During shutdown, the global list of sessions is destroyed. The new multimap
which counts sessions per address is also destroyed. However, they are destroyed
in unspecified order. This is not what we want because destructing the session
map also destroyed all the sessions which then has to access the sessions-per-ip
multimap. This obviously crashes if the multimap was already destroyed.
The fix here is to introduce a new class that contains both of those maps and
makes sure all the sessions are destroyed before the maps are destroyed
themselves. I hope this description makes some sense...
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2264 726aef4b-f618-498e-8847-2d620e286838
This commit adds a zncconfig.h to ZNC that is automatically generated by
configure. This is done because the -DPACKAGE_STRING=\"znc\ 0.097\" that
configure adds to CXXFLAGS breaks znc-buildmod.
This means that we have to include zncconfig.h as the very first header in every
C++ file that is compiled. This commit kinda cheats and instead adds this
include as the very first thing to all header files we have. This should
hopefully mean that modules don't have to include this.
Because Csocket includes defines.h too late, this commit causes znc to divert
from upstream Csocket once again. :(
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2250 726aef4b-f618-498e-8847-2d620e286838
This removes two unused methods (ResolveModule() and FillErrorPage()) and marks
some other methods const/static/protected.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2236 726aef4b-f618-498e-8847-2d620e286838
Using some module as another user didn't actually work. For user modules, the
following code stops you:
else if (!pModule->IsGlobal() && pModule->GetUser() != GetSession()->GetUser()) {
PrintErrorPage(403, "Forbidden", "You must login as " + pModule->GetUser()->GetUserName() + " in order to view this page");
For global modules this didn't work either. Once a "forced" user name was
specified, OnPageRequestInternal() stopped looking at global modules:
CModule* pModule = CZNC::Get().FindModule(m_sModName, m_sForceUser);
if (!pModule && m_sForceUser.empty()) {
[snip]
if (!pModule) {
return PAGE_NOTFOUND;
So, whatever m_sForceUser was supposed to do, it never did that.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2235 726aef4b-f618-498e-8847-2d620e286838
GetErrorPage() only generates the HTML for the error page while PrintErrorPage()
actually makes sure the error page is sent with the correct HTTP status code.
(We sent all error pages with status "200 OK"!)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2039 726aef4b-f618-498e-8847-2d620e286838
(but different ports), any web login session from ZNC #1 would overwrite the session from
ZNC #2. While doing this, also removed an unnecessary check in CHTTPSock::SendCookie and
CHTTPSock::GetRequestCookies (which doesn't transparently translate cookie names and has
never been used so far).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@2030 726aef4b-f618-498e-8847-2d620e286838
Instead of having the template files and images in /usr/share/znc/www/<mod>/,
modules now get to use /usr/share/znc/<mod>/tmpl/ and files/ for this purpose.
This puts those directories for static data to good use again and might even fix
some bugs (after all, the code for that dir is older and more tested than the
new code for www/).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1997 726aef4b-f618-498e-8847-2d620e286838
When one now finishes a web request with PAGE_DONE, the code actively calls
Close(CLT_AFTERWRITE) which one previously had to call explicitly. This means
there is finally a difference between PAGE_DONE and PAGE_DEFERRED. ;)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1981 726aef4b-f618-498e-8847-2d620e286838
Until now, the code checked for <moddir>/www/<mod name> and just used
./modules/www/<mod name> if the other dir didn't exist.
Now we calculate the correct path from the module's shared object's path, which
is the correct thing to do.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1967 726aef4b-f618-498e-8847-2d620e286838
At the beginning of lines, one uses tabs for indenting. In the middle of the
line, you use spaces. If you want two different lines to line up with each
other, you start them with the same number of tabs and use spaces for the rest
of the indenting in the "other" line.
Really, that's how one does it!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1963 726aef4b-f618-498e-8847-2d620e286838
To achieve that, split internal cookie jar into a jar for received cookies
and one for cookies that are to be sent with the response.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1840 726aef4b-f618-498e-8847-2d620e286838
When e.g. imapauth started handling a login from WebMods it opened a new TCP
connection etc. This took time, but WebMods didn't actually wait for the login
to finish which caused the login to fail later on since the HTTP socket was
already destroyed.
This fixes it by letting the HTTP sock just hang. Once the login finishes,
CHTTPSock::Redirect() is called to let it come back to life again.
Thanks to DarthGandalf for finding this issue.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1834 726aef4b-f618-498e-8847-2d620e286838
Instead of return a bool, this now returns an enum. This explains the meaning of
the returned value better and will be used in the next commit to fix a bug.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1833 726aef4b-f618-498e-8847-2d620e286838
This changes CHTTPSock so that one can handle HTTP requests asynchronously.
This is done by not forcing a page to be sent out in the caller of
OnPageRequest() but instead requiring a call to the new function
CHTTPSock::PrintPage().
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1830 726aef4b-f618-498e-8847-2d620e286838
If a user who is currently logged in to WebMods is deleted, his CWebSession
still kept a stale CUser pointer around. The next time he loaded a web page,
Bad Things(tm) happened.
This is fixed by deleting all of a user's sessions when that user is deleted.
Thanks to DarthGandalf for spotting the bug and writing the patch.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1827 726aef4b-f618-498e-8847-2d620e286838
When a CWebSock was destroyed before its CWebAuth, the CWebAuth dereferenced a
stale pointer once it was used again. Fix this by calling
CAuthBase::Invalidate() appropriately.
Thanks to DarthGandalf for finding this.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1826 726aef4b-f618-498e-8847-2d620e286838
We now use a lot more data for generating the session id which is fed to a hash
to make it impossible to attack specific parts of the input.
Also we now retry generating a new session id in the (improbable) case of
collision with an existing session id.
Thanks a lot to cnu for pointing out the weakness in the old code by stealing my
session cookie, you evil hacker!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1819 726aef4b-f618-498e-8847-2d620e286838
