diff options
| author | 2020-06-08 18:14:19 +0100 | |
|---|---|---|
| committer | 2020-06-08 18:14:19 +0100 | |
| commit | 58e9055162e003f991870637b73f8ec4044d56a8 (patch) | |
| tree | 62289918baee8739fb14a71d3e10c47e1eff5210 | |
| parent | Rip out compatibility code for the 2.0 protocol. (diff) | |
| parent | Add an ISUPPORT token for the bot mode and 'B' to the WHO flags. (diff) | |
Merge branch 'insp3' into master.
| -rw-r--r-- | .github/SECURITY.md | 4 | ||||
| -rw-r--r-- | docs/conf/modules.conf.example | 2 | ||||
| -rw-r--r-- | include/modules.h | 67 | ||||
| -rw-r--r-- | include/typedefs.h | 2 | ||||
| -rw-r--r-- | make/template/help.txt | 19 | ||||
| -rw-r--r-- | make/template/main.mk | 1 | ||||
| -rw-r--r-- | src/modules/m_botmode.cpp | 27 | ||||
| -rw-r--r-- | src/modules/m_ircv3_ctctags.cpp | 9 | ||||
| -rw-r--r-- | src/modules/m_ojoin.cpp | 10 | ||||
| -rwxr-xr-x | tools/genssl | 13 |
10 files changed, 111 insertions, 43 deletions
diff --git a/.github/SECURITY.md b/.github/SECURITY.md index 94e5b60e4..d8b772e22 100644 --- a/.github/SECURITY.md +++ b/.github/SECURITY.md @@ -2,14 +2,14 @@ ## Supported Versions -Currently the v2 (old stable) and v3 (stable) branches are actively receiving security fixes. Support for v2 will end on 2020-06-01. +Currently the v2 (old stable) and v3 (stable) branches are actively receiving security fixes. Support for v2 will end on 2021-01-01. The v4 branch is still early in development and only receives security fixes when they are synced from the v3 branch. Version | Supported ------- | --------- 4.x.y | :warning: -3.x.y | :white_check_mark: +3.x.y | :white_check_mark: 2.0.x | :white_check_mark: 1.2.y | :x: 1.1.y | :x: diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 1831a48ad..2562e1812 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -2286,7 +2286,7 @@ #<module name="watch"> # # Set the maximum number of entries on a user's watch list below. -#<watch maxentries="32"> +#<watch maxwatch="32"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # WebSocket module: Adds HTML5 WebSocket support. diff --git a/include/modules.h b/include/modules.h index e7507db7d..c6ef15a89 100644 --- a/include/modules.h +++ b/include/modules.h @@ -58,44 +58,69 @@ enum ModuleFlags VF_OPTCOMMON = 8 }; +/** The event was explicitly allowed. */ #define MOD_RES_ALLOW (ModResult(1)) + +/** The event was not explicitly allowed or denied. */ #define MOD_RES_PASSTHRU (ModResult(0)) + +/** The event was explicitly denied. */ #define MOD_RES_DENY (ModResult(-1)) -/** Used to represent an allow/deny module result. - * Not constructed as an enum because it reverses the value logic of some functions; - * the compiler will inline accesses to have the same efficiency as integer operations. - */ -struct ModResult { - int res = 0; +/** Represents the result of a module event. */ +class ModResult +{ + private: + /** The underlying result value. */ + char result = 0; + + public: + /** Creates a new instance of the ModResult class which defaults to MOD_RES_PASSTHRU. */ ModResult() = default; - explicit ModResult(int r) : res(r) {} - inline bool operator==(const ModResult& r) const + + /** Creates a new instance of the ModResult class with the specified value. */ + explicit ModResult(char res) + : result(res) { - return res == r.res; } - inline bool operator!=(const ModResult& r) const + + /** Determines whether this ModResult has.the same value as \p res */ + inline bool operator==(const ModResult& res) const { - return res != r.res; + return result == res.result; } + + /** Determines whether this ModResult has.a different value to \p res */ + inline bool operator!=(const ModResult& res) const + { + return result != res.result; + } + + /** Determines whether a non-MOD_RES_PASSTHRU result has been set. */ inline bool operator!() const { - return !res; + return !result; } + + /** Checks whether the result is an MOD_RES_ALLOW or MOD_RES_PASSTHRU when the default is to allow. */ inline bool check(bool def) const { - return (res == 1 || (res == 0 && def)); + return (result == 1 || (result == 0 && def)); } - /** - * Merges two results, preferring ALLOW to DENY - */ - inline ModResult operator+(const ModResult& r) const + + /* Merges two results preferring MOD_RES_ALLOW to MOD_RES_DENY. */ + inline ModResult operator+(const ModResult& res) const { - if (res == r.res || r.res == 0) + // If the results are identical or the other result is MOD_RES_PASSTHRU + // then return this result. + if (result == res.result || res.result == 0) return *this; - if (res == 0) - return r; - // they are different, and neither is passthru + + // If this result is MOD_RES_PASSTHRU then return the other result. + if (result == 0) + return res; + + // Otherwise, they are different, and neither is MOD_RES_PASSTHRU. return MOD_RES_ALLOW; } }; diff --git a/include/typedefs.h b/include/typedefs.h index d0337bdef..a9ea23e30 100644 --- a/include/typedefs.h +++ b/include/typedefs.h @@ -50,7 +50,7 @@ class XLine; class XLineManager; class XLineFactory; struct ConnectClass; -struct ModResult; +class ModResult; namespace ClientProtocol { diff --git a/make/template/help.txt b/make/template/help.txt new file mode 100644 index 000000000..0afe91e02 --- /dev/null +++ b/make/template/help.txt @@ -0,0 +1,19 @@ +Thanks for installing InspIRCd! + +In order to get your server running you need to create config files. Examples +can be found at `@EXAMPLE_DIR@`. + +If you need any help with this then you can visit our support channel at +irc.inspircd.org #inspircd or refer to the the docs site: + + https://docs.inspircd.org/@VERSION_MAJOR@/configuration + https://docs.inspircd.org/@VERSION_MAJOR@/modules + +When you are done you can run the following command to start InspIRCd: + + @BINARY_DIR@/inspircd + +If you have installed from an official package you may need to prefix this +command with `sudo -g @GROUP@ -u @USER@` to run as the correct group/user. + +You can also use one of the helper scripts in `@SCRIPT_DIR@`. diff --git a/make/template/main.mk b/make/template/main.mk index 2e036a229..8225a2bdf 100644 --- a/make/template/main.mk +++ b/make/template/main.mk @@ -250,6 +250,7 @@ endif -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) docs/conf/providers/*.example $(EXAPATH)/providers -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) docs/conf/services/*.example $(EXAPATH)/services -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) docs/sql/*.sql $(EXAPATH)/sql + -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_TXT) @CONFIGURE_DIRECTORY@/help.txt $(CONPATH) -$(INSTALL) -g @GID@ -o @UID@ -m $(INSTMODE_PRV) *.pem $(CONPATH) 2>/dev/null @echo "" @echo "*************************************" diff --git a/src/modules/m_botmode.cpp b/src/modules/m_botmode.cpp index 18c1951f9..25dd39018 100644 --- a/src/modules/m_botmode.cpp +++ b/src/modules/m_botmode.cpp @@ -25,6 +25,8 @@ #include "inspircd.h" #include "modules/ctctags.h" +#include "modules/isupport.h" +#include "modules/who.h" #include "modules/whois.h" enum @@ -60,7 +62,11 @@ class BotTag : public ClientProtocol::MessageTagProvider } }; -class ModuleBotMode : public Module, public Whois::EventListener +class ModuleBotMode + : public Module + , public ISupport::EventListener + , public Who::EventListener + , public Whois::EventListener { private: SimpleUserModeHandler bm; @@ -69,12 +75,31 @@ class ModuleBotMode : public Module, public Whois::EventListener public: ModuleBotMode() : Module(VF_VENDOR, "Adds user mode B (bot) which marks users with it set as bots in their /WHOIS response.") + , ISupport::EventListener(this) + , Who::EventListener(this) , Whois::EventListener(this) , bm(this, "bot", 'B') , tag(this, bm) { } + void OnBuildISupport(ISupport::TokenMap& tokens) override + { + tokens["BOT"] = ConvToStr(bm.GetModeChar()); + } + + ModResult OnWhoLine(const Who::Request& request, LocalUser* source, User* user, Membership* memb, Numeric::Numeric& numeric) override + { + size_t flag_index; + if (!request.GetFieldIndex('f', flag_index)) + return MOD_RES_PASSTHRU; + + if (user->IsModeSet(bm)) + numeric.GetParams()[flag_index].push_back('B'); + + return MOD_RES_PASSTHRU; + } + void OnWhois(Whois::Context& whois) override { if (whois.GetTarget()->IsModeSet(bm)) diff --git a/src/modules/m_ircv3_ctctags.cpp b/src/modules/m_ircv3_ctctags.cpp index 4b538ac07..fff38140a 100644 --- a/src/modules/m_ircv3_ctctags.cpp +++ b/src/modules/m_ircv3_ctctags.cpp @@ -21,6 +21,7 @@ #include "inspircd.h" #include "modules/cap.h" #include "modules/ctctags.h" +#include "modules/isupport.h" class CommandTagMsg : public Command { @@ -294,6 +295,7 @@ class C2CTags : public ClientProtocol::MessageTagProvider class ModuleIRCv3CTCTags : public Module , public CTCTags::EventListener + , public ISupport::EventListener { private: Cap::Capability cap; @@ -317,6 +319,7 @@ class ModuleIRCv3CTCTags ModuleIRCv3CTCTags() : Module(VF_VENDOR | VF_COMMON, "Provides the IRCv3 message-tags client capability.") , CTCTags::EventListener(this) + , ISupport::EventListener(this) , cap(this, "message-tags") , cmd(this, cap) , c2ctags(this, cap) @@ -330,6 +333,12 @@ class ModuleIRCv3CTCTags c2ctags.allowclientonlytags = ServerInstance->Config->ConfValue("ctctags")->getBool("allowclientonlytags", true); } + void OnBuildISupport(ISupport::TokenMap& tokens) override + { + if (!c2ctags.allowclientonlytags) + tokens["CLIENTTAGDENY"] = "*"; + } + ModResult OnUserPreMessage(User* user, const MessageTarget& target, MessageDetails& details) override { return CopyClientTags(details.tags_in, details.tags_out); diff --git a/src/modules/m_ojoin.cpp b/src/modules/m_ojoin.cpp index f7cf073e0..33c50959d 100644 --- a/src/modules/m_ojoin.cpp +++ b/src/modules/m_ojoin.cpp @@ -33,9 +33,11 @@ class CommandOjoin : public SplitCommand bool notice; bool op; ModeHandler* npmh; + ChanModeReference opmode; CommandOjoin(Module* parent, ModeHandler& mode) : SplitCommand(parent, "OJOIN", 1) , npmh(&mode) + , opmode(parent, "op") { access_needed = CmdAccess::OPERATOR; syntax = { "<channel>" }; @@ -73,8 +75,8 @@ class CommandOjoin : public SplitCommand // they're already in the channel Modes::ChangeList changelist; changelist.push_add(npmh, user->nick); - if (op) - changelist.push_add(ServerInstance->Modes.FindMode('o', MODETYPE_CHANNEL), user->nick); + if (op && opmode) + changelist.push_add(*opmode, user->nick); ServerInstance->Modes.Process(ServerInstance->FakeClient, channel, NULL, changelist); } return CMD_SUCCESS; @@ -123,8 +125,8 @@ class ModuleOjoin : public Module if (mycommand.active) { privs += np.GetModeChar(); - if (mycommand.op) - privs += 'o'; + if (mycommand.op && mycommand.opmode) + privs += mycommand.opmode->IsPrefixMode()->GetPrefix(); return MOD_RES_ALLOW; } diff --git a/tools/genssl b/tools/genssl index dfe821f43..930f4b1d7 100755 --- a/tools/genssl +++ b/tools/genssl @@ -85,9 +85,6 @@ my $state = prompt('What state are you located in?', 'Example State'); my $country = prompt('What is the ISO 3166-1 code for the country you are located in?', 'XZ'); my $days = prompt('How many days do you want your certificate to be valid for?', '365'); -# Contains the SSL certificate in DER form. -my $dercert; - # Contains the exit code of openssl/gnutls-certtool. my $status = 0; @@ -119,7 +116,6 @@ __GNUTLS_END__ $status ||= system "$certtool --generate-self-signed --load-privkey key.pem --outfile cert.pem --template $tmp"; $status ||= system "$certtool --generate-request --load-privkey key.pem --outfile csr.pem --template $tmp"; $status ||= system "$certtool --generate-dh-params $sec_param --outfile dhparams.pem"; - $dercert = `$certtool --certificate-info --infile cert.pem --outder` unless $status; } elsif ($tool eq 'openssl') { my $tmp = new File::Temp(); print $tmp <<__OPENSSL_END__; @@ -137,18 +133,9 @@ __OPENSSL_END__ $status ||= system "cat $tmp | openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days $days 2>/dev/null"; $status ||= system "cat $tmp | openssl req -new -nodes -key key.pem -out csr.pem 2>/dev/null"; $status ||= system 'openssl dhparam -out dhparams.pem 2048'; - $dercert = `openssl x509 -in cert.pem -outform DER` unless $status; } if ($status) { say STDERR "SSL generation failed: $tool exited with a non-zero status!"; exit 1; } - -if (defined $dercert && eval 'use Digest::SHA; 1') { - my $hash = Digest::SHA->new(256); - $hash->add($dercert); - say ''; - say 'If you are using the self-signed certificate then add this TLSA record to your domain for DANE support:'; - say "_6697._tcp." . $common_name . " TLSA 3 0 1 " . $hash->hexdigest; -} |
