summary refs log tree commit diff
path: root/rc.d/calico (unfollow)
Commit message (Collapse)Author
2020-01-17Add litterbox to READMEJune McEnroe
2020-01-17Rename SASL EXTERNAL section to CertFPJune McEnroe
2020-01-17Document process of generating client certificatesJune McEnroe
2020-01-16Set certificate expiry to 10 yearsJune McEnroe
I'm pretty sure any kind of "renewing" of these is going to suck, so just set it long enough that the world will probably be ash by then.
2020-01-12Allow signing by CA in -gJune McEnroe
2020-01-12Clean up documentation for -AJune McEnroe
2020-01-12Rename all local-related options to local-June McEnroe
This disambiguates client-ca and client-pass from client-cert and client-key, which apply to opposite sides of the program. The old option names will continue to work.
2020-01-12Use the CAP_PREAD rightJune McEnroe
Required for the rewind call when loading the CA.
2020-01-12Add option to set local client CAJune McEnroe
This is a little bit messy. Allows setting either -A or -W or both. Implements SASL EXTERNAL for clients that expect that when connecting with a client certificate. Need to test that reloading still works inside capsicum, since I suspect that rewind call may be blocked.
2020-01-10Add a vendor capability for passive clientsJune McEnroe
This way things like litterbox can do it automatically without having to be configured with a hyphen-prefixed username, which is usually invalid anywhere else.
2020-01-07Rename -A and -Q to -y and -qJune McEnroe
The other upper-case options are related to the listening side of things, not the server side, so this is more consistent. This is incompatible, but will fail loudly, and I expect these options are more likely set in a configuration file, if they are set at all. I also want to free up -A for setting a client CA, but assuming your away message is not also an existing file path, that will continue to fail loudly.
2019-12-28Intercept client QUIT with no parameter 1.0p3June McEnroe
Oops! Clients could get pounce to quit if they didn't send a message.
2019-12-24Update source URLJune McEnroe
Oops, thought I did this already.
2019-12-22Exit on zero-length server readJune McEnroe
2019-12-22Revert "Exit when server gets POLLHUP"June McEnroe
Turns out the more likely thing is that the fd will just continue to be POLLIN and produce zero-length reads. This reverts commit 5707b15920a1ce57f01db0d592487d833218be9d.
2019-12-20Exit when server gets POLLHUPJune McEnroe
This should maybe gracefully inform clients of what happened, but for now this is much better than the infinite poll loop that happened previously.
2019-12-17Add CONTRIBUTING section to READMEJune McEnroe
2019-12-08Don't send self-PMs to the server 1.0p2June McEnroe
2019-11-27Reference openssl(1) by absolute pathedef
This still allows using openssl(1) from PATH, but defaults to using ${LIBRESSL_PREFIX}/bin/openssl.
2019-11-27Simplify Linux.mkJune McEnroe
This should just be what is definitely necessary, and all distros have their own problems. This works on Void Linux at least.
2019-11-26Don't always create ${ETCDIR}/rc.dJune McEnroe
2019-11-21Link calico with libcrypto on Linux 1.0p1June McEnroe
For the strlcpy implementation.
2019-11-21Fix wordcmp return value when the words have differing lengthsMichael Forney
Otherwise, the result of strncmp gets converted size_t, since size_t has greater rank than int. Since wordcmp is only ever used as a boolean condition, this poses no real issue, but presumably, it is meant to behave like the other *cmp function and return a value less than, equal to, or greater than 0 depending on the result of the comparison.
2019-11-21Declare globals as extern in headers, and define in source fileMichael Forney
Otherwise, each source file that includes the header gets its own definition, and according to the C standard (C99 6.9p5): > If an identifier declared with external linkage is used in an > expression (other than as part of the operand of a sizeof operator > whose result is an integer constant), somewhere in the entire > program there shall be exactly one external definition for the > identifier Most compilers use the .bss section for zero data, but if it uses .data instead, or if -Wl,--warn-common is used, this will cause a linking error.
2019-11-21Zero temporary SASL PLAIN bufferJune McEnroe
2019-11-21Use a static buffer for plainBase64June McEnroe
2019-11-21Use a fixed buffer size for SASL PLAIN authenticationMichael Forney
handleAuthenticate only sends a single AUTHENTICATE message, so according to https://ircv3.net/specs/extensions/sasl-3.1.html, its maximum length is 399. So, we know that the authentication string can be at most 299 bytes.
2019-11-20Avoid a couple VLAs with constant sizeMichael Forney
These are really just regular arrays masquerading as VLAs.
2019-11-20client: Include time.h for gmtime and strftimeMichael Forney
2019-11-20Use strlcpy for sun_pathsJune McEnroe
My understanding is that sun_path need not be nul-terminated, but I didn't notice that SUN_LEN actually requires it. > The length of UNIX-domain address, required by bind(2) and connect(2), > can be calculated by the macro SUN_LEN() defined in <sys/un.h>. The > sun_path field must be terminated by a NUL character to be used with > SUN_LEN(), but the terminating NUL is not part of the address. Thanks to Duncan Overbruck <mail@duncano.de> for the report.
2019-11-20Format milliseconds as intJune McEnroe
I don't know what I was thinking. I'm expecting a number less than 1000 of course that fits in int.
2019-11-18Mention the name CertFP in SASL EXTERNAL guide 1.0June McEnroe
2019-11-18Document accept and exit behaviorJune McEnroe
2019-11-18Remove ISUPPORT draft referenceJune McEnroe
I don't actually deal with it at all other than storing them for syncing clients.
2019-11-18Document inadvertent echo bugJune McEnroe
2019-11-15Request NAMES on sync by defaultJune McEnroe
This inverts the meaning of -N!
2019-11-14Add concept of passive clientsJune McEnroe
2019-11-14Save and load full struct timevalJune McEnroe
2019-11-14Use struct timeval for sub-second precisionJune McEnroe
2019-11-14Remove server-time filter TODOJune McEnroe
I think it's fine to keep it separate since it's a core function of the bouncer.
2019-11-14Tweak filter regexesJune McEnroe
2019-11-14Filter multi-prefixJune McEnroe
2019-11-14Replace filters with regex replacesJune McEnroe
2019-11-13Refactor filterUserhostInNamesJune McEnroe
2019-11-13Factor out wordcpy for filtersJune McEnroe
2019-11-11Revert "Test getopt_config"June McEnroe
This reverts commit c8a771828e1d5fc8c476bbd650fafcfb7ba390a8. It just feels gross... idk.
2019-11-11Test getopt_configJune McEnroe
2019-11-11Add userhost-in-names to manualJune McEnroe
2019-11-11Skip initial NAMES parametersJune McEnroe
Channel names can contain '!' so splitting the whole message on it won't work. I hate this code though.
2019-11-11Filter userhost-in-namesJune McEnroe
I really want to be writing tests for these functions...