summary refs log tree commit diff
Commit message (Collapse)AuthorAge
* OpenBSD: Drop now unneeded promise from initial pledgeKlemens Nanni2021-06-10
| | | | | | | Both ssl(8) as well as ncurses(3) related files are now read completely by the time of ircConfig() and uiInitEarly() respectively, so read access to the filesystem is no longer needed at all unless the "log" or "save" options are used.
* OpenBSD: Remove now obsolete unveil codeKlemens Nanni2021-06-10
| | | | | | | | | | | Previous tls_default_ca_cert_file(3) hoisting makes this possible: all TLS related files are fully loaded into memory by ircConfig() such that ircConnect() will not do any file I/O. Call ircConfig() before pledge(2) in the `-o' "print cert" case so this works out -- that order should have been preserved in the previous a989e15 "OpenBSD: hoist -o/printCert code to simplify" but fixing it now nicely demonstrates the achivement even more so.
* Hoist loading default root certificates into ircConfig()Klemens Nanni2021-06-10
| | | | | | | | | | | | | | | | tls_connect_socket(3) in ircConnect() does that by default already unless tls_config_set_ca_file(3) was used. Loading CA certificates before connecting makes no practical difference except on OpenBSD where this allows for tighter unveil und pledge setups now that all required (TLS related) file I/O is finished by the time ircConnect() gets to do network I/O. In case of the hidden `-!' insecure flag which is implied by `-o' to print server certificates and exit, loading root certificates is not required at all; likewise, using explicit self signed server certificates will not involve certificate authorities either, hence load them only if needed.
* Avoid creating out-of-bounds pointer when checking for seprintf truncationMichael Forney2021-06-09
| | | | | | | It is technically undefined behavior (see C11 6.5.6p8) to construct a pointer more than one past the end of an array. To prevent this, compare n with the remaining space in the array before adding to ptr.
* Remove catfJune McEnroe2021-06-09
|
* Replace catf with seprintfJune McEnroe2021-06-09
|
* Add seprintfJune McEnroe2021-06-09
| | | | | | | | | Based on seprint(2) from Plan 9. I'm not sure if my return value exactly matches Plan 9's in the case of truncation. seprint(2) is described only as returning a pointer to the terminating '\0', but if it does so even in the case of truncation, it is awkward for the caller to detect. This implementation returns end in the truncation case, so that (ptr == end) indicates truncation.
* OpenBSD: pledge minimum promises from the startKlemens Nanni2021-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | catgirl needs: - "stdio tty" at all times - "rpath inet dns" once at startup for terminfo(5) and ssl(8) - "proc exec" iff -R/restrict options is disabled - "rpath wpath cpath" iff -s/save or -l/log options is enabled Status quo: catgirl starts with the superset of all possible promises "stdio rpath wpath cpath inet dns tty proc exec", drops offline with "stdio rpath wpath cpath tty proc exec" and possibly drops to either of "stdio rpath wpath cpath tty", "stdio tty proc exec" or "stdio tty" depending on the options used. Such step-by-step reduction is straight forward and easy to model along the process runtime, but it comes with the drawback of starting with too broad promises right from the beginning, i.e. `catgirl -R -h host' is able to execute code and write to filesystems even though it must never do so according the (un)used options. Lay out required promises up front and pledge in two stages: 1. initial setup, i.e. fixed "stdio tty" plus temporary "rpath inet dns" plus potential "rpath wpath cpath" plus potential "proc exec" 2. final rutime, i.e. fixed "stdio tty" plus potential "rpath wpath cpath" plus potential "proc exec" This way the above mentioned usage example can never execute or write files, hence less potential for bugs and more accurate modelling of catgirl's runtime -- dropping "inet dns" alone in between also becomes obsolete with this approach.
* OpenBSD: unveil after ncurses(3) init to support TERMINFOKlemens Nanni2021-06-09
| | | | | | | | | | | | initscr(3) in uiInitEarly() attempts more than /usr/share/terminfo/, see `mandoc -O tag=TERMINFO ncurses`. Even though non-default terminfo handling seems rare and it is unlikely to have ever caused a problem for catgirl users on OpenBSD, the current is still wrong by oversimplifying it. Avoid the entire curses/unveil clash by setting up the screen before unveiling.
* OpenBSD: hoist -o/printCert code to simplifyKlemens Nanni2021-06-09
| | | | | | | | | | Nothing but the TLS handshake is required, so skip all other setup. On OpenBSD, unveil() handling needs fixing which will involve code reshuffling -- this is the first related but standalone step. Also pledge this one-off code path individually such with simpler and tighter promises while here.
* Pad kiosk username with zero, not spaceJune McEnroe2021-06-06
| | | | Oops!
* OpenBSD: unveil XDG directories only when neededKlemens Nanni2021-06-06
| | | | | | | | | | | | | | | The (not perfectly obvious) way catgirl crafts directories gets triggered by unveilAll() even if no passed option requires filesystem access: $ env -i TERM=xterm ./catgirl -h irc.hackint.eu -R -n nobody catgirl: HOME unset Here unveil(2) is used due to the "restrict" option, but besides terminfo(5) and certificates catgirl does not need any other files, yet it tries to init the data path -- passing XDG_DATA_HOME=/var/empty makes above invocation work showing how the then successful path setup is not required. Fix this by not unveiling the unneeded data path in the first place.
* Nickname defaults to system's username not IRC usernameKlemens Nanni2021-06-05
| | | | | | | | | | | | | | | "username" alone is ambiguous and without jumping to ENVIRONMENT explaining the use of USER, catgirl's user- and nickname options read like pointing at each other: -n nick | nick = nick Set nickname to nick. The default nickname is the user's name. [...] -u user | user = user Set username to user. The default username is the same as the nickname. Clarify that `-n' does *not* default to `-u's value.
* Avoid writing past the end of the status barMichael Forney2021-06-05
| | | | | | | | | | | | | | | When waddnstr is called with a string that would extend past the end of the window, the string is truncated, the cursor remains at the last column, and ERR is returned. If this error is ignored and the loop continues, the next call to waddnstr overwrites the character at this column, resulting in a slight visual artifact. When the window is too small to fit the full status line, it is effectively truncated by one space on the right, since the string shown for each channel begins with a space. Additionally, if the last window is the current window, the space is shown with a colored background. To fix this, when waddnstr returns ERR, exit the loop in styleAdd() early return -1 to propogate this error down to the caller.
* List windows with /window 1.8June McEnroe2021-05-28
| | | | Reuse the /window command to preserve /wi abbreviation.
* Improve missing param behavior for /msg, /whois, /ns, /csJune McEnroe2021-05-28
|
* Use | for /window | /num commandJune McEnroe2021-05-28
|
* Prefix = for options with No in manualJune McEnroe2021-05-28
| | | | | | Without, the mandoc HTML output includes the space and equals in the class="Cm" element and generates a permalink of #hash_= for example.
* Tag config options in manualKlemens Nanni2021-05-27
| | | | | E.g. ":t debug" will now jump right to the definition just like ":t v" already did -- at least with mandoc(1) from OpenBSD.
* Document channel key parametersJune McEnroe2021-05-27
|
* Set username from SSH_CLIENT in chrootJune McEnroe2021-05-27
|
* Hash the username in kiosk modeJune McEnroe2021-05-27
| | | | So that the first part of $SSH_CLIENT can be passed as username.
* Log nick and ssh connection in chroot-promptJune McEnroe2021-05-27
|
* Clarify -H hash optionJune McEnroe2021-05-25
|
* Use reverse video not colors for topic change when disabledKlemens Nanni2021-05-25
| | | | | | | | | | | | | | | | | `-H 0,0`/"hash = 0,0" makes catgirl mostly colorless which is great, but topic changes still hardcode brown/green colors to show differences which is usually not desired by users (like me) disabling colors. Go for a less eye stressing topic change message that shows both old and new in reverse video with default terminal colors. This isn't perfect, other parts of catgirl still hardcode colors and `-H 0,0`/"hash = 0,0" was never meant to disable colors completely, but topics change often enough that avoiding less readable^Waccessible topic diffs seems sensible enough. NB: parseHash() is brittle and "0,0" is not the only value disabling colors...
* Use color enum instead of hardcoded valueKlemens Nanni2021-05-25
|
* Don't require 4 parameters to ERR_USERONCHANNELJune McEnroe2021-05-20
| | | | It should have 4, but the handler only uses 3.
* Replace freenode with tilde.chatJune McEnroe2021-05-19
|
* Remove no longer needed advice about mandirJune McEnroe2021-05-04
|
* Ignore messages in reply to previously ignored messagesJune McEnroe2021-05-04
| | | | | | | | Using the +draft/reply client tag, which is supported by BitBot. This hides the bot's replies to ignored users or ignored bot command messages. This commit is dedicated to the land of Estonia.
* Add support for BINDIR, fix default MANDIR, use LDADD varsJune McEnroe2021-05-04
| | | | | | | I avoided defaulting MANDIR to /usr/local/man because I thought it didn't work on GNU/Linux and users would be confused, but it turns out man-db's default configuration includes both /usr/local/man and /usr/man, so ${PREFIX}/man is a sensical default.
* Reset formatting after realnamesJune McEnroe2021-04-27
|
* Set id color from completion in /msgJune McEnroe2021-04-16
| | | | | In the same way that /query copies the id color from completion. Also make both first check that a color isn't already set.
* Always show 341 RPL_INVITINGJune McEnroe2021-04-16
| | | | | | | | | At least in InspIRCd's implementation, you only get invite-notify INVITEs if you are op, so inviting with no op (where allowed by a channel mode) results in only a 341. On the other hand, inviting as an op produces both a 341 and an INVITE, so will be displayed twice, but showing something sometimes twice is better than not showing it at all.
* Skip STATUSMSG prefixesJune McEnroe2021-04-02
| | | | | This feature is rarely used, so just skip STATUSMSG prefixes in the target so messages get routed correctly.
* Fix README typo 1.7June McEnroe2021-03-18
| | | | How long has this been here?
* Add C-z keys for directly inserting most color codesJune McEnroe2021-03-17
| | | | | So you don't have to remember those dang numbers whose order makes no sense!
* Reset style after newline in inputJune McEnroe2021-03-17
| | | | Reflect what will actually be sent.
* Show where too-long-messages will be automatically splitJune McEnroe2021-03-17
|
* Allow multi-line /me and split long /me messagesJune McEnroe2021-03-14
| | | | /me shouldn't behave differently from a regular message.
* Refer to glob(7) not sh(1)Klemens Nanni2021-03-13
| | | | | | | | | Those patterns are not specific to the shell, many commands support them. Notes: glob(7) does not exist on FreeBSD, but I'm going to consider that a documentation bug on FreeBSD's part. The page exists in OpenBSD, NetBSD and even Linux!
* Add note about arrow and navigation keysJune McEnroe2021-03-13
| | | | | And I think with C-Left and C-Right I can actually say "as expected" now.
* chat.tmux.conf: use config_files format for reloadKlemens Nanni2021-03-10
| | | | | | The recent addition of "#{source_files}" allows us to avoid hardcoding the file name and instead ask tmux itself for the very file it used to create the session in the first place, i.e. "-f ./chat.tmux.conf".
* Attempt to clarify trust option useJune McEnroe2021-03-08
| | | | | Trust is not certificate pinning and should only be used for self-signed certificates.
* Disable nick and channel colors with hash bound 0June McEnroe2021-03-08
|
* Add bindings for C-Left and C-RightJune McEnroe2021-03-07
| | | | | | | | Apparently these are common. There's no terminfo for these, so manually define the xterm sequences. There's no documentation in the manual for the "intuitive" keys... I'm not sure if that should continue to be the case or not.
* Add all window names to global completionJune McEnroe2021-03-02
| | | | | Don't want to be touching window names much though, otherwise query window names would interfere with tab completion within a channel.
* Add workaround for lack of A_ITALIC in old ncursesJune McEnroe2021-02-27
| | | | | | | | | | | | | A_BLINK has probably always existed, but there's no good reason to ever use it, so make it do italics instead. Normally all attributes are set by a single set_attributes string if it's set, so clear it to force ncurses to use the reassigned enter_blink_mode string. If the terminal has no enter_italics_mode string, then nothing will happen. This makes setting multiple attributes a bit less efficient, but I don't think it's likely to make much of a difference since using multiple attributes at once is so uncommon.
* Error if hash bound is less than 2June McEnroe2021-02-25
| | | | Bad things happen otherwise.
* Use separate reply counts for automatic join topics/namesJune McEnroe2021-02-21
| | | | | | This restores showing the topic and names for automatic joined channels, while still avoiding touching the windows, by using Cold heat.