summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* Set certificate expiry to 10 yearsC. McEnroe2020-01-161-2/+2
| | | | | I'm pretty sure any kind of "renewing" of these is going to suck, so just set it long enough that the world will probably be ash by then.
* Allow signing by CA in -gC. McEnroe2020-01-122-4/+49
|
* Clean up documentation for -AC. McEnroe2020-01-121-9/+6
|
* Rename all local-related options to local-C. McEnroe2020-01-122-15/+25
| | | | | | | This disambiguates client-ca and client-pass from client-cert and client-key, which apply to opposite sides of the program. The old option names will continue to work.
* Use the CAP_PREAD rightC. McEnroe2020-01-121-1/+1
| | | | Required for the rewind call when loading the CA.
* Add option to set local client CAC. McEnroe2020-01-125-6/+83
| | | | | | | | | This is a little bit messy. Allows setting either -A or -W or both. Implements SASL EXTERNAL for clients that expect that when connecting with a client certificate. Need to test that reloading still works inside capsicum, since I suspect that rewind call may be blocked.
* Add a vendor capability for passive clientsC. McEnroe2020-01-103-9/+14
| | | | | | This way things like litterbox can do it automatically without having to be configured with a hyphen-prefixed username, which is usually invalid anywhere else.
* Rename -A and -Q to -y and -qC. McEnroe2020-01-072-18/+18
| | | | | | | | | | | The other upper-case options are related to the listening side of things, not the server side, so this is more consistent. This is incompatible, but will fail loudly, and I expect these options are more likely set in a configuration file, if they are set at all. I also want to free up -A for setting a client CA, but assuming your away message is not also an existing file path, that will continue to fail loudly.
* Intercept client QUIT with no parameterC. McEnroe2019-12-281-0/+1
| | | | Oops! Clients could get pounce to quit if they didn't send a message.
* Update source URLC. McEnroe2019-12-241-1/+1
| | | | Oops, thought I did this already.
* Exit on zero-length server readC. McEnroe2019-12-221-0/+1
|
* Revert "Exit when server gets POLLHUP"C. McEnroe2019-12-221-4/+1
| | | | | | | Turns out the more likely thing is that the fd will just continue to be POLLIN and produce zero-length reads. This reverts commit 5707b15920a1ce57f01db0d592487d833218be9d.
* Exit when server gets POLLHUPC. McEnroe2019-12-201-1/+4
| | | | | | This should maybe gracefully inform clients of what happened, but for now this is much better than the infinite poll loop that happened previously.
* Add CONTRIBUTING section to READMEC. McEnroe2019-12-171-1/+9
|
* Don't send self-PMs to the serverC. McEnroe2019-12-082-1/+8
|
* Reference openssl(1) by absolute pathedef2019-11-273-1/+7
| | | | | This still allows using openssl(1) from PATH, but defaults to using ${LIBRESSL_PREFIX}/bin/openssl.
* Simplify Linux.mkC. McEnroe2019-11-271-3/+1
| | | | | This should just be what is definitely necessary, and all distros have their own problems. This works on Void Linux at least.
* Don't always create ${ETCDIR}/rc.dC. McEnroe2019-11-261-1/+1
|
* Link calico with libcrypto on LinuxC. McEnroe2019-11-212-1/+2
| | | | For the strlcpy implementation.
* Fix wordcmp return value when the words have differing lengthsMichael Forney2019-11-211-1/+1
| | | | | | | | | | Otherwise, the result of strncmp gets converted size_t, since size_t has greater rank than int. Since wordcmp is only ever used as a boolean condition, this poses no real issue, but presumably, it is meant to behave like the other *cmp function and return a value less than, equal to, or greater than 0 depending on the result of the comparison.
* Declare globals as extern in headers, and define in source fileMichael Forney2019-11-214-5/+13
| | | | | | | | | | | | | | | Otherwise, each source file that includes the header gets its own definition, and according to the C standard (C99 6.9p5): > If an identifier declared with external linkage is used in an > expression (other than as part of the operand of a sizeof operator > whose result is an integer constant), somewhere in the entire > program there shall be exactly one external definition for the > identifier Most compilers use the .bss section for zero data, but if it uses .data instead, or if -Wl,--warn-common is used, this will cause a linking error.
* Zero temporary SASL PLAIN bufferC. McEnroe2019-11-211-0/+1
|
* Use a static buffer for plainBase64C. McEnroe2019-11-211-11/+7
|
* Use a fixed buffer size for SASL PLAIN authenticationMichael Forney2019-11-211-3/+9
| | | | | | | handleAuthenticate only sends a single AUTHENTICATE message, so according to https://ircv3.net/specs/extensions/sasl-3.1.html, its maximum length is 399. So, we know that the authentication string can be at most 299 bytes.
* Avoid a couple VLAs with constant sizeMichael Forney2019-11-202-6/+4
| | | | These are really just regular arrays masquerading as VLAs.
* client: Include time.h for gmtime and strftimeMichael Forney2019-11-201-0/+1
|
* Use strlcpy for sun_pathsC. McEnroe2019-11-202-3/+3
| | | | | | | | | | | | My understanding is that sun_path need not be nul-terminated, but I didn't notice that SUN_LEN actually requires it. > The length of UNIX-domain address, required by bind(2) and connect(2), > can be calculated by the macro SUN_LEN() defined in <sys/un.h>. The > sun_path field must be terminated by a NUL character to be used with > SUN_LEN(), but the terminating NUL is not part of the address. Thanks to Duncan Overbruck <mail@duncano.de> for the report.
* Format milliseconds as intC. McEnroe2019-11-201-3/+2
| | | | | I don't know what I was thinking. I'm expecting a number less than 1000 of course that fits in int.
* Mention the name CertFP in SASL EXTERNAL guideC. McEnroe2019-11-181-1/+1
|
* Document accept and exit behaviorC. McEnroe2019-11-181-0/+8
|
* Remove ISUPPORT draft referenceC. McEnroe2019-11-181-11/+0
| | | | | I don't actually deal with it at all other than storing them for syncing clients.
* Document inadvertent echo bugC. McEnroe2019-11-181-1/+7
|
* Request NAMES on sync by defaultC. McEnroe2019-11-154-9/+11
| | | | This inverts the meaning of -N!
* Add concept of passive clientsC. McEnroe2019-11-142-3/+13
|
* Save and load full struct timevalC. McEnroe2019-11-141-12/+27
|
* Use struct timeval for sub-second precisionC. McEnroe2019-11-143-17/+21
|
* Remove server-time filter TODOC. McEnroe2019-11-141-1/+0
| | | | | I think it's fine to keep it separate since it's a core function of the bouncer.
* Tweak filter regexesC. McEnroe2019-11-141-3/+3
|
* Filter multi-prefixC. McEnroe2019-11-143-2/+25
|
* Replace filters with regex replacesC. McEnroe2019-11-141-32/+43
|
* Refactor filterUserhostInNamesC. McEnroe2019-11-131-24/+25
|
* Factor out wordcpy for filtersC. McEnroe2019-11-131-11/+21
|
* Revert "Test getopt_config"C. McEnroe2019-11-113-61/+1
| | | | | | This reverts commit c8a771828e1d5fc8c476bbd650fafcfb7ba390a8. It just feels gross... idk.
* Test getopt_configC. McEnroe2019-11-113-1/+61
|
* Add userhost-in-names to manualC. McEnroe2019-11-111-2/+3
|
* Skip initial NAMES parametersC. McEnroe2019-11-111-2/+9
| | | | | | | Channel names can contain '!' so splitting the whole message on it won't work. I hate this code though.
* Filter userhost-in-namesC. McEnroe2019-11-112-0/+18
| | | | I really want to be writing tests for these functions...
* Compare words without copying in filtersC. McEnroe2019-11-101-12/+13
|
* Separate tags from all targetC. McEnroe2019-11-101-1/+3
|
* Filter invite-notifyC. McEnroe2019-11-104-11/+23
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-10-05 22:44:50 +0000