(fmt, FIELD_USER))
append_format(str, sizeof str, &pos, " %s", acptr->user->username);
if (HasField(fmt, FIELD_IP))
{
if (show_ip(sptr, acptr) && acptr->ip)
append_format(str, sizeof str, &pos, " %s", acptr->ip);
else
append_format(str, sizeof str, &pos, " %s", "255.255.255.255");
}
if (HasField(fmt, FIELD_HOST) || HasField(fmt, FIELD_REALHOST))
{
if (IsOper(sptr) && HasField(fmt, FIELD_REALHOST))
append_format(str, sizeof str, &pos, " %s", acptr->user->realhost);
else
append_format(str, sizeof str, &pos, " %s", GetHost(acptr));
}
if (HasField(fmt, FIELD_SERVER))
append_format(str, sizeof str, &pos, " %s", hide ? "*" : acptr->user->server);
if (HasField(fmt, FIELD_NICK))
append_format(str, sizeof str, &pos, " %s", acptr->name);
if (HasField(fmt, FIELD_FLAGS))
append_format(str, sizeof str, &pos, " %s", status);
if (HasField(fmt, FIELD_MODES))
{
if (IsOper(sptr))
append_format(str, sizeof str, &pos, " %s", strtok(get_mode_str(acptr), "+"));
else
append_format(str, sizeof str, &pos, " %s", "*");
}
if (HasField(fmt, FIELD_HOP))
append_format(str, sizeof str, &pos, " %d", hide ? 0 : acptr->hopcount);
if (HasField(fmt, FIELD_IDLE))
append_format(str, sizeof str, &pos, " %d", (int)(MyClient(acptr) &&
(!(acptr->umodes & UMODE_HIDLE) || IsOper(sptr) ||
(sptr == acptr)) ? TStime() - acptr->local->last : 0));
if (HasField(fmt, FIELD_ACCOUNT))
append_format(str, sizeof str, &pos, " %s", (!isdigit(*acptr->user->svid)) ? acptr->user->svid : "0");
if (HasField(fmt, FIELD_OPLEVEL))
append_format(str, sizeof str, &pos, " %s", (chptr && is_skochanop(acptr, chptr)) ? "999" : "n/a");
if (HasField(fmt, FIELD_INFO))
append_format(str, sizeof str, &pos, " :%s", acptr->info);
if (pos >= sizeof str)
{
static int warned = 0;
if (!warned)
sendto_snomask(SNO_JUNK, "*** WHOX overflow while sending information about %s to %s", acptr->name, sptr->name);
warned = 1;
}
sendto_one(sptr, "%s", str);
}
}
+2
View File
@@ -35,6 +35,8 @@ char *nocodes_pre_chanmsg(aClient *sptr, aChannel *chptr, char *text, int notice
MOD_INIT(nocodes)
{
MARK_AS_OFFICIAL_MODULE(modinfo);
HookAddPChar(modinfo->handle, HOOKTYPE_PRE_CHANMSG, 0, nocodes_pre_chanmsg);
return MOD_SUCCESS;
}
+5 -2
View File
@@ -347,8 +347,11 @@ int cleaned = 0;
continue;
}
/* Hunt for end of word */
for (endw = pold; ((*endw != '\0') && (!iswseperator(*endw))); endw++);
/* Hunt for end of word
* Fix for bug #4909: word will be at least 'searchn' long so we can skip
* 'searchn' bytes and avoid stopping half-way the badword.
*/
for (endw = pold+searchn; ((*endw != '\0') && (!iswseperator(*endw))); endw++);
if (!(badword->type & BADW_TYPE_FAST_R) && (pold+searchn != endw)) {
/* not matched */
+23
View File
@@ -55,6 +55,8 @@ int webirc_config_test(ConfigFile *, ConfigEntry *, int, int *);
int webirc_config_run(ConfigFile *, ConfigEntry *, int);
void webirc_free_conf(void);
void delete_webircblock(ConfigItem_webirc *e);
char *webirc_md_serialize(ModData *m);
void webirc_md_unserialize(char *str, ModData *m);
void webirc_md_free(ModData *md);
int webirc_secure_connect(aClient *acptr);
@@ -82,7 +84,10 @@ MOD_INIT(webirc)
memset(&mreq, 0, sizeof(mreq));
mreq.name = "webirc";
mreq.type = MODDATATYPE_CLIENT;
mreq.serialize = webirc_md_serialize;
mreq.unserialize = webirc_md_unserialize;
mreq.free = webirc_md_free;
mreq.sync = 1;
webirc_md = ModDataAdd(modinfo->handle, mreq);
if (!webirc_md)
{
@@ -285,6 +290,20 @@ int webirc_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
return 0;
}
char *webirc_md_serialize(ModData *m)
{
static char buf[32];
if (m->i == 0)
return NULL; /* not set */
snprintf(buf, sizeof(buf), "%d", m->i);
return buf;
}
void webirc_md_unserialize(char *str, ModData *m)
{
m->i = atoi(str);
}
void webirc_md_free(ModData *md)
{
/* we have nothing to free actually, but we must set to zero */
@@ -386,6 +405,10 @@ int dowebirc(aClient *cptr, char *ip, char *host, char *options)
}
}
/* blacklist_start_check() */
if (RCallbacks[CALLBACKTYPE_BLACKLIST_CHECK] != NULL)
RCallbacks[CALLBACKTYPE_BLACKLIST_CHECK]->func.intfunc(cptr);
/* Check (g)zlines right now; these are normally checked upon accept(),
* but since we know the IP only now after PASS/WEBIRC, we have to check
* here again...
+1 -1
View File
@@ -302,7 +302,7 @@ OperPermission ValidatePermissionsForPath(char* path, aClient *sptr, aClient *vi
if (!sptr)
return OPER_DENY;
/* Trust Servers, U:Lines and remote opers */
/* Trust Servers, U-Lines and remote opers */
if (IsServer(sptr) || IsULine(sptr) || (IsOper(sptr) && !MyClient(sptr)))
return OPER_ALLOW;
+7 -7
View File
@@ -190,7 +190,7 @@ void reinit_resolver(aClient *sptr)
{
EventDel(unrealdns_timeout_hdl);
sendto_realops("%s requested reinitalization of resolver!", sptr->name);
sendto_ops_and_log("%s requested reinitalization of resolver!", sptr->name);
sendto_realops("Destroying resolver channel, along with all currently pending queries...");
ares_destroy(resolver_channel);
sendto_realops("Initializing resolver again...");
@@ -411,7 +411,7 @@ void unrealdns_cb_nametoip_link(void *arg, int status, int timeouts, struct host
}
/* fatal error while resolving */
sendto_realops("Unable to resolve hostname '%s', when trying to connect to server %s.",
sendto_ops_and_log("Unable to resolve hostname '%s', when trying to connect to server %s.",
r->name, r->linkblock->servername);
r->linkblock->refcount--;
unrealdns_freeandremovereq(r);
@@ -423,7 +423,7 @@ void unrealdns_cb_nametoip_link(void *arg, int status, int timeouts, struct host
!(ip = inetntop(r->ipv6 ? AF_INET6 : AF_INET, he->h_addr_list[0], ipbuf, sizeof(ipbuf))))
{
/* Illegal response -- fatal */
sendto_realops("Unable to resolve hostname '%s', when trying to connect to server %s.",
sendto_ops_and_log("Unable to resolve hostname '%s', when trying to connect to server %s.",
r->name, r->linkblock->servername);
unrealdns_freeandremovereq(r);
return;
@@ -438,17 +438,17 @@ void unrealdns_cb_nametoip_link(void *arg, int status, int timeouts, struct host
switch ((n = connect_server(r->linkblock, r->cptr, he2)))
{
case 0:
sendto_realops("Connecting to %s[%s].", r->linkblock->servername, ip);
sendto_ops_and_log("Connecting to server %s[%s].", r->linkblock->servername, ip);
break;
case -1:
sendto_realops("Couldn't connect to %s[%s].", r->linkblock->servername, ip);
sendto_ops_and_log("Couldn't connect to server %s[%s].", r->linkblock->servername, ip);
break;
case -2:
/* Should not happen since he is not NULL */
sendto_realops("Hostname %s is unknown for server %s (!?).", r->linkblock->outgoing.hostname, r->linkblock->servername);
sendto_ops_and_log("Hostname %s is unknown for server %s (!?).", r->linkblock->outgoing.hostname, r->linkblock->servername);
break;
default:
sendto_realops("Connection to %s failed: %s", r->linkblock->servername, STRERROR(n));
sendto_ops_and_log("Connection to server %s failed: %s", r->linkblock->servername, STRERROR(n));
}
unrealdns_freeandremovereq(r);
+29 -26
View File
@@ -290,7 +290,7 @@ static void listener_accept(int listener_fd, int revents, void *data)
ircstp->is_ref++;
if (last_allinuse < TStime() - 15)
{
sendto_realops("All connections in use. ([@%s/%u])", listener->ip, listener->port);
sendto_ops_and_log("All connections in use. ([@%s/%u])", listener->ip, listener->port);
last_allinuse = TStime();
}
@@ -340,7 +340,7 @@ int inetport(ConfigItem_listen *listener, char *ip, int port, int ipv6)
if (++OpenFiles >= MAXCLIENTS)
{
sendto_ops("No more connections allowed (%s)", listener->ip);
sendto_ops_and_log("No more connections allowed (%s)", listener->ip);
fd_close(listener->fd);
listener->fd = -1;
--OpenFiles;
@@ -612,7 +612,7 @@ void start_server_handshake(aClient *cptr)
if (!aconf)
{
/* Should be impossible. */
sendto_ops("Lost configuration for %s in start_server_handshake()", get_client_name(cptr, FALSE));
sendto_ops_and_log("Lost configuration for %s in start_server_handshake()", get_client_name(cptr, FALSE));
return;
}
@@ -663,7 +663,7 @@ void completed_connection(int fd, int revents, void *data)
if (!aconf)
{
sendto_ops("Lost configuration for %s", get_client_name(cptr, FALSE));
sendto_ops_and_log("Lost configuration for %s", get_client_name(cptr, FALSE));
return;
}
@@ -992,6 +992,7 @@ aClient *add_connection(ConfigItem_listen *listener, int fd)
{
aClient *acptr, *acptr2;
ConfigItem_ban *bconf;
aTKline *tk;
int i, j;
char *ip;
int port = 0;
@@ -1026,6 +1027,7 @@ add_con_refuse:
set_sockhost(acptr, ip);
acptr->ip = strdup(ip);
acptr->local->port = port;
acptr->fd = fd;
/* Tag loopback connections as FLAGS_LOCAL */
if (is_loopback_ip(acptr->ip))
@@ -1036,19 +1038,22 @@ add_con_refuse:
j = 1;
list_for_each_entry(acptr2, &unknown_list, lclient_node)
if (!Find_except(acptr, CONF_EXCEPT_THROTTLE))
{
if (!strcmp(acptr->ip,GetIP(acptr2)))
list_for_each_entry(acptr2, &unknown_list, lclient_node)
{
j++;
if (j > iConf.max_unknown_connections_per_ip)
if (!strcmp(acptr->ip,GetIP(acptr2)))
{
ircsnprintf(zlinebuf, sizeof(zlinebuf),
"ERROR :Closing Link: [%s] (Too many unknown connections from your IP)"
"\r\n",
acptr->ip);
(void)send(fd, zlinebuf, strlen(zlinebuf), 0);
goto add_con_refuse;
j++;
if (j > iConf.max_unknown_connections_per_ip)
{
ircsnprintf(zlinebuf, sizeof(zlinebuf),
"ERROR :Closing Link: [%s] (Too many unknown connections from your IP)"
"\r\n",
acptr->ip);
(void)send(fd, zlinebuf, strlen(zlinebuf), 0);
goto add_con_refuse;
}
}
}
}
@@ -1057,19 +1062,14 @@ add_con_refuse:
{
if (bconf)
{
ircsnprintf(zlinebuf, sizeof(zlinebuf),
"ERROR :Closing Link: [%s] (You are not welcome on "
"this server: %s. Email %s for more information.)\r\n",
acptr->ip,
bconf->reason ? bconf->reason : "no reason",
KLINE_ADDRESS);
(void)send(fd, zlinebuf, strlen(zlinebuf), 0);
banned_client(acptr, "K-Lined", bconf->reason ? bconf->reason : "no reason", 0, NO_EXIT_CLIENT);
goto add_con_refuse;
}
}
else if (find_tkline_match_zap(acptr) != -1)
else if ((tk = find_tkline_match_zap(acptr)))
{
(void)send(fd, zlinebuf, strlen(zlinebuf), 0);
ircstp->is_ref++;
banned_client(acptr, "Z-Lined", tk->reason, (tk->type & TKL_GLOBAL)?1:0, NO_EXIT_CLIENT);
goto add_con_refuse;
}
else
@@ -1089,7 +1089,6 @@ add_con_refuse:
add_throttling_bucket(acptr);
}
acptr->fd = fd;
acptr->local->listener = listener;
if (acptr->local->listener != NULL)
acptr->local->listener->clients++;
@@ -1337,8 +1336,12 @@ void read_packet(int fd, int revents, void *data)
return;
if (IsServer(cptr) || cptr->serv) /* server or outgoing connection */
{
sendto_umode_global(UMODE_OPER, "Lost connection to %s: Read error",
get_client_name(cptr, FALSE));
get_client_name(cptr, FALSE));
ircd_log(LOG_ERROR, "Lost connection to %s: Read error",
get_client_name(cptr, FALSE));
}
exit_client(cptr, cptr, cptr, "Read error");
return;
@@ -1578,7 +1581,7 @@ int connect_inet(ConfigItem_link *aconf, aClient *cptr)
}
if (++OpenFiles >= MAXCLIENTS)
{
sendto_realops("No more connections allowed (%s)", cptr->name);
sendto_ops_and_log("No more connections allowed (%s)", cptr->name);
return 0;
}
+273 -17
View File
@@ -92,6 +92,8 @@ static int _conf_deny_dcc (ConfigFile *conf, ConfigEntry *ce);
static int _conf_deny_link (ConfigFile *conf, ConfigEntry *ce);
static int _conf_deny_channel (ConfigFile *conf, ConfigEntry *ce);
static int _conf_deny_version (ConfigFile *conf, ConfigEntry *ce);
static int _conf_require (ConfigFile *conf, ConfigEntry *ce);
static int _conf_require_sasl (ConfigFile *conf, ConfigEntry *ce);
static int _conf_allow_channel (ConfigFile *conf, ConfigEntry *ce);
static int _conf_allow_dcc (ConfigFile *conf, ConfigEntry *ce);
static int _conf_loadmodule (ConfigFile *conf, ConfigEntry *ce);
@@ -122,11 +124,13 @@ static int _test_except (ConfigFile *conf, ConfigEntry *ce);
static int _test_vhost (ConfigFile *conf, ConfigEntry *ce);
static int _test_link (ConfigFile *conf, ConfigEntry *ce);
static int _test_ban (ConfigFile *conf, ConfigEntry *ce);
static int _test_require (ConfigFile *conf, ConfigEntry *ce);
static int _test_set (ConfigFile *conf, ConfigEntry *ce);
static int _test_deny (ConfigFile *conf, ConfigEntry *ce);
static int _test_allow_channel (ConfigFile *conf, ConfigEntry *ce);
static int _test_allow_dcc (ConfigFile *conf, ConfigEntry *ce);
static int _test_loadmodule (ConfigFile *conf, ConfigEntry *ce);
static int _test_blacklist_module (ConfigFile *conf, ConfigEntry *ce);
static int _test_log (ConfigFile *conf, ConfigEntry *ce);
static int _test_alias (ConfigFile *conf, ConfigEntry *ce);
static int _test_help (ConfigFile *conf, ConfigEntry *ce);
@@ -140,6 +144,7 @@ static ConfigCommand _ConfigCommands[] = {
{ "alias", _conf_alias, _test_alias },
{ "allow", _conf_allow, _test_allow },
{ "ban", _conf_ban, _test_ban },
{ "blacklist-module", NULL, NULL },
{ "class", _conf_class, _test_class },
{ "deny", _conf_deny, _test_deny },
{ "drpass", _conf_drpass, _test_drpass },
@@ -155,6 +160,7 @@ static ConfigCommand _ConfigCommands[] = {
{ "official-channels", _conf_offchans, _test_offchans },
{ "oper", _conf_oper, _test_oper },
{ "operclass", _conf_operclass, _test_operclass },
{ "require", _conf_require, _test_require },
{ "set", _conf_set, _test_set },
{ "sni", _conf_sni, _test_sni },
{ "spamfilter", _conf_spamfilter, _test_spamfilter },
@@ -299,6 +305,7 @@ ConfigItem_deny_version *conf_deny_version = NULL;
ConfigItem_log *conf_log = NULL;
ConfigItem_alias *conf_alias = NULL;
ConfigItem_include *conf_include = NULL;
ConfigItem_blacklist_module *conf_blacklist_module = NULL;
ConfigItem_help *conf_help = NULL;
ConfigItem_offchans *conf_offchans = NULL;
@@ -325,6 +332,7 @@ void unload_notloaded_includes(void);
void load_includes(void);
void unload_loaded_includes(void);
int rehash_internal(aClient *cptr, aClient *sptr, int sig);
int is_blacklisted_module(char *name);
/** Return the printable string of a 'cep' location, such as set::something::xyz */
char *config_var(ConfigEntry *cep)
@@ -1505,6 +1513,7 @@ void config_setdefaultsettings(aConfiguration *i)
snprintf(tmp, sizeof(tmp), "%s/ssl/curl-ca-bundle.crt", CONFDIR);
i->ssl_options->trusted_ca_file = strdup(tmp);
i->ssl_options->ciphers = strdup(UNREALIRCD_DEFAULT_CIPHERS);
i->ssl_options->ciphersuites = strdup(UNREALIRCD_DEFAULT_CIPHERSUITES);
i->ssl_options->protocols = SSL_PROTOCOL_ALL;
#ifdef HAS_SSL_CTX_SET1_CURVES_LIST
i->ssl_options->ecdh_curves = strdup(UNREALIRCD_DEFAULT_ECDH_CURVES);
@@ -1713,6 +1722,50 @@ int config_test_all(void)
return 1;
}
/** Process all loadmodule directives in all includes.
* This was previously done at the same time as 'include' was called but
* that was too early now that we have blacklist-module, so moved here.
* @retval 1 on success, 0 on any failed loadmodule directive.
*/
int config_loadmodules(void)
{
ConfigFile *cfptr;
ConfigEntry *ce;
ConfigItem_blacklist_module *blm, *blm_next;
int fatal_ret = 0, ret;
for (cfptr = conf; cfptr; cfptr = cfptr->cf_next)
{
if (config_verbose > 1)
config_status("Testing %s", cfptr->cf_filename);
for (ce = cfptr->cf_entries; ce; ce = ce->ce_next)
{
if (!strcmp(ce->ce_varname, "loadmodule"))
{
ret = _conf_loadmodule(cfptr, ce);
if (ret < fatal_ret)
fatal_ret = ret; /* lowest wins */
}
}
}
/* Let's free the blacklist-module list here as well */
for (blm = conf_blacklist_module; blm; blm = blm_next)
{
blm_next = blm->next;
safefree(blm->name);
safefree(blm);
}
conf_blacklist_module = NULL;
/* End of freeing code */
/* If any loadmodule returned a fatal (-1) error code then we return fail status (0) */
if (fatal_ret < 0)
return 0; /* FAIL */
return 1; /* SUCCESS */
}
int init_conf(char *rootconf, int rehash)
{
char *old_pid_file = NULL;
@@ -1737,7 +1790,7 @@ int init_conf(char *rootconf, int rehash)
* include "unrealircd.conf";
*/
add_include(rootconf, "[thin air]", -1);
if (load_conf(rootconf, rootconf) > 0)
if ((load_conf(rootconf, rootconf) > 0) && config_loadmodules())
{
config_test_reset();
if (!config_test_all())
@@ -1849,7 +1902,6 @@ int load_conf(char *filename, const char *original_path)
ConfigEntry *ce;
ConfigItem_include *inc, *my_inc;
int ret;
int fatal_ret;
int counter;
if (config_verbose > 0)
@@ -1925,23 +1977,18 @@ int load_conf(char *filename, const char *original_path)
cfptr3 = &cfptr2->cf_next;
*cfptr3 = cfptr;
if (config_verbose > 1)
config_status("Loading module blacklist in %s", filename);
for (ce = cfptr->cf_entries; ce; ce = ce->ce_next)
if (!strcmp(ce->ce_varname, "blacklist-module"))
_test_blacklist_module(cfptr, ce);
/* Load modules */
if (config_verbose > 1)
config_status("Loading modules in %s", filename);
fatal_ret = 0;
for (ce = cfptr->cf_entries; ce; ce = ce->ce_next)
if (!strcmp(ce->ce_varname, "loadmodule"))
{
ret = _conf_loadmodule(cfptr, ce);
if (ret < fatal_ret)
fatal_ret = ret; /* lowest wins */
}
ret = fatal_ret;
if (need_34_upgrade)
upgrade_conf_to_34();
if (ret < 0)
return ret;
/* Load includes */
if (config_verbose > 1)
@@ -2759,7 +2806,7 @@ ConfigItem_tld *Find_tld(aClient *cptr)
{
if (match_user(tld->mask, cptr, MATCH_CHECK_REAL))
{
if ((tld->options & TLD_SSL) && !IsSecure(cptr))
if ((tld->options & TLD_SSL) && !IsSecureConnect(cptr))
continue;
if ((tld->options & TLD_REMOTE) && MyClient(cptr))
continue;
@@ -5133,6 +5180,15 @@ int _test_allow(ConfigFile *conf, ConfigEntry *ce)
{}
else if (!strcmp(cepp->ce_varname, "ssl"))
{}
else if (!strcmp(cepp->ce_varname, "sasl"))
{
config_error("%s:%d: The option allow::options::sasl no longer exists. "
"Please use a require sasl { } block instead, which "
"is more flexible and provides the same functionality. See "
"https://www.unrealircd.org/docs/Require_sasl_block",
cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum);
errors++;
}
else if (!strcmp(cepp->ce_varname, "nopasscont"))
{}
else
@@ -7018,6 +7074,141 @@ int _test_ban(ConfigFile *conf, ConfigEntry *ce)
return errors;
}
int _conf_require(ConfigFile *conf, ConfigEntry *ce)
{
ConfigEntry *cep;
ConfigItem_ban *ca;
Hook *h;
ca = MyMallocEx(sizeof(ConfigItem_ban));
if (!strcmp(ce->ce_vardata, "sasl"))
{
ca->flag.type = CONF_BAN_UNAUTHENTICATED;
}
else {
int value;
free(ca); /* ca isn't used, modules have their own list. */
for (h = Hooks[HOOKTYPE_CONFIGRUN]; h; h = h->next)
{
value = (*(h->func.intfunc))(conf,ce,CONFIG_REQUIRE);
if (value == 1)
break;
}
return 0;
}
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!strcmp(cep->ce_varname, "mask"))
{
ca->mask = strdup(cep->ce_vardata);
}
else if (!strcmp(cep->ce_varname, "reason"))
ca->reason = strdup(cep->ce_vardata);
else if (!strcmp(cep->ce_varname, "action"))
ca ->action = banact_stringtoval(cep->ce_vardata);
}
AddListItem(ca, conf_ban);
return 0;
}
int _test_require(ConfigFile *conf, ConfigEntry *ce)
{
ConfigEntry *cep;
int errors = 0;
Hook *h;
char type = 0;
char has_mask = 0, has_action = 0, has_reason = 0;
if (!ce->ce_vardata)
{
config_error("%s:%i: require without type, did you mean 'require sasl'?",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
return 1;
}
if (!strcmp(ce->ce_vardata, "sasl"))
{}
else
{
int used = 0;
for (h = Hooks[HOOKTYPE_CONFIGTEST]; h; h = h->next)
{
int value, errs = 0;
if (h->owner && !(h->owner->flags & MODFLAG_TESTING)
&& !(h->owner->options & MOD_OPT_PERM))
continue;
value = (*(h->func.intfunc))(conf,ce,CONFIG_REQUIRE, &errs);
if (value == 2)
used = 1;
if (value == 1)
{
used = 1;
break;
}
if (value == -1)
{
used = 1;
errors += errs;
break;
}
if (value == -2)
{
used = 1;
errors += errs;
}
}
if (!used) {
config_error("%s:%i: unknown require type '%s'",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
ce->ce_vardata);
return 1;
}
return errors;
}
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (config_is_blankorempty(cep, "require"))
{
errors++;
continue;
}
if (!strcmp(cep->ce_varname, "mask"))
{
if (has_mask)
{
config_warn_duplicate(cep->ce_fileptr->cf_filename,
cep->ce_varlinenum, "require::mask");
continue;
}
has_mask = 1;
}
else if (!strcmp(cep->ce_varname, "reason"))
{
if (has_reason)
{
config_warn_duplicate(cep->ce_fileptr->cf_filename,
cep->ce_varlinenum, "require::reason");
continue;
}
has_reason = 1;
}
}
if (!has_mask)
{
config_error_missing(ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
"require::mask");
errors++;
}
if (!has_reason)
{
config_error_missing(ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
"require::reason");
errors++;
}
return errors;
}
#define CheckNull(x) if ((!(x)->ce_vardata) || (!(*((x)->ce_vardata)))) { config_error("%s:%i: missing parameter", (x)->ce_fileptr->cf_filename, (x)->ce_varlinenum); errors++; continue; }
#define CheckNullAllowEmpty(x) if ((!(x)->ce_vardata)) { config_error("%s:%i: missing parameter", (x)->ce_fileptr->cf_filename, (x)->ce_varlinenum); errors++; continue; }
#define CheckDuplicate(cep, name, display) if (settings.has_##name) { config_warn_duplicate((cep)->ce_fileptr->cf_filename, cep->ce_varlinenum, "set::" display); continue; } else settings.has_##name = 1
@@ -7039,6 +7230,10 @@ void test_sslblock(ConfigFile *conf, ConfigEntry *cep, int *totalerrors)
{
CheckNull(cepp);
}
else if (!strcmp(cepp->ce_varname, "ciphersuites"))
{
CheckNull(cepp);
}
else if (!strcmp(cepp->ce_varname, "ecdh-curves"))
{
CheckNull(cepp);
@@ -7209,6 +7404,7 @@ void free_ssl_options(SSLOptions *ssloptions)
safefree(ssloptions->dh_file);
safefree(ssloptions->trusted_ca_file);
safefree(ssloptions->ciphers);
safefree(ssloptions->ciphersuites);
memset(ssloptions, 0, sizeof(SSLOptions));
MyFree(ssloptions);
}
@@ -7227,6 +7423,7 @@ void conf_sslblock(ConfigFile *conf, ConfigEntry *cep, SSLOptions *ssloptions)
safestrdup(ssloptions->trusted_ca_file, tempiConf.ssl_options->trusted_ca_file);
ssloptions->protocols = tempiConf.ssl_options->protocols;
safestrdup(ssloptions->ciphers, tempiConf.ssl_options->ciphers);
safestrdup(ssloptions->ciphersuites, tempiConf.ssl_options->ciphersuites);
safestrdup(ssloptions->ecdh_curves, tempiConf.ssl_options->ecdh_curves);
ssloptions->options = tempiConf.ssl_options->options;
ssloptions->renegotiate_bytes = tempiConf.ssl_options->renegotiate_bytes;
@@ -7242,8 +7439,12 @@ void conf_sslblock(ConfigFile *conf, ConfigEntry *cep, SSLOptions *ssloptions)
if (!strcmp(cepp->ce_varname, "ciphers") || !strcmp(cepp->ce_varname, "server-cipher-list"))
{
safestrdup(ssloptions->ciphers, cepp->ce_vardata);
} else
if (!strcmp(cepp->ce_varname, "ecdh-curves"))
}
else if (!strcmp(cepp->ce_varname, "ciphersuites"))
{
safestrdup(ssloptions->ciphersuites, cepp->ce_vardata);
}
else if (!strcmp(cepp->ce_varname, "ecdh-curves"))
{
safestrdup(ssloptions->ecdh_curves, cepp->ce_vardata);
}
@@ -8800,6 +9001,14 @@ int _conf_loadmodule(ConfigFile *conf, ConfigEntry *ce)
// TODO ^: silly win32 wrapping prevents this from being displayed otherwise. PLZ FIX! !
/* let it continue to load anyway? */
}
if (is_blacklisted_module(ce->ce_vardata))
{
/* config_warn("%s:%i: Module '%s' is blacklisted, not loading",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata); */
return 1;
}
if ((ret = Module_Create(ce->ce_vardata))) {
config_status("%s:%i: loadmodule %s: failed to load: %s",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
@@ -8814,6 +9023,53 @@ int _test_loadmodule(ConfigFile *conf, ConfigEntry *ce)
return 0;
}
int _test_blacklist_module(ConfigFile *conf, ConfigEntry *ce)
{
char *path;
ConfigItem_blacklist_module *m;
if (!ce->ce_vardata)
{
config_status("%s:%i: blacklist-module: no module name given to blacklist",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
return -1;
}
path = Module_TransformPath(ce->ce_vardata);
/* Is it a good idea to warn about this?
* Yes, the user may have made a typo, thinking (s)he blacklisted something
* but due to the typo the blacklist-module is not effective.
* No, the user may have blacklisted a bunch of modules of which not all may
* be installed at the time.
* Hmmmmmm.
*/
if (!file_exists(path))
{
config_warn("%s:%i: blacklist-module for '%s' but module does not exist anyway",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata);
/* fallthrough */
}
m = MyMallocEx(sizeof(ConfigItem_blacklist_module));
m->name = strdup(ce->ce_vardata);
AddListItem(m, conf_blacklist_module);
return 0;
}
int is_blacklisted_module(char *name)
{
char *path = Module_TransformPath(name);
ConfigItem_blacklist_module *m;
for (m = conf_blacklist_module; m; m = m->next)
if (!stricmp(m->name, name) || !stricmp(m->name, path))
return 1;
return 0;
}
void start_listeners(void)
{
ConfigItem_listen *listenptr;
+1 -1
View File
@@ -252,7 +252,7 @@ static char *replies[] = {
/* 220 RPL_STATSBLINE */ ":%s 220 %s %c %s %s %s %d %d",
/* 221 RPL_UMODEIS */ ":%s 221 %s %s",
/* 222 RPL_SQLINE_NICK */ ":%s 222 %s %s :%s",
/* 223 RPL_STATSGLINE */ ":%s 223 %s %c %s@%s %li %li %s :%s",
/* 223 RPL_STATSGLINE */ ":%s 223 %s %c %s%s@%s %li %li %s :%s",
/* 224 RPL_STATSTLINE */ ":%s 224 %s T %s %s %s",
/* 225 RPL_STATSELINE */ ":%s 225 %s e %s",
/* 226 RPL_STATSNLINE */ ":%s 226 %s n %s %s",
+85 -2
View File
@@ -74,16 +74,25 @@ typedef struct {
static BanActTable banacttable[] = {
{ BAN_ACT_KILL, 'K', "kill" },
{ BAN_ACT_SOFT_KILL, 'i', "soft-kill" },
{ BAN_ACT_TEMPSHUN, 'S', "tempshun" },
{ BAN_ACT_SOFT_TEMPSHUN,'T', "soft-tempshun" },
{ BAN_ACT_SHUN, 's', "shun" },
{ BAN_ACT_SOFT_SHUN, 'H', "soft-shun" },
{ BAN_ACT_KLINE, 'k', "kline" },
{ BAN_ACT_SOFT_KLINE, 'I', "soft-kline" },
{ BAN_ACT_ZLINE, 'z', "zline" },
{ BAN_ACT_GLINE, 'g', "gline" },
{ BAN_ACT_SOFT_GLINE, 'G', "soft-gline" },
{ BAN_ACT_GZLINE, 'Z', "gzline" },
{ BAN_ACT_BLOCK, 'b', "block" },
{ BAN_ACT_SOFT_BLOCK, 'B', "soft-block" },
{ BAN_ACT_DCCBLOCK, 'd', "dccblock" },
{ BAN_ACT_VIRUSCHAN,'v', "viruschan" },
{ BAN_ACT_SOFT_DCCBLOCK,'D', "soft-dccblock" },
{ BAN_ACT_VIRUSCHAN, 'v', "viruschan" },
{ BAN_ACT_SOFT_VIRUSCHAN,'V', "soft-viruschan" },
{ BAN_ACT_WARN, 'w', "warn" },
{ BAN_ACT_SOFT_WARN, 'W', "soft-warn" },
{ 0, 0, 0 }
};
@@ -793,7 +802,7 @@ int valid_host(char *host)
return 0; /* too long hosts are invalid too */
for (p=host; *p; p++)
if (!isalnum(*p) && (*p != '_') && (*p != '-') && (*p != '.') && (*p != ':'))
if (!isalnum(*p) && (*p != '_') && (*p != '-') && (*p != '.') && (*p != ':') && (*p != '/'))
return 0;
return 1;
@@ -1197,3 +1206,77 @@ int IsWebsocket(aClient *acptr)
return 0; /* websocket module not loaded */
return (MyConnect(acptr) && moddata_client(acptr, md).ptr) ? 1 : 0;
}
extern void send_raw_direct(aClient *user, char *pattern, ...);
/** Generic function to inform the user he/she has been banned.
* @param acptr The affected client.
* @param bantype The ban type, such as: "K-Lined", "G-Lined" or "realname".
* @param reason The specified reason.
* @param global Whether the ban is global (1) or for this server only (0)
* @param noexit Set this to NO_EXIT_CLIENT to make us not call exit_client().
* This is really only needed from the accept code, do not
* use it anywhere else. No really, never.
*
* @notes This function will call exit_client() appropriately.
* @retval Usually FLUSH_BUFFER. In any case: do not touch 'acptr' after
* calling this function!
*/
int banned_client(aClient *acptr, char *bantype, char *reason, int global, int noexit)
{
char buf[512], contactbuf[512];
if (!MyConnect(acptr))
abort(); /* hmm... or be more flexible? */
if (1)
{
snprintf(contactbuf, sizeof(contactbuf), "Email %s for more information.",
(global && GLINE_ADDRESS) ? GLINE_ADDRESS : KLINE_ADDRESS);
}
snprintf(buf, sizeof(buf), "You are not welcome on this %s. %s: %s. %s",
global ? "network" : "server",
bantype,
reason,
contactbuf);
/* This is a bit extensive but we will send both a YOUAREBANNEDCREEP
* and a notice to the user.
* The YOUAREBANNEDCREEP will be helpful for the client since it makes
* clear the user should not quickly reconnect, as (s)he is banned.
* The notice still needs to be there because it stands out well
* at most IRC clients.
*/
if (noexit != NO_EXIT_CLIENT)
{
sendto_one(acptr,":%s %d %s :%s",
me.name, ERR_YOUREBANNEDCREEP,
(*acptr->name ? acptr->name : "*"),
buf);
sendnotice(acptr, "%s", buf);
} else {
send_raw_direct(acptr, ":%s %d %s :%s",
me.name, ERR_YOUREBANNEDCREEP,
(*acptr->name ? acptr->name : "*"),
buf);
send_raw_direct(acptr, ":%s NOTICE %s :%s",
me.name, (*acptr->name ? acptr->name : "*"), buf);
}
/* The final message in the ERROR is shorter. */
if (HIDE_BAN_REASON && IsRegistered(acptr))
snprintf(buf, sizeof(buf), "Banned (%s)", bantype);
else
snprintf(buf, sizeof(buf), "Banned (%s): %s", bantype, reason);
if (noexit != NO_EXIT_CLIENT)
{
return exit_client(acptr, acptr, acptr, buf);
} else {
/* Special handling for direct Z-line code */
send_raw_direct(acptr, "ERROR :Closing Link: [%s] (%s)",
acptr->ip, buf);
return 0;
}
}
+2 -5
View File
@@ -814,11 +814,8 @@ CMD_FUNC(m_rehash)
/*
** m_restart
**
** parv[1] - password *OR* reason if no X:line
** parv[2] - reason for restart (optional & only if X:line exists)
**
** The password is only valid if there is a matching X line in the
** config file. If it is not, then it becomes the
** parv[1] - password *OR* reason if no drpass { } block exists
** parv[2] - reason for restart (optional & only if drpass block exists)
*/
CMD_FUNC(m_restart)
{
-2
View File
@@ -42,8 +42,6 @@
extern ircstats IRCstats;
aConfiguration iConf;
/* Function to return a group of tokens -- codemastr */
void strrangetok(char *in, char *out, char tok, short first, short last) {
int i = 0, tokcount = 0, j = 0;
+52 -4
View File
@@ -75,14 +75,20 @@ int dead_link(aClient *to, char *notice)
DBufClear(&to->local->recvQ);
DBufClear(&to->local->sendQ);
if ((to->flags & FLAGS_DEADSOCKET) && to->local->error_str)
if (to->flags & FLAGS_DEADSOCKET)
return -1; /* already pending to be closed */
to->flags |= FLAGS_DEADSOCKET;
/* We may get here because of the 'CPR' in check_deadsockets().
* In which case, we return -1 as well.
*/
if (to->local->error_str)
return -1; /* don't overwrite & don't send multiple times */
if (!IsPerson(to) && !IsUnknown(to) && !(to->flags & FLAGS_CLOSING))
sendto_umode(UMODE_OPER, "Closing link: %s - %s",
notice, get_client_name(to, FALSE));
sendto_ops_and_log("Link to server %s (%s) closed: %s",
to->name, to->ip?to->ip:"<no-ip>", notice);
Debug((DEBUG_ERROR, "dead_link: %s - %s", notice, get_client_name(to, FALSE)));
to->local->error_str = strdup(notice);
return -1;
@@ -438,7 +444,7 @@ void sendto_chanops_butone(aClient *one, aChannel *chptr, char *pattern, ...)
for (lp = chptr->members; lp; lp = lp->next)
{
acptr = lp->cptr;
if (acptr == one || !(lp->flags & (CHFL_CHANOP|CHFL_CHANOWNER|CHFL_CHANPROT)))
if (acptr == one || !(lp->flags & (CHFL_HALFOP|CHFL_CHANOP|CHFL_CHANOWNER|CHFL_CHANPROT)))
continue; /* ...was the one I should skip
or user not not a channel op */
if (MyConnect(acptr) && IsRegisteredUser(acptr))
@@ -1440,3 +1446,45 @@ va_list vl;
vsendto_one(to, realpattern, vl);
va_end(vl);
}
/** Send raw data directly to socket, bypassing everything.
* Looks like an interesting function to call? NO! STOP!
* Don't use this function. It may only be used by the initial
* Z-Line check via the codepath to banned_client().
* YOU SHOULD NEVER USE THIS FUNCTION.
* If you want to send raw data (without formatting) to a client
* then have a look at sendbufto_one() instead.
*
* Side-effects:
* Too many to list here. Only in the early accept code the
* "if's" and side-effects are under control.
*
* By the way, did I already mention that you SHOULD NOT USE THIS
* FUNCTION? ;)
*/
void send_raw_direct(aClient *user, char *pattern, ...)
{
va_list vl;
int sendlen;
*sendbuf = '\0';
va_start(vl, pattern);
sendlen = vmakebuf_local_withprefix(sendbuf, sizeof sendbuf, user, pattern, vl);
va_end(vl);
(void)send(user->fd, sendbuf, sendlen, 0);
}
/** Send a message to all locally connected IRCOps and log the error.
*/
void sendto_ops_and_log(char *pattern, ...)
{
va_list vl;
char buf[1024];
va_start(vl, pattern);
ircvsnprintf(buf, sizeof(buf), pattern, vl);
va_end(vl);
ircd_log(LOG_ERROR, "%s", buf);
sendto_umode(UMODE_OPER, "%s", buf);
}
+25 -20
View File
@@ -361,6 +361,15 @@ SSL_CTX *init_ctx(SSLOptions *ssloptions, int server)
goto fail;
}
#ifdef SSL_OP_NO_TLSv1_3
if (SSL_CTX_set_ciphersuites(ctx, ssloptions->ciphersuites) == 0)
{
config_warn("Failed to set SSL ciphersuites list");
config_report_ssl_error();
goto fail;
}
#endif
if (!cipher_check(ctx, &errstr))
{
config_warn("There is a problem with your SSL/TLS 'ciphers' configuration setting: %s", errstr);
@@ -384,6 +393,22 @@ SSL_CTX *init_ctx(SSLOptions *ssloptions, int server)
if (server)
{
#if defined(SSL_CTX_set_ecdh_auto)
/* OpenSSL 1.0.x requires us to explicitly turn this on */
SSL_CTX_set_ecdh_auto(ctx, 1);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L
/* Even older versions require require setting a fixed curve.
* NOTE: Don't be confused by the <1.1.x check.
* Yes, it must be there. Do not remove it!
*/
SSL_CTX_set_tmp_ecdh(ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
#else
/* If we end up here we don't have SSL_CTX_set_ecdh_auto
* and we are on OpenSSL 1.1.0 or later. We don't need to
* do anything then, since auto ecdh is the default.
*/
#endif
/* Let's see if we need to (and can) set specific curves */
if (ssloptions->ecdh_curves)
{
#ifdef HAS_SSL_CTX_SET1_CURVES_LIST
@@ -406,21 +431,6 @@ SSL_CTX *init_ctx(SSLOptions *ssloptions, int server)
config_warn("ecdh-curves specified but not supported by library -- BAD!");
config_report_ssl_error();
goto fail;
#endif
} else {
/* Set some good default (note that usually we don't get here
* because ssloptions->ecdh_curves is typically set, either
* via config_setdefaultsettings or by the user).
*/
#if defined(SSL_CTX_set_ecdh_auto)
SSL_CTX_set_ecdh_auto(ctx, 1);
#elif OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_tmp_ecdh(ctx, EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
#else
/* If we end up here we don't have SSL_CTX_set_ecdh_auto
* and we are on OpenSSL 1.1.0 or later. We don't need to
* do anything then, since auto ecdh is the default.
*/
#endif
}
/* We really want the ECDHE/ECDHE to be generated per-session.
@@ -611,11 +621,6 @@ char *ssl_get_cipher(SSL *ssl)
strlcpy(buf, SSL_get_version(ssl), sizeof(buf));
strlcat(buf, "-", sizeof(buf));
strlcat(buf, SSL_get_cipher(ssl), sizeof(buf));
c = SSL_get_current_cipher(ssl);
SSL_CIPHER_get_bits(c, &bits);
strlcat(buf, "-", sizeof(buf));
strlcat(buf, my_itoa(bits), sizeof(buf));
strlcat(buf, "bits", sizeof(buf));
return buf;
}
+1 -1
View File
@@ -4,7 +4,7 @@ echo "Extracting src/version.c..."
#id=`grep '$Id: Changes,v' ../Changes`
#id=`echo $id |sed 's/.* Changes\,v \(.*\) .* Exp .*/\1/'`
id="4.0.18-devel"
id="4.0.19-rc2"
echo "$id"
if test -r version.c
+15 -26
View File
@@ -6,7 +6,7 @@
[Setup]
AppName=UnrealIRCd 4
AppVerName=UnrealIRCd 4.0.18-devel
AppVerName=UnrealIRCd 4.0.19-rc2
AppPublisher=UnrealIRCd Team
AppPublisherURL=https://www.unrealircd.org
AppSupportURL=https://www.unrealircd.org
@@ -71,10 +71,10 @@ Source: "src\modules\extbans\*.dll"; DestDir: "{app}\modules\extbans"; Flags: ig
Source: "src\modules\cap\*.dll"; DestDir: "{app}\modules\cap"; Flags: ignoreversion
Source: "c:\dev\tre\win32\release\tre.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\pcre2\build\release\pcre2-8.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\c-ares\msvc110\cares\dll-release\cares.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\libressl\x86\openssl.exe"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\libressl\x86\*.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\pcre2\bin\pcre*.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\c-ares\msvc\cares\dll-release\cares.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\libressl\bin\openssl.exe"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\libressl\bin\*.dll"; DestDir: "{app}"; Flags: ignoreversion
Source: "c:\dev\setacl.exe"; DestDir: "{app}\tmp"; Flags: ignoreversion
#ifdef USE_CURL
@@ -104,31 +104,20 @@ var
// This is where all starts.
//*********************************************************************************
function InitializeSetup(): Boolean;
var
major: Cardinal;
begin
Result := true;
// This was for Visual Studio 2012:
// if ((not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}'))
// and (not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}'))
// and (not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E7D4E834-93EB-351F-B8FB-82CDAE623003}'))
// and (not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3D6AD258-61EA-35F5-812C-B7A02152996E}'))
// and (not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}'))
// ) then
// This is for Visual Studio 2015:
if ((not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}')) // Visual C++ 2015 Redistributable 14.0.23026
and (not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8FD71E98-EE44-3844-9DAD-9CB0BBBC603C}')) // Visual C++ 2015 Redistributable 14.0.24210
and (not RegKeyExists(HKLM, 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BBF2AC74-720C-3CB3-8291-5E34039232FA}')) // Visual C++ 2015 Redistributable 14.0.24215
) then
if Not RegQueryDWordValue(HKEY_LOCAL_MACHINE, 'SOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\x86', 'Major', major) then
begin
MsgBox('UnrealIRCd requires the Microsoft Visual C++ Redistributable for Visual Studio 2015 to be installed.' #13 +
'After you click OK you will be taken to a download page.' #13 +
'1) Click Download' #13 +
'2) Choose the vcredist x86 version (or both).' #13 +
'3) Download and install.' #13 +
MsgBox('UnrealIRCd requires the Microsoft Visual C++ Redistributable for Visual Studio 2017 to be installed.' #13 +
'After you click OK you will be taken to a download page from Microsoft:' #13 +
'1) Scroll down to the "Visual Studio 2017" section' #13 +
'2) Click on the x86 "vc_redist.x86.exe" to download the installer' #13 +
'3) Run the installer.' #13 + #13 +
'If you are already absolutely sure that you have this package installed then you can skip this step.', mbInformation, MB_OK);
ShellExec('open', 'https://www.microsoft.com/en-us/download/details.aspx?id=48145', '', '', SW_SHOWNORMAL,ewNoWait,ErrorCode);
MsgBox('Click OK once you have installed the Microsoft Visual C++ Redistributable for Visual Studio 2015 (vcredist_x86) to continue the UnrealIRCd installer', mbInformation, MB_OK);
ShellExec('open', 'https://support.microsoft.com/help/2977003/the-latest-supported-visual-c-downloads', '', '', SW_SHOWNORMAL,ewNoWait,ErrorCode);
MsgBox('Your browser was launched. After you have installed the Microsoft Visual C++ Redistributable for Visual Studio 2017 (vc_redist.x86.exe), click OK below to continue the UnrealIRCd installer', mbInformation, MB_OK);
end;
end;