Add SVSCTRL command to let services control services join requests and configuration files#94
Closed
kobishmueli wants to merge 96 commits intoDALnet:masterfrom
Closed
Add SVSCTRL command to let services control services join requests and configuration files#94kobishmueli wants to merge 96 commits intoDALnet:masterfrom
kobishmueli wants to merge 96 commits intoDALnet:masterfrom
Conversation
Allow bahamut to be compiled against OpenSSL versions >= 1.1.0
Increase MAXBANS from 200 to 500 per user requests, admin discussion …
Let server admins (and u:lined servers) see more info with /info
* fixing comments * install and run autoconf * run autoconf as part of before script section * test with trusty and sudo * install autoconf from apt * run autoreconf instead * install libtool and automake * run automake to add missing files * do not run make test for now * skip install test, notify via IRC * do not use automake, install shtool instead * generate script to run autotools from
…ld conversion specifier (#32)
* Added USER_HOSTMASKING definition to include/config.h. * Added UMODE +H. When enabled, the user's host will be masked. This umode is enabled by default if user host-masking support is defined. -Kobi. * Added the foundation for user host-masking support. * Added user host-masking support to WHOIS (opers can still see the real host/ip). * Added user host-masking support to USERHOST. Notes: - Users can see their own real hosts (to prevent DCC issues on some clients). - Opers can see real hosts for everyone. -Kobi. * Added user host-masking support to WHOWAS (opers can still see the real host/IP). * Changed SVSHOST to use mhost and propgate it on server connects. * Added user host-masking support to channel bans/invites/exempts. * Added user host-masking support to STATS l & p. * Added user host-masking support to WHO. * Added user host-masking support to WATCH. * Added user host-masking support for a few src/send.c functions: - prefix_buffer() - send_quit_to_common_channels() - send_part_to_common_channels() - sendto_prefix_one() - vsendto_prefix_one() -Kobi. * typo fix! * Made WATCH L respect umode +H and mask the user's host if needed. * Made KILL respect umode +H and mask the user's host if needed. * Made DCCALLOW LIST respect umode +H and mask the user's host if needed. * Added module hook for WHOIS. * Added SVSUHM command to let services control what user host-masking type we are using. * A few user host-masking related changes: - Added module hook for masking hosts. - Made mask_host() call the maskhost hook. - Made mask_host() use uhm_type. - Changed do_user() to only set & allow UMODE_H if uhm_type is defined. - Changed m_umode() to only allow umode +H if uhm_type is defined. -Kobi. * Updated version.c.SH (Kobi --> Kobi_S & added RuneB). * Added WHO +R to let opers choose if they want to see real hosts or not. * Don't let non-opers see the real hosts/IPs for masked users with TRACE. * Changed check_dccsend() to show the masked host/IP for umode +H users. * Added USER_HOSTMASKING define checks to src/channel.c. * Added USER_HOSTMASKING define checks to src/s_user.c. * Added USER_HOSTMASKING define check to src/m_stats.c. * Oops, typo fix. * Added skill to version.c.SH. * Let's only mask the host if the masking module returned 1 (Success). -Kobi. * Changed call_hooks()'s logic when handling hostmasking modules. Possible results by the module: 1 = Success, the host has been masked (so don't try other modules). 0 = Failure, the host wasn't masked but try other modules (maybe they will mask the host). -2 (FLUSH_BUFFER) = Failure, the host wasn't masked but *don't* try other modules. -Kobi. * Added defines for the user host-masking module's hooking results.
* Exempt IRC Operators from the auditorium mode (cmode +A). (requested by toolman) -Kobi. * Don't exempt IRC Operators from not being able to talk on auditorium channels (cmode +A), just let them see all users/joins/parts/mode changes.
When auditorium mode is set and someone is opped or voiced, their client will start to see messages from previously hidden clients and could get confused about which window those messages should go to. Fix this by sending a set of fake KICK/JOIN/NAMES messages to the newly opped/voiced client to update the client's idea of who is in the channel.
…h /mode #channel from outside the channel in addition to +l. (#45)
* Fix modern compiler warnings and possible buffer overflows * Need to load the full certificate chain for validation to work properly * Allow kill -HUP to refresh SSL certificates; add more sanity checking to rehashing SSL to ensure the certificate files still exist on disk and that the certificate belongs to the private key; do not actually swap out the SSL CTX unless all checks pass
Extended channel flags will be controlled by servics via the SVSXCF command. Settings: JOIN_CONNECT_TIME - Number of seconds the user must be online to be able to join TALK_CONNECT_TIME - Number of seconds the user must be online to be able to talk on the channel TALK_JOIN_TIME - Number of seconds the user must be on the channel to be able to tlak on the channel MAX_BANS - Will let us increase the ban limit for specific channels 1/0 (on/off) options: NO_NOTICE - no notices can be sent to the channel (on/off) NO_CTCP - no ctcps can be sent to the channel (on/off) NO_PART_MSG - no /part messages (on/off) NO_QUIT_MSG - no /quit messages (on/off) EXEMPT_OPPED - exempt opped users (on/off) EXEMPT_VOICED - exempt voiced users (on/off) EXEMPT_IDENTD - exempt users with identd (on/off) EXEMPT_REGISTERED - exempt users with umode +r (on/off) EXEMPT_INVITES - exempt users who are +I'ed (on/off) Special option: GREETMSG - A message that will be sent when a user joins the channel DEFAULT - Reset the channel flags back to the default values -Kobi.
* Add SpamFilter feature. This IRCd feature (which is controlled by services) will allow us to block & autokill spambots and floodbots. Users will be able to opt-out from this feature with UMODE +P and CMODE +P. -Kobi. * Bug fix for the PCRE regex check (thanks RuneB!) * Made SpamFilter KB/Help URL a config option. * Change pcre's MyFree() call to pcre_free() since we're not using MyMalloc() and add a missing pcre_free() call (thanks RuneB!). * Add the ability to disable SPAMFILTER. This is to allow other networks who use bahamut to disable the spam filter feature if they wish. -Kobi. * Cosmetic change to the spamfilter warning message.
* Update opers.txt Added notation regarding the +I hidden oper mode, usually only available by define'ing in config.h. Most probably don't know it exists. * Update opers.txt * Added +H and +P usermodes Additionally reformatted things a bit, reworded things, overall looks cleaner. * Date reordered Sorry Kobi, I didn't even realize that.
* Updated changes for 2.1.0 release Still needs some content for help. * Updating patch level to 2.1.0 * More updates for 2.1.0. * Fixed a broken merge (SVSXCF). * Added missing extern. * Updated version.c.SH (cosmetic fix). * More updates for 2.1.0. * Updated MODULE_INTERFACE_VERSION. * Fixes for masked opers as they're already masked anyway. * Let's make sure m_quit() will only check real users. Currently, QUIT from un-registered clients (before NICK & USER) can crash the server because we're checking sptr->user->channels and sptr->user doesn't exist. -Kobi.
* Code cleanup (STAT_MASTER) Remove useless STAT_MASTER code that isn't even used. -Kobi. * Propagate errors to other servers This will make m_error() messages propagate to other servers and all +n opers will be able to see them. -Kobi. * Log config errors to syslog (if USE_SYSLOG is defined) * Propagate wrong link password error messages to other servers * Fix two compile warnings
* Remove extraneous RSA, DSA, ECDSA, and EVP compatibility functions that are not used by bahamut and were causing compilation issues with older OpenSSL libraries. * DEFAULT_OPER_SPAMFILTER_DISABLED - default your opers to +P, which disables spamfilter checking. This is strongly recommended so that users can report potential spam.
…at are not used by bahamut and were causing compilation issues with older OpenSSL libraries. (#57)
Current m_rehash is now local_rehash. The new m_rehash determines what to do with the rehash command it has received, then either passes it to local_rehash or passes it on to the target server. To use remote rehash, the user on the local server must have access to the rehash command on the server the user is on. For the target server, the ircd.conf option "allow_remote_rehash" must be enabled. - Holbrook
* Add nick!user@host to the spamfilter warnings This will make it easier for our mass akill scripts. -Kobi. * Cosmetic changes to the spamfilter warning The warning will now say if the spammer was blocked, akilled or blocked+akilled. -Kobi.
* Add nick!user@host to the spamfilter warnings This will make it easier for our mass akill scripts. -Kobi. * Cosmetic changes to the spamfilter warning The warning will now say if the spammer was blocked, akilled or blocked+akilled. -Kobi. * Add MAX_INVITES XCF This will let us increase the maximum invite list for specific channels. The use case is regional channels that want to +I their region/country's IPs and use it in combination with cmode +R. * Add HIDE_MODE_LISTS XCF This will let us hide /mode #channel +b/+I/+e lists from non-ops. There are a few use cases for this (especially when the list limits are increased for channels that are being regularly flooded): 1. Prevent users from disconnecting themselves for "SendQ Exceeded". 2. Prevent abusers from flooding the server with it. 3. Prevent abusers from knowing our flood-control exemption lists. * Add USER_VERBOSE XCF When enabled, the server will alert #channel-relay about failed commands due to channel modes or xflags. This feature was suggested by Sara_Ks. * Add OPER_VERBOSE XCF When enabled, the server will alert +f opers about failed commands due to channel modes or xflags. Similar to USER_VERBOSE but will combine all "relay channels" to one place for opers and will show the user's real hostname even if they have user host-masking enabled. * Add FLOODWARN module hook CHOOK_FLOODWARN is called during flood warnings to opers. Params: 5: (aClient *source, aChannel *channel, int type, char *cmd, char *reason) Returns: int (FLUSH_BUFFER would prevent the normal message from being sent) * Don't verbose opers about +j failed joins They will be getting these warnings from the throttles anyway.
…tall the modules properly. (#63)
A few fixes for Bahamut 2.1.4
…ashes by SSL users
Fix a security bug on readwrite_client() that could lead to server crashes by SSL users
1. If $HOME/openssl exists - we'll use it. 2. We'll add -Wl,-rpath,/path/to/openssl/lib to SSL_LDFLAGS so our binaries will be statically linked to the local openssl libs. -Kobi.
Let's check for local openssl installation first & rpath it too
Typo correction
Spelling correction to rehash notification
…d configuration files To enable services join requests, services will send: SVSCTRL server.dal.net SJR 1 To disable services join requests, services will send: SVSCTRL server.dal.net SJR 0 (server.dal.net can be replaced by * to send it to all servers) To get the list of supported configuration files, services will send: SVSCTRL server.dal.net CONF STATUS * The server will reply: PRIVMSG <sender> :CONF STATUS <file1> <file-size> <modified-time> <md5-sha> PRIVMSG <sender> :CONF STATUS <file2> <file-size> <modified-time> <md5-sha> PRIVMSG <sender> :CONF STATUS <file3> <file-size> <modified-time> <md5-sha> To get the status of ircd.conf, services will send: SVSCTRL server.dal.net CONF STATUS ircd.conf The server will reply: PRIVMSG <sender> :CONF STATUS ircd.conf <file-size> <modified-time> <md5-sha> To get the ircd.conf file from the server, services will send: SVSCTRL server.dal.net CONF READ ircd.conf The server will send: PRIVMSG <sender> :CONF <file> SOF <file-size> <modified-time> PRIVMSG <sender> :CONF <file> <line-number> :<line-text> PRIVMSG <sender> :CONF <file> EOF <number-of-lines> <file-size> <md5-sha> To update the ircd.conf file, services will send: SVSCTRL server.dal.net CONF WRITE ircd.conf SOF SVSCTRL server.dal.net CONF WRITE ircd.conf <line-number> :<line-text> SVSCTRL server.dal.net CONF WRITE ircd.conf EOF <number-of-lines> <file-size> <md5-sha> The server will reply: PRIVMSG <sender> :CONF WRITE ircd.conf EOF OK or: PRIVMSG <sender> :CONF WRITE ircd.conf EOF ERROR :<reason> -Kobi.
Contributor
|
Interesting. Lots to digest here. How has testing gone for this? |
Member
Author
I did a few quick sanity checks on the testnet for it, i.e.:
It looks fine but I will do more tests once stats.* will support it :) -Kobi. |
Contributor
|
Great! I will hold off merging until you have |
Contributor
|
Is this still needed? |
Member
Author
Yes, I reviewed it again and did a few more sanity checks and it looks fine. -Kobi. |
rscs
reviewed
Apr 25, 2020
Comment on lines
+1311
to
+1319
| sendto_one(sptr, ":%s PRIVMSG %s :CONF %s SOF %ld %ld", me.name, parv[0], fn, sb.st_size, sb.st_mtime); | ||
| while(fgets(line, BUFSIZE, f) != NULL) | ||
| { | ||
| while((tmp = strchr(line,'\r'))) *tmp = '\0'; | ||
| while((tmp = strchr(line,'\n'))) *tmp = '\0'; | ||
| line_counter++; | ||
| sendto_one(sptr, ":%s PRIVMSG %s :CONF %s %d :%s", me.name, parv[0], fn, line_counter, line); | ||
| } | ||
| sendto_one(sptr, ":%s PRIVMSG %s :CONF %s EOF %d %ld %s", me.name, parv[0], fn, line_counter, sb.st_size, md5file(fn)); |
Contributor
There was a problem hiding this comment.
I think all of the replies for reading should have the "READ" parameter before the file name to be consistent with the rest of the system
:%s PRIVMSG %s :CONF READ %s SOF %ld %d instead of :%s PRIVMSG %s :CONF %s SOF %ld %ld
The same for the line replies and the EOF reply.
Contributor
|
Some conflicts that need to be resolved, can you please check? |
|
Stale pull request message |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
To enable services join requests, services will send:
SVSCTRL server.dal.net SJR 1To disable services join requests, services will send:
SVSCTRL server.dal.net SJR 0(server.dal.net can be replaced by * to send it to all servers)
To get the list of supported configuration files, services will send:
SVSCTRL server.dal.net CONF STATUS *The server will reply:
To get the status of ircd.conf, services will send:
SVSCTRL server.dal.net CONF STATUS ircd.confThe server will reply:
PRIVMSG <sender> :CONF STATUS ircd.conf <file-size> <modified-time> <md5-sha>To get the ircd.conf file from the server, services will send:
SVSCTRL server.dal.net CONF READ ircd.confThe server will send:
To update the ircd.conf file, services will send:
The server will reply:
PRIVMSG <sender> :CONF WRITE ircd.conf EOF OKor:
PRIVMSG <sender> :CONF WRITE ircd.conf EOF ERROR :<reason>-Kobi.