| Commit message (Collapse) | Author |
|
|
|
Yikes.
|
|
This doesn't yet, but it will break the "robustness principle" according
to which a server "SHOULD NOT" assume that a client capable of parsing
one tag is capable of parsing all tags. In future, TagCaps will have all
other caps that use tags ORed into it, and only if the client supports
none of them will tags be filtered out.
|
|
I still think this limit is unreasonably large in comparison to 512 for
the actual message.
|
|
If there's no room left in the buffer, tls_read will return 0 (since we
gave it zero length to read into) and cause client->error to be set.
|
|
This commit introduces a '-S' command line option and a "bind" configuration
file option for selecting the source address when making outbound TCP
connections (similar to the corresponding option in catgirl(1)).
|
|
|
|
|
|
|
|
|
|
I'm pretty sure any kind of "renewing" of these is going to suck, so
just set it long enough that the world will probably be ash by then.
|
|
|
|
|
|
This disambiguates client-ca and client-pass from client-cert and
client-key, which apply to opposite sides of the program.
The old option names will continue to work.
|
|
Required for the rewind call when loading the CA.
|
|
This is a little bit messy. Allows setting either -A or -W or both.
Implements SASL EXTERNAL for clients that expect that when connecting
with a client certificate.
Need to test that reloading still works inside capsicum, since I suspect
that rewind call may be blocked.
|
|
This way things like litterbox can do it automatically without having to
be configured with a hyphen-prefixed username, which is usually invalid
anywhere else.
|
|
The other upper-case options are related to the listening side of
things, not the server side, so this is more consistent.
This is incompatible, but will fail loudly, and I expect these options
are more likely set in a configuration file, if they are set at all. I
also want to free up -A for setting a client CA, but assuming your away
message is not also an existing file path, that will continue to fail
loudly.
|
|
Oops! Clients could get pounce to quit if they didn't send a message.
|
|
Oops, thought I did this already.
|
|
|
|
Turns out the more likely thing is that the fd will just continue to be
POLLIN and produce zero-length reads.
This reverts commit 5707b15920a1ce57f01db0d592487d833218be9d.
|
|
This should maybe gracefully inform clients of what happened, but for
now this is much better than the infinite poll loop that happened
previously.
|
|
|
|
|
|
This still allows using openssl(1) from PATH, but defaults to using
${LIBRESSL_PREFIX}/bin/openssl.
|
|
This should just be what is definitely necessary, and all distros have
their own problems. This works on Void Linux at least.
|
|
|
|
For the strlcpy implementation.
|
|
Otherwise, the result of strncmp gets converted size_t, since size_t
has greater rank than int.
Since wordcmp is only ever used as a boolean condition, this poses
no real issue, but presumably, it is meant to behave like the other
*cmp function and return a value less than, equal to, or greater
than 0 depending on the result of the comparison.
|
|
Otherwise, each source file that includes the header gets its own
definition, and according to the C standard (C99 6.9p5):
> If an identifier declared with external linkage is used in an
> expression (other than as part of the operand of a sizeof operator
> whose result is an integer constant), somewhere in the entire
> program there shall be exactly one external definition for the
> identifier
Most compilers use the .bss section for zero data, but if it uses
.data instead, or if -Wl,--warn-common is used, this will cause a
linking error.
|
|
|
|
|
|
handleAuthenticate only sends a single AUTHENTICATE message, so
according to https://ircv3.net/specs/extensions/sasl-3.1.html, its
maximum length is 399. So, we know that the authentication string
can be at most 299 bytes.
|
|
These are really just regular arrays masquerading as VLAs.
|
|
|
|
My understanding is that sun_path need not be nul-terminated, but I
didn't notice that SUN_LEN actually requires it.
> The length of UNIX-domain address, required by bind(2) and connect(2),
> can be calculated by the macro SUN_LEN() defined in <sys/un.h>. The
> sun_path field must be terminated by a NUL character to be used with
> SUN_LEN(), but the terminating NUL is not part of the address.
Thanks to Duncan Overbruck <mail@duncano.de> for the report.
|
|
I don't know what I was thinking. I'm expecting a number less than 1000
of course that fits in int.
|
|
|
|
|
|
I don't actually deal with it at all other than storing them for syncing
clients.
|
|
|
|
This inverts the meaning of -N!
|
|
|
|
|
|
|
|
I think it's fine to keep it separate since it's a core function of the
bouncer.
|
|
|
|
|
|
|