Staging for Elemental-IRCd 6.6 release

CREDITS

@@ -1,14 +1,23 @@
 $Id: CREDITS 3133 2007-01-21 15:38:16Z jilles $
  
-elemental-ircd is a fork of the ShadowIRCD project created to meet
+Elemental-IRCd is a fork of the now-defunct ShadowIRCD project.
+ 
+The Elemental-IRCd team is listed below in nick-alphabetical order:
+ 
+Xena, Sam Dodrill <shadowh511 -at- gmail.com>
+ 
+Some Elemental-IRCd features are modeled after or direct ports of
+code from Charybdis.
+ 
+ponychat-ircd is a fork of the ShadowIRCD project created to meet
 PonyChat's needs and keep the now-defunct ShadowIRCD project's goals
 alive.
  
-The elemental-ircd team is listed in nick-alphabetical order:
+The ponychat-ircd team is listed in nick-alphabetical order:
  
 aji, Alex Iadicico <alex -at- ajitek.net>
-lyska, Sam Dodrill <shadowh511 -at- gmail.com>>
 Kabaka, Kyle Johnson <kabaka -at- ponychat.net>
+Xe, Sam Dodrill <shadowh511 -at- gmail.com>
  
 ShadowIRCd 6 is a modern restart of the old ShadowIRCd project
 based on Charybdis with a few additional features to make it appeal 

NEWS

@@ -1,6 +1,39 @@
 This is elemental-ircd 6.5, Copyright (c) 2013 elemental-ircd team.
 See LICENSE for licensing details (GPL v2).
 
+-- elemental-ircd 6.6
+
+additions
+ - add OWNER=y to 005
+ - add autoconfigure script like unrealircd
+ - add channel mode +u to hide banlists unless users have halfop or up
+ - add modules for services packages
+ - add quotes around PART reason
+ - add umode +I to hide channels line from WHOIS
+ - make end-user /OPER failures much more generic
+ - make flooding SNOTEs global
+ - show own modes in whois
+ - show remote server IP addresses
+ - update helpfiles to have much more up to date information
+
+bugfixes
+ - don't strip unicode in strip_unprintable
+ - fix extended-join for remote users
+ - fix null reference in away-notify
+ - make genssl.sh generate ten year certs
+
+removals
+ - remove away-notify
+ - remove AHBL from default configs
+ - remove m_post SNOTEs because of an upstream change
+
+The official channel for Elemental-IRCd is now #elemental-ircd on
+irc.yolo-swag.com.
+
+-- elemental-ircd 6.5.1
+
+Rename to Elemental-IRCd
+
 -- ponychat-ircd 6.5
 
 additions

TODO.markdown

@@ -1,22 +1,6 @@
 # TODO
 
-## elemental-ircd 6.5.2
-
- - [ ] Fix `extended-join` not triggering for users on other servers
- - [x] Patch `m_sasl`, http://seclists.org/fulldisclosure/2014/Mar/320
- - [x] Fix null reference in `src/channel.c`
- - [x] Add basic autoconfiguration script
- - [x] Add modules for services packages
- - [x] Make end user oper failures more generic
- - [x] Add `OWNER=` to `005`
- - [x] Show own modes in a `WHOIS`
- - [x] Remove AHBL blacklists from default configs
- - [x] Remove `SNOTE`s in `m_post`
- - [x] Make flooding `SNOTE`s global
- - [x] Add quotes around `PART` reason
- - [x] Disable `away-notify` for now
-
-## elemental-ircd 6.6
+## elemental-ircd 6.7
 
  - [ ] Finish websocket support
    - [x] Configuration for websocket ports

configure

@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for elemental-ircd 6.5.1.
+# Generated by GNU Autoconf 2.69 for elemental-ircd 6.6.
 #
 # 2014 elemental-ircd Team
 #
@@ -579,8 +579,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='elemental-ircd'
 PACKAGE_TARNAME='elemental-ircd'
-PACKAGE_VERSION='6.5.1'
-PACKAGE_STRING='elemental-ircd 6.5.1'
+PACKAGE_VERSION='6.6'
+PACKAGE_STRING='elemental-ircd 6.6'
 PACKAGE_BUGREPORT=''
 PACKAGE_URL=''
 
@@ -1303,7 +1303,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures elemental-ircd 6.5.1 to adapt to many kinds of systems.
+\`configure' configures elemental-ircd 6.6 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1364,7 +1364,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of elemental-ircd 6.5.1:";;
+     short | recursive ) echo "Configuration of elemental-ircd 6.6:";;
    esac
   cat <<\_ACEOF
 
@@ -1488,7 +1488,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-elemental-ircd configure 6.5.1
+elemental-ircd configure 6.6
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2092,7 +2092,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by elemental-ircd $as_me 6.5.1, which was
+It was created by elemental-ircd $as_me 6.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -10100,7 +10100,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by elemental-ircd $as_me 6.5.1, which was
+This file was extended by elemental-ircd $as_me 6.6, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -10166,7 +10166,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-elemental-ircd config.status 6.5.1
+elemental-ircd config.status 6.6
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 

configure.ac

@@ -10,7 +10,7 @@ AC_PREREQ(2.57)
 dnl Sneaky way to get an Id tag into the configure script
 AC_COPYRIGHT([2014 elemental-ircd Team])
 
-AC_INIT([elemental-ircd],[6.5.1])
+AC_INIT([elemental-ircd],[6.6])
 
 AC_CONFIG_HEADER(include/setup.h)
 

doc/example.conf

@@ -3,6 +3,7 @@
  * Copyright (C) 2000-2002 Hybrid Development Team
  * Copyright (C) 2002-2005 ircd-ratbox development team
  * Copyright (C) 2005-2006 charybdis development team
+ * Copyright (C) 2014      Elemental-IRCd development team
  *
  * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
  *
@@ -47,10 +48,10 @@ loadmodule "extensions/sno_globaloper.so";
 #loadmodule "extensions/sno_whois.so";
 
 serverinfo {
-	name = "hades.arpa";
+	name = "hostname.domain.tld";
 	sid = "42X";
-	description = "shadowircd test server";
-	network_name = "AthemeNET";
+	description = "elemental-ircd test server";
+	network_name = "ShadowNET";
 	network_desc = "Your IRC network.";
 	helpchan = "#help";
 	helpurl = "http://www.mynet.net/help";
@@ -62,7 +63,7 @@ serverinfo {
 	#vhost = "192.169.0.1";
 	/* for IPv6 */
 	#vhost6 = "3ffe:80e8:546::2";
-	
+
 	/* ssl_private_key: our ssl private key */
 	ssl_private_key = "etc/ssl.key";
 
@@ -90,7 +91,7 @@ serverinfo {
 
 admin {
 	name = "Lazy admin (lazya)";
-	description = "AthemeNET client server";
+	description = "ShadowNET client server";
 	email = "nobody@127.0.0.1";
 };
 
@@ -139,7 +140,8 @@ listen {
 	/* defer_accept: wait for clients to send IRC handshake data before
 	 * accepting them.  if you intend to use software which depends on the
 	 * server replying first, such as BOPM, you should disable this feature.
-	 * otherwise, you probably want to leave it on.
+	 * otherwise, you probably want to leave it on. Disabling this will not
+	 * update on a rehash.
 	 */
 	defer_accept = yes;
 
@@ -152,8 +154,8 @@ listen {
 
 	/* Listen on IPv6 (if you used host= above). */
 	#host = "3ffe:1234:a:b:c::d";
-        #port = 5000, 6665 .. 6669;
-        #sslport = 9999;
+	#port = 5000, 6665 .. 6669;
+	#sslport = 9999;
 };
 
 /* auth {}: allow users to connect to the ircd (OLD I:)
@@ -185,7 +187,7 @@ auth {
 	 * flags = ...; below if it is.
 	 */
 	password = "letmein";
-	
+
 	/* spoof: fake the users user@host to be be this.  You may either
 	 * specify a host or a user@host to spoof to.  This is free-form,
 	 * just do everyone a favour and dont abuse it. (OLD I: = flag)
@@ -199,7 +201,7 @@ auth {
 	autojoin = "#shadowircd,#test";
 
 	/* Possible flags in auth:
-	 * 
+	 *
 	 * encrypted                  | password is encrypted with mkpasswd
 	 * spoof_notice               | give a notice when spoofing hosts
 	 * exceed_limit (old > flag)  | allow user to exceed class user limits
@@ -210,15 +212,15 @@ auth {
 	 * jupe_exempt                | exempt this user from generating
 	 *                              warnings joining juped channels
 	 * resv_exempt		      | exempt this user from resvs
-         * flood_exempt               | exempt this user from flood limits
-         *                                     USE WITH CAUTION.
+	 * flood_exempt               | exempt this user from flood limits
+	 *                                     USE WITH CAUTION.
 	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
 	 * need_ident   (old + flag)  | require ident for user in this class
 	 * need_ssl                   | require SSL/TLS for user in this class
 	 * need_sasl                  | require SASL id for user in this class
 	 */
 	flags = kline_exempt, exceed_limit;
-	
+
 	/* class: the class the user is placed in */
 	class = "opers";
 };
@@ -279,13 +281,13 @@ operator "god" {
 	user = "*god@127.0.0.1";
 
 	/* password: the password required to oper.  Unless ~encrypted is
-	 * contained in flags = ...; this will need to be encrypted using 
+	 * contained in flags = ...; this will need to be encrypted using
 	 * mkpasswd, MD5 is supported
 	 */
 	password = "etcnjl8juSU1E";
 
 	/* rsa key: the public key for this oper when using Challenge.
-	 * A password should not be defined when this is used, see 
+	 * A password should not be defined when this is used, see
 	 * doc/challenge.txt for more information.
 	 */
 	#rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
@@ -392,14 +394,14 @@ channel {
 	exemptchanops = "NT";
 	use_halfop = yes;
 	use_admin = yes;
-        use_owner = yes;
+	use_owner = yes;
 	use_knock = yes;
 	use_local_channels = yes;
 	knock_delay = 5 minutes;
 	knock_delay_channel = 1 minute;
 	max_chans_per_user = 15;
-        max_bans = 100;
-        max_bans_large = 500;
+	max_bans = 100;
+	max_bans_large = 500;
 	default_split_user_count = 0;
 	default_split_server_count = 0;
 	no_create_on_split = no;
@@ -425,7 +427,7 @@ serverhide {
  * They are used in pairs of one host/rejection reason.
  *
  * These settings should be adequate for most networks, and are (presently)
- * required for use on AthemeNet.
+ * required for use on ShadowNet.
  *
  * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
  * connections.
@@ -526,23 +528,23 @@ general {
 
 	default_operstring = "is an IRC Operator";
 	default_adminstring = "is a Server Administrator";
-	default_operhost = "staff.testnet.net";
+	#default_operhost = "staff.testnet.net";
 	#static_quit = "I like turtles!";
 	servicestring = "is a Network Service";
 	disable_fake_channels = no;
 	hide_channel_below_users = 3;
-        tkline_expire_notices = no;
-        default_floodcount = 10;
+	tkline_expire_notices = no;
+	default_floodcount = 10;
 	failed_oper_notice = yes;
 	dots_in_ident=2;
 	min_nonwildcard = 4;
 	min_nonwildcard_simple = 3;
-        max_accept = 100;
+	max_accept = 100;
 	max_monitor = 100;
 	anti_nick_flood = yes;
 	max_nick_time = 20 seconds;
 	max_nick_changes = 5;
-        anti_spam_exit_message_time = 5 minutes;
+	anti_spam_exit_message_time = 5 minutes;
 	use_part_messages = yes;
 	ts_warn_delta = 30 seconds;
 	ts_max_delta = 5 minutes;
@@ -566,7 +568,7 @@ general {
 	stats_P_oper_only=no;
 	stats_i_oper_only=masked;
 	stats_k_oper_only=masked;
-        map_oper_only = no;
+	map_oper_only = no;
 	operspy_admin_only = no;
 	operspy_dont_care_user_info = no;
 	secret_channels_in_whois = no;
@@ -582,11 +584,11 @@ general {
 	true_no_oper_flood = no;
 	max_targets = 4;
 	client_flood = 20;
-        use_whois_actually = no;
+	use_whois_actually = no;
 	oper_only_umodes = operwall, locops, servnotice;
 	oper_umodes = locops, servnotice, operwall, wallop;
 	oper_snomask = "+s";
-        burst_away = yes;
+	burst_away = yes;
 	nick_delay = 0 seconds; # 15 minutes if you want to enable this
 	reject_ban_time = 1 minute;
 	reject_after_count = 3;
@@ -594,7 +596,7 @@ general {
 	throttle_duration = 60;
 	throttle_count = 4;
 	expire_override_time = 5 minutes;
-    away_interval = 30;
+	away_interval = 30;
 };
 
 modules {

doc/ircd.motd

@@ -1,2 +1,2 @@
-This is ShadowIRCd MOTD. You might replace it, but if not, your friends will
-laugh at you.
+This is the Elemental-IRCd MOTD. You can use this if you like;
+but if you do, your teacher may send you to magic kindergarten.

extensions/Makefile.in

@@ -53,6 +53,7 @@ SRCS =                          \
   force_user_invis.c		\
   hurt.c			\
   ip_cloaking.c			\
+  ip_cloaking-5.c		\
   sno_farconnect.c		\
   sno_globalkline.c		\
   sno_globaloper.c		\

extensions/ip_cloaking-5.c

@@ -0,0 +1,169 @@
+/* 
+ * Charybdis: an advanced ircd
+ * ip_cloaking.c: provide user hostname cloaking
+ *
+ * Written originally by nenolod, altered to use FNV by Elizabeth in 2008
+ * altered some more by groente
+ */
+
+#include <openssl/hmac.h>
+#include "stdinc.h"
+#include "modules.h"
+#include "hook.h"
+#include "client.h"
+#include "ircd.h"
+#include "send.h"
+#include "hash.h"
+#include "s_conf.h"
+#include "s_user.h"
+#include "s_serv.h"
+#include "numeric.h"
+#include "newconf.h"
+
+char *secretsalt = "32qwnqoWI@DpMd&w";
+
+static void
+conf_set_secretsalt(void *data)
+{
+	secretsalt = rb_strdup(data);
+}
+
+static int
+_modinit(void)
+{
+	/* add the usermode to the available slot */
+	user_modes['x'] = find_umode_slot();
+	construct_umodebuf();
+
+	add_top_conf("cloaking", NULL, NULL, NULL);
+	add_conf_item("cloaking", "secretsalt", CF_QSTRING, conf_set_secretsalt);
+
+	return 0;
+}
+
+static void
+_moddeinit(void)
+{
+	/* disable the umode and remove it from the available list */
+	user_modes['x'] = 0;
+	construct_umodebuf();
+
+	add_top_conf("cloaking", NULL, NULL, NULL);
+	add_conf_item("cloaking", "secretsalt", CF_QSTRING, conf_set_secretsalt);
+}
+
+static void check_umode_change(void *data);
+static void check_new_user(void *data);
+mapi_hfn_list_av1 ip_cloaking_hfnlist[] = {
+	{ "umode_changed", (hookfn) check_umode_change },
+	{ "new_local_user", (hookfn) check_new_user },
+	{ NULL, NULL }
+};
+
+DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL,
+		ip_cloaking_hfnlist, "$Revision: 3526 $");
+
+static void
+distribute_hostchange(struct Client *client_p, char *newhost)
+{
+	if (newhost != client_p->orighost)
+		sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host",
+				newhost);
+	else
+		sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset",
+				newhost);
+
+	sendto_server(NULL, NULL,
+			CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s",
+			use_id(&me), use_id(client_p), newhost);
+	sendto_server(NULL, NULL,
+			CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s",
+			use_id(&me), use_id(client_p), newhost);
+
+	change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host");
+
+	if (newhost != client_p->orighost)
+		SetDynSpoof(client_p);
+	else
+		ClearDynSpoof(client_p);
+}
+
+static void
+do_host_cloak(const char *inbuf, char *outbuf)
+{
+	unsigned char *hash;
+	char buf[3];
+	char output[HOSTLEN+1];
+	int i;
+
+	hash = HMAC(EVP_sha256(), secretsalt, strlen(secretsalt), (unsigned char*)inbuf, strlen(inbuf), NULL, NULL);
+
+	output[0]=0;
+
+	for (i = 0; i < 32; i++) {
+		sprintf(buf, "%.2x", hash[i]);
+		strcat(output,buf);
+	}
+
+	rb_strlcpy(outbuf,output,HOSTLEN+1);
+}
+
+static void
+check_umode_change(void *vdata)
+{
+	hook_data_umode_changed *data = (hook_data_umode_changed *)vdata;
+	struct Client *source_p = data->client;
+
+	if (!MyClient(source_p))
+		return;
+
+	/* didn't change +h umode, we don't need to do anything */
+	if (!((data->oldumodes ^ source_p->umodes) & user_modes['x']))
+		return;
+
+	if (source_p->umodes & user_modes['h'])
+	{
+		if (IsIPSpoof(source_p) || source_p->localClient->mangledhost == NULL || (IsDynSpoof(source_p) && strcmp(source_p->host, source_p->localClient->mangledhost)))
+		{
+			source_p->umodes &= ~user_modes['x'];
+			return;
+		}
+		if (strcmp(source_p->host, source_p->localClient->mangledhost))
+		{
+			distribute_hostchange(source_p, source_p->localClient->mangledhost);
+		}
+		else /* not really nice, but we need to send this numeric here */
+			sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host",
+					source_p->host);
+	}
+	else if (!(source_p->umodes & user_modes['x']))
+	{
+		if (source_p->localClient->mangledhost != NULL &&
+				!strcmp(source_p->host, source_p->localClient->mangledhost))
+		{
+			distribute_hostchange(source_p, source_p->orighost);
+		}
+	}
+}
+
+static void
+check_new_user(void *vdata)
+{
+	struct Client *source_p = (void *)vdata;
+
+	if (IsIPSpoof(source_p))
+	{
+		source_p->umodes &= ~user_modes['x'];
+		return;
+	}
+	source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1);
+	do_host_cloak(source_p->orighost, source_p->localClient->mangledhost);
+	if (IsDynSpoof(source_p))
+		source_p->umodes &= ~user_modes['x'];
+	if (source_p->umodes & user_modes['x'])
+	{
+		rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host));
+		if (irccmp(source_p->host, source_p->orighost))
+			SetDynSpoof(source_p);
+	}
+}

libratbox/include/libratbox_config.h.in

@@ -60,6 +60,9 @@
 /* Define to 1 if you have the `gmtime_r' function. */
 #undef HAVE_GMTIME_R
 
+/* Has GnuTLS */
+#undef HAVE_GNUTLS
+
 /* Define to 1 if you have the <inttypes.h> header file. */
 #undef HAVE_INTTYPES_H