Januar 2012 - ngIRCd GIT Updates

Alexander Barton : ISON command: reply with correct upper-/ lowercase nick names
by alex＠arthur.barton.de 02 Jan '12

02 Jan '12

Module: ngircd.git Branch: master Commit: af13732ec7bb09c9e1bc942a355990ab2767eca7 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=af13732e… Author: Alexander Barton <alex(a)barton.de> Date: Mon Jan 2 15:06:44 2012 +0100 ISON command: reply with correct upper-/lowercase nick names Reported by Cahata -- thanks! --- src/ngircd/irc-info.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c index 48000ba..092ca0a 100644 --- a/src/ngircd/irc-info.c +++ b/src/ngircd/irc-info.c @@ -188,7 +188,7 @@ IRC_ISON( CLIENT *Client, REQUEST *Req ) ngt_TrimStr(ptr); c = Client_Search(ptr); if (c && Client_Type(c) == CLIENT_USER) { - strlcat(rpl, ptr, sizeof(rpl)); + strlcat(rpl, Client_ID(c), sizeof(rpl)); strlcat(rpl, " ", sizeof(rpl)); } ptr = strtok(NULL, " ");

1 0

Alexander Barton : Remove unused "bool have_arg" from IRC_WHO()
by alex＠arthur.barton.de 02 Jan '12

02 Jan '12

Module: ngircd.git Branch: master Commit: f47904bf954696803c0df8e756a57a3dabaa8845 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=f47904bf… Author: Alexander Barton <alex(a)barton.de> Date: Mon Jan 2 00:56:31 2012 +0100 Remove unused "bool have_arg" from IRC_WHO() This fixes: irc-info.c: In function ‘IRC_WHO’: irc-info:936:18: warning: variable ‘have_arg’ set but not used --- src/ngircd/irc-info.c | 3 +-- 1 files changed, 1 insertions(+), 2 deletions(-) diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c index 84ba9d9..ebb7be4 100644 --- a/src/ngircd/irc-info.c +++ b/src/ngircd/irc-info.c @@ -933,7 +933,7 @@ IRC_WHO_Mask(CLIENT *Client, char *Mask, bool OnlyOps) GLOBAL bool IRC_WHO(CLIENT *Client, REQUEST *Req) { - bool only_ops, have_arg; + bool only_ops; CHANNEL *chan; assert (Client != NULL); @@ -944,7 +944,6 @@ IRC_WHO(CLIENT *Client, REQUEST *Req) Client_ID(Client), Req->command); only_ops = false; - have_arg = false; if (Req->argc == 2) { if (strcmp(Req->argv[1], "o") == 0)

1 0

Alexander Barton : Update NEWS and ChangeLog for next ngIRCd release
by alex＠arthur.barton.de 01 Jan '12

01 Jan '12

Module: ngircd.git Branch: master Commit: 70eb8219f526a7c3cbcab54e97733572ac16e50d URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=70eb8219… Author: Alexander Barton <alex(a)barton.de> Date: Sun Jan 1 23:14:28 2012 +0100 Update NEWS and ChangeLog for next ngIRCd release --- ChangeLog | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ NEWS | 44 ++++++++++++++++++++++++++++++++++++ 2 files changed, 117 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae2abe2..e7cbcdd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,79 @@ -- ChangeLog -- +ngIRCd Release 19 + + - New configuration option "PAMIsOptional": when set, clients not + sending a password are still allowed to connect: they won't become + "identified" and keep the "~" character prepended to their supplied + user name. See "man 5 ngircd.conf" for details. + - Fixed handling of WHO commands. This fixes two bugs: "WHO <nick>" + returned nothing at all if the user was "+i" (reported by Cahata, + thanks) and "WHO <nick|nickmask>" returned channel names instead + of "*" when the user was member of a (visible) channel. + - Fixed some spelling errors in documentation and code comments + (Thanks to Christoph Biedl). + - contrib/Debian/control: Update and complete "Build-Depends" and + update our Debian package descriptions with "official" ones. + - Fixed typo in two error messages. + - LUSERS reply: only count channels that are visible to the requesting + client, so the existence of secret channels is no longer revealed by + using LUSERS. Reported by Cahata, thanks! + - Unknown user and channel modes no longer stop the mode parser, but + are simply ignored. Therefore modes after the unknown one are now + handled. This is how ircd2.10/ircd2.11/ircd-seven behave, at least. + Reported by Cahata, thanks! + - README: Update list of implemented commands. + - Log better error messages when rejecting clients. + - Implement IRC commands "GLINE" and "KLINE" to ban users. G-Lines are + synchronized between server on peering, K-Lines are local only. + - Xcode: update project file for Xcode 4.2 and define HAVE_GAI_STRERROR + for Mac OS X Xcode builds. + - ./configure: Fix logic and quoting of poll() detection code: only use + poll() when poll.h exists as well. + - Suppress 'Can't create pre-defined channel: invalid name: ""' message. + - whois-test: handle local hostname = "localhost.localdomain" using the + pattern "localhost*" for valid local hostnames. + - sample-ngircd.conf: show correct default for "PAM" variable: The + default of "PAM" is "yes" when ngIRCd has been configured to use it, + so show the correct default value in the sample configuration file. + (Closes #119) + - Update GPL 2 license text to current version. + - Only close "unrelated" sockets in forked child processes: This fixes + the problem that ngIRCd can't do any IDENT lookups because of the + socket has already been closed in the child process. + The bug has been introduced starting with ngIRCd 17 ... :-( + (commit ID 6ebb31ab35e) + - Added doc/Modes.txt: document modes supported by ngIRCd. + - Implement user mode "R": indicates that the nick name of this user + is "registered". This mode isn't handled by ngIRCd itself, but must + be set and unset by IRC services like Anope. + - Implement channel mode "R": only registered users (having the user + mode "R" set) are allowed to join this channel. + - Test suite: bind to loopback (127.0.0.1) interface only. + - New 2nd message "Nickname too long" for error code 432. + - Xcode: Mac OS X config.h: support 10.5 as well as 10.6/10.7 SDK. + - Xcode: exclude more Xcode 4 specific directories in ".gitignore". + - Disconnect directly linked servers sending QUIT. Without this, + the server becomes removed from the network and the client list, + but the connection isn't shut down at all ... + - contrib/ngindent: detect "gindent" as GNU indent. + - Handle unknown user and channel modes: these modes are saved and + forwarded to other servers, but ignored otherwise. + - Handle channel user modes 'a', 'h', and 'q' from remote servers. + These channel user modes aren't used for anything at the moment, + but ngIRCd knows that these three modes are "channel user modes" + and not "channel modes", that is that these modes take an "nick name" + argument. Like unknown user and channel modes, these modes are saved + and forwarded to other servers, but ignored otherwise. + - Correctly inform clients when other servers change their user modes. + This is required for some services to work correctly. + - Test suite: make getpid.sh work even when run as root. + - Spoofed prefixes: close connection on non-server links only. + On server-links, spoofed prefixes can happen because of the + asynchronous nature of the IRC protocol. So don't break server- + links, only log a message and ignore the command. (Closes #113) + ngIRCd Release 18 (2011-07-10) - Update timestamp of ngircd(8) manual page. diff --git a/NEWS b/NEWS index 9365ec6..3a8d1c5 100644 --- a/NEWS +++ b/NEWS @@ -8,6 +8,50 @@ -- NEWS -- +ngIRCd Release 19 + + - New configuration option "PAMIsOptional": when set, clients not + sending a password are still allowed to connect: they won't become + "identified" and keep the "~" character prepended to their supplied + user name. See "man 5 ngircd.conf" for details. + - Fixed handling of WHO commands. This fixes two bugs: "WHO <nick>" + returned nothing at all if the user was "+i" (reported by Cahata, + thanks) and "WHO <nick|nickmask>" returned channel names instead + of "*" when the user was member of a (visible) channel. + - LUSERS reply: only count channels that are visible to the requesting + client, so the existence of secret channels is no longer revealed by + using LUSERS. Reported by Cahata, thanks! + - Unknown user and channel modes no longer stop the mode parser, but + are simply ignored. Therefore modes after the unknown one are now + handled. This is how ircd2.10/ircd2.11/ircd-seven behave, at least. + Reported by Cahata, thanks! + - Implement IRC commands "GLINE" and "KLINE" to ban users. G-Lines are + synchronized between server on peering, K-Lines are local only. + - Xcode: update project file for Xcode 4.2. + - Only close "unrelated" sockets in forked child processes: This fixes + the problem that ngIRCd can't do any IDENT lookups because of the + socket has already been closed in the child process. + The bug has been introduced starting with ngIRCd 17 ... :-( + (commit ID 6ebb31ab35e) + - Added doc/Modes.txt: document modes supported by ngIRCd. + - Implement user mode "R": indicates that the nick name of this user + is "registered". This mode isn't handled by ngIRCd itself, but must + be set and unset by IRC services like Anope. + - Implement channel mode "R": only registered users (having the user + mode "R" set) are allowed to join this channel. + - Test suite: bind to loopback (127.0.0.1) interface only. + - Disconnect directly linked servers sending QUIT. Without this, + the server becomes removed from the network and the client list, + but the connection isn't shut down at all ... + - Handle unknown user and channel modes: these modes are saved and + forwarded to other servers, but ignored otherwise. + - Handle channel user modes 'a', 'h', and 'q' from remote servers. + These channel user modes aren't used for anything at the moment, + but ngIRCd knows that these three modes are "channel user modes" + and not "channel modes", that is that these modes take an "nick name" + argument. Like unknown user and channel modes, these modes are saved + and forwarded to other servers, but ignored otherwise. + ngIRCd Release 18 (2011-07-10) - Add preliminary ngIRCd protocol module for Anope 1.9 to contrib/Anope/.

1 0

Alexander Barton : ngircd.conf.5: reword description of "Ports" variable
by alex＠arthur.barton.de 01 Jan '12

01 Jan '12

Module: ngircd.git Branch: master Commit: 9e5b9ddad03d77c036824bd17a133a2ad3b1e974 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=9e5b9dda… Author: Alexander Barton <alex(a)barton.de> Date: Sun Jan 1 17:39:07 2012 +0100 ngircd.conf.5: reword description of "Ports" variable --- man/ngircd.conf.5.tmpl | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-) diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 59d31a3..236883e 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -132,9 +132,8 @@ the pidfile resides in must be writable by the ngIRCd user and exist in the chroot directory (if configured, see above). .TP \fBPorts\fR (list of numbers) -Ports on which the server should listen. There may be more than one port, -separated with commas (","). Default: 6667, unless \fBSSL_Ports\fR are also -specified. +Ports on which the server should listen for unencrypted connections. There +may be more than one port, separated with commas (","). Default: 6667. .TP \fBServerGID\fR (string or number) Group ID under which the ngIRCd should run; you can use the name of the

1 0

Alexander Barton : New configuration option "PAMIsOptional"
by alex＠arthur.barton.de 01 Jan '12

01 Jan '12

Module: ngircd.git Branch: master Commit: 56b7e67307c1be110eaa4e84681bca03df21bd69 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=56b7e673… Author: Alexander Barton <alex(a)barton.de> Date: Sun Jan 1 17:12:36 2012 +0100 New configuration option "PAMIsOptional" When "PAMIsOptional" is set, clients not sending a password are still allowed to connect: they won't become "identified" and keep the "~" character prepended to their supplied user name. --- doc/sample-ngircd.conf.tmpl | 17 +++++++++++++++++ man/ngircd.conf.5.tmpl | 17 +++++++++++++++++ src/ngircd/conf.c | 6 ++++++ src/ngircd/conf.h | 3 +++ src/ngircd/irc-login.c | 9 +++++++++ 5 files changed, 52 insertions(+), 0 deletions(-) diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 26103a7..f696dc6 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -140,6 +140,8 @@ ;DNS = yes # Do IDENT lookups if ngIRCd has been compiled with support for it. + # Users identified using IDENT are registered without the "~" character + # prepended to their user name. ;Ident = yes # Enhance user privacy slightly (useful for IRC server on TOR or I2P) @@ -160,8 +162,23 @@ ;OperServerMode = no # Use PAM if ngIRCd has been compiled with support for it. + # Users identified using PAM are registered without the "~" character + # prepended to their user name. ;PAM = yes + # When PAM is enabled, all clients are required to be authenticated + # using PAM; connecting to the server without successful PAM + # authentication isn't possible. + # If this option is set, clients not sending a password are still + # allowed to connect: they won't become "identified" and keep the "~" + # character prepended to their supplied user name. + # Please note: To make some use of this behavior, it most probably + # isn't useful to enable "Ident", "PAM" and "PAMIsOptional" at the + # same time, because you wouldn't be able to distinguish between + # Ident'ified and PAM-authenticated users: both don't have a "~" + # character prepended to their respective user names! + ;PAMIsOptional = no + # Allow Pre-Defined Channels only (see Section [Channels]) ;PredefChannelsOnly = no diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 38ac40b..59d31a3 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -244,6 +244,8 @@ Default: yes. \fBIdent\fR (boolean) If ngIRCd is compiled with IDENT support this can be used to disable IDENT lookups at run time. +Users identified using IDENT are registered without the "~" character +prepended to their user name. Default: yes. .TP \fBMorePrivacy\fR (boolean) @@ -274,8 +276,23 @@ only enable it if you have ircd-irc2 servers in your IRC network. If ngIRCd is compiled with PAM support this can be used to disable all calls to the PAM library at runtime; all users connecting without password are allowed to connect, all passwords given will fail. +Users identified using PAM are registered without the "~" character +prepended to their user name. Default: yes. .TP +\fBPAMIsOptional\fR (boolean) +When PAM is enabled, all clients are required to be authenticated using PAM; +connecting to the server without successful PAM authentication isn't possible. +If this option is set, clients not sending a password are still allowed to +connect: they won't become "identified" and keep the "~" character prepended +to their supplied user name. +Please note: +To make some use of this behavior, it most probably isn't useful to enable +"Ident", "PAM" and "PAMIsOptional" at the same time, because you wouldn't be +able to distinguish between Ident'ified and PAM-authenticated users: both +don't have a "~" character prepended to their respective user names! +Default: no. +.TP \fBPredefChannelsOnly\fR (boolean) If enabled, no new channels can be created. Useful if you do not want to have other channels than those defined in [Channel] sections in the configuration diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index b930b6c..b0c7fb4 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -373,6 +373,7 @@ Conf_Test( void ) printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); #ifdef PAM printf(" PAM = %s\n", yesno_to_str(Conf_PAM)); + printf(" PAMIsOptional = %s\n", yesno_to_str(Conf_PAMIsOptional)); #endif printf(" PredefChannelsOnly = %s\n", yesno_to_str(Conf_PredefChannelsOnly)); #ifndef STRICT_RFC @@ -697,6 +698,7 @@ Set_Defaults(bool InitServers) #else Conf_PAM = false; #endif + Conf_PAMIsOptional = false; Conf_PredefChannelsOnly = false; #ifdef SYSLOG Conf_ScrubCTCP = false; @@ -1500,6 +1502,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) WarnPAM(Line); return; } + if (strcasecmp(Var, "PAMIsOptional") == 0 ) { + Conf_PAMIsOptional = Check_ArgIsTrue(Arg); + return; + } if (strcasecmp(Var, "PredefChannelsOnly") == 0) { Conf_PredefChannelsOnly = Check_ArgIsTrue(Arg); return; diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 5a6fff8..be19afc 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -184,6 +184,9 @@ GLOBAL bool Conf_NoticeAuth; /** Enable all usage of PAM, even when compiled with support for it */ GLOBAL bool Conf_PAM; +/** Don't require all clients to send a password an to be PAM authenticated */ +GLOBAL bool Conf_PAMIsOptional; + /** Disable all CTCP commands except for /me ? */ GLOBAL bool Conf_ScrubCTCP; diff --git a/src/ngircd/irc-login.c b/src/ngircd/irc-login.c index 8d82160..bbb2f0d 100644 --- a/src/ngircd/irc-login.c +++ b/src/ngircd/irc-login.c @@ -949,6 +949,15 @@ Hello_User(CLIENT * Client) return DISCONNECTED; } + if (Conf_PAMIsOptional && strcmp(Client_Password(Client), "") == 0) { + /* Clients are not required to send a password and to be PAM- + * authenticated at all. If not, they won't become "identified" + * and keep the "~" in their supplied user name. + * Therefore it is sensible to either set Conf_PAMisOptional or + * to enable IDENT lookups -- not both. */ + return Hello_User_PostAuth(Client); + } + /* Fork child process for PAM authentication; and make sure that the * process timeout is set higher than the login timeout! */ pid = Proc_Fork(Conn_GetProcStat(conn), pipefd,

1 0