Setting AuthOnlyViaModule on a user causes CheckPass to never return true,
causing all authentication attempts using the configured password to fail, both
on IRC connections and for webadmin. This is useful in situations where an
external module (cyrusauth, certauth, imapauth) handles authentication. Setting
the global AuthOnlyViaModule option causes similar behavior across every
user. If AuthOnlyViaModule is set to true globally, it cannot be overridden
per-user.
Close#1474Close#331
Stop hardcoding Russian in webadmin.
Limit the setting in controlpanel to the known languages, because
untrusted language code might lead to some interesting vulnerabilities.
I noticed that the default network flood rates are wrong (for most
networks). It has been very standard since the beginning of IRC to use a
value of 2 seconds per line, with a 10 line head start. Almost all
networks work this way, and if you don't follow, having a lot of
channels or a lot of clients connected to ZNC results in excess flood
disconnections and much frustration for the user.
I think you should make the default value for these 2 and 9 instead of 1
and 4 so that this nasty bug doesn't hit people who will not know how to
debug it. You find these same types of settings built into every IRC
client. 2 and 10 is the standard. 2 and 9 provides a slight buffer so
there is no mistake.
Thanks
-Rubin
Close#1416
Added the following two network-specific configuration options that can
be changed via controlpanel or webadmin:
* TrustAllCerts: Will trust ALL certificates when enabled, effectively
disabling TLS certificate validation.
Default value: false
* TrustPKI: Whether or not to trust PKI-valid certificates. Setting this
to false will make znc trust only trusted certificates added by the
user.
Default value: true
With default values, behavior is exactly the same as before.
This is based on the work of Roelf Wichertjes. See YourBNC/znc@5c747598.
See znc/znc#866.
The previous fix (5e6e3be3) left a possibility to use-after-delete,
though it has been much harder to accidentally trigger.
If AddChan(pChan) fails, it deletes pChan, so the new crash was
happening during showing of error message.
Test for this is at master branch: 9777a1a667
Thanks to https://scan.coverity.com/ for pointing at this.
This reverts commits 27d78795a7 and
f27109f1b4. It was decided that the
functionality is provided by a separate module instead, to avoid
unnecessarily bloating the core.
Let add users via the list of users in the similar manner it’s
done for networks. It’s evidently an extra step to add a user,
but on the other hand it gives a nice overview of the users
when adding new ones, and leads to less clutter in the sidebar.
