Commit Graph

159 Commits

Author SHA1 Message Date
Alexey Sokolov
c46bd41037 Unix listener: chmod and change group
Fix #1955
2025-06-24 09:04:29 +01:00
KindOne
a7bfc73749 Save DisableClientCap/DisableServerCap settings.
(cherry picked from commit 0c13b2392f)
2025-06-15 08:08:23 +01:00
Alexey Sokolov
1c197a5508 Add a way to disable certain capabilities
This is a way for admins to mitigate some issues caused by caps if such issues ever arise.

E.g. add this to global level in znc.conf:

DisableClientCap = sasl
DisableServerCap = chghost
DisableServerCap = message-tags

Then these caps will be NAKed to client / not requested from server.

Note that this mechanism doesn't fully prevent a cap from being activated, e.g. one could use *send_raw module to request it from server even when disabled.
2025-05-08 21:55:40 +01:00
Alexey Sokolov
b642d92ce7 Switch integration test to mostly use unix sockets
By not using the same hardcoded number for every test, we can parallelize the test now.

There are several cases remaining where we can't easily use unix sockets (e.g. QSslSocket or imapauth module), for that ask kernel what port number is currently free to use. This is a bit racy though.
2025-04-21 00:19:46 +01:00
Alexey Sokolov
dab1127090 Add unix listener support to *status addport, delport 2025-04-19 22:17:30 +01:00
Alexey Sokolov
b952502eae Dedup code between TCP and Unix listener 2025-04-19 20:17:52 +01:00
Alexey Sokolov
b53612edab Merge branch 'master' into unix 2025-04-18 23:46:16 +01:00
Giovanni
30fbf1172c Fix host name retrieval during TLS certificate generation (#1935)
Use HOSTNAME if defined, otherwise invoke gethostname(3) if possible,
fallback to uname(2)
2025-03-16 15:43:39 +00:00
Peter
44e4b95a20 Welcome to 2025 (#1929) 2025-02-07 23:23:45 +00:00
Alexey Sokolov
78d7cc34e8 Load corecaps module when upgrading old config
This allows unloading it
2024-02-09 23:32:18 +00:00
Falk Rund
17a004aa0b Welcome to 2024
[skip ci]
2023-12-31 21:09:25 +01:00
Alexey Sokolov
a1a254bef1 Update password hashes from SHA-256 to Argon2id
These days salted SHA-256 is considered quite weak for passwords.

Transparently upgrade existing hashes upon login.

Bump cmake requirement to able to use IMPORTED_TARGET, this will allow
further cleanup in next commits.
2023-09-27 01:11:07 +01:00
Falk Rund
f9fd05c307 Welcome to 2023 2023-01-01 06:49:00 +01:00
Falk Rund
6402d241ac Welcome to 2022
The same procedure as last year, Miss Sophie?
Same procedure as every year, James.
2022-01-01 14:05:32 +01:00
Alexey Sokolov
15e2351d40 Switch --makeconf wizard from freenode to libera 2021-05-26 10:10:20 +01:00
MAGIC
99687b0f24 Welcome to 2021 2021-01-01 19:37:07 +01:00
Alexey Sokolov
15dfa8c1fd Merge branch '1.8.x' 2020-09-24 10:12:00 +01:00
Alexey Sokolov
b80d674cfc Update default SSL settings from Mozilla recommmendations
Disable TLSv1.0 and TLSv1.1 by default

Ref #1758
2020-09-24 10:10:43 +01:00
Alexey Sokolov
6ee305aa51 Merge branch '1.8.x' 2020-08-08 12:15:49 +01:00
Ujjwal Sharma
a5dde684da Extend port warning to 6697 2020-06-28 22:33:14 +05:30
Alexey Sokolov
dd42fcd209 Remove autoconf, leave only CMake 2020-05-01 23:44:19 +01:00
MAGIC
9081aa971d Welcome to 2020 2020-01-02 00:36:05 +01:00
Alexey Sokolov
8d309bbb3d Merge branch '1.7.x' 2019-03-30 16:17:59 +00:00
Alexey Sokolov
64613bc8b6 Don't crash if user specified invalid encoding.
This is CVE-2019-9917
2019-03-22 00:22:00 +00:00
Alexey Sokolov
0ab205ccfa Merge pull request #1628 from dgw/welcome-to-2019
Welcome to 2019
2019-01-08 22:50:58 +00:00
dgw
8d5427cf9b Welcome to 2019
What are we going to do today, Brain?

The same thing we do every year, Pinky: Update all the copyright
headers!

[Skip CI]
2019-01-01 17:05:05 -06:00
Pierre Gordon
6af027c5dd Normalize methods with 'UserName' to 'Username' 2019-01-01 16:19:27 -05:00
Pierre Gordon
812b27c268 Normalize variable "sUserName" to "sUsername"
Fixes #1546
2019-01-01 12:31:33 -05:00
Wolf480pl
80f9baf0a6 Fix memory leak and null dereference in CZNC::LoadUsers
Before this commit, when pUser->SetBeingDeleted(true) is executed,
pUser is an empty unique_ptr, because release() was already called
on it. Therefore, pUser->SetBeingDeleted is unidefined behaviour.

Also, AddUser only takes ownership of the passed user pointer if it
succeeds. In case of a failure, it's the caller's responsibility to
delete the user.

Fix this by keeping a raw pointer to the user, and handling it
accordingly when AddUser fails.

I have no idea whether SetBeingDeleted is necessary there, leaving it
just in case.

Maybe it would be better if we could change the semantics of
AddUser to always take ownership of the pointer,
or even take unique_ptr, but I have no idea how to adapt Python
bindings in modpython to such change.
2018-07-25 17:25:38 +02:00
Alexey Sokolov
9de990715b More translateable strings (fix #1354) 2018-04-03 22:31:20 +01:00
Alexey Sokolov
5d603b0932 Fix non-default location of znc.pem when upgrading configs from pre-1.7.
New options SSLDHParamFile and SSLKeyFile were pointing at the default
location instead of the same as SSLCertFile.

Thanks to @xelra for the report.
2018-03-15 22:14:00 +00:00
Falk Seidel
d647eaabc0 Welcome to 2018
The same procedure as last year, Miss Sophie?
The same procedure as every year, James.

[skip ci]
2018-01-19 19:38:58 +00:00
Fox Wilson
42939c998f Add "AuthOnlyViaModule" global/user setting
Setting AuthOnlyViaModule on a user causes CheckPass to never return true,
causing all authentication attempts using the configured password to fail, both
on IRC connections and for webadmin. This is useful in situations where an
external module (cyrusauth, certauth, imapauth) handles authentication. Setting
the global AuthOnlyViaModule option causes similar behavior across every
user. If AuthOnlyViaModule is set to true globally, it cannot be overridden
per-user.

Close #1474
Close #331
2017-12-22 14:23:17 +00:00
Uli Schlachter
7621a31af5 Rename AddListener() variants into AddTCPListener() and AddUnixListener
Signed-off-by: Uli Schlachter <psychon@znc.in>
2017-11-06 15:29:44 +01:00
Uli Schlachter
811f453efb Add support for listening on a unix domain socket
So far this is not integrated with ClientCommand.cpp or webadmin.cpp, so
the only way to actually use this is to hand-editing the config with a
<Listener> section like the following:

<Listener 42>
  Path = /tmp/listen
  SSL = false
</Listener>

So far this received only very basic testing. I did not even test SSL support.

Signed-off-by: Uli Schlachter <psychon@znc.in>
2017-11-02 12:05:20 +01:00
Uli Schlachter
35da5784ca Split CTCPListener from CListener
This splits up CListener into a TCP-specific class and a general class.
The intention is to later add another class inheriting from CListener
that listens on unix sockets.

Signed-off-by: Uli Schlachter <psychon@znc.in>
2017-11-02 12:03:24 +01:00
Uli Schlachter
b68fbc64a2 Move listener config writing into CListener
Signed-off-by: Uli Schlachter <psychon@znc.in>
2017-11-02 11:41:38 +01:00
Alexey Sokolov
10bfece38c Switch znc.in URLs to https 2017-05-30 22:32:01 +01:00
Fusl Dash
2e90c9ae9e Update link to Configuration wiki page 2017-05-14 08:51:48 +01:00
Phansa
3189ce7f8a Welcome to 2017
Welcome to 2017

temp

temp2
2017-03-12 20:34:26 -04:00
Alexey Sokolov
2fcde9f2e1 Fix a couple of issues pointed out by https://scan.coverity.com/ 2016-12-26 17:22:09 +00:00
Alexey Sokolov
13049e5fc3 Refactor the way how modules are loaded.
Make version checks more strict.

This finishes attempt to preserve ABI between patch versions. That
didn't work well, and the people who could make it work, left the
project already.

Close #1255
Close #1274
Close #172
2016-12-22 20:49:01 +00:00
Adam
6bde0fc270 Add config write delay setting 2016-03-26 13:34:02 -04:00
Alexey Sokolov
8eeeaf71a0 Add framework for translating ZNC to different languages 2016-01-31 20:09:19 +00:00
Alexey Sokolov
ae3eb5c219 Revert "Revert "Fix delay between receiving signal in separate thread and handling it""
This reverts commit 615d936b6c.

I forgot the condition before...
2016-01-23 11:57:48 +00:00
Alexey Sokolov
615d936b6c Revert "Fix delay between receiving signal in separate thread and handling it"
This reverts commit e14e3586e1.

Until I find what's wrong with it...
2016-01-23 11:40:43 +00:00
Alexey Sokolov
e14e3586e1 Fix delay between receiving signal in separate thread and handling it
Also this allows increasing maximum wait time in poll(), though it
doesn't matter much
2016-01-23 11:05:30 +00:00
Alexey Sokolov
561a18054c Yet another attempt to use CMake 2016-01-15 10:50:33 +00:00
Alexey Sokolov
cfa178f75e Fix build when ICU is disabled
Thanks FFForever for report
2016-01-09 21:10:44 +00:00
Alexey Sokolov
1f226d2ade Add test for #1229 and actually fix it. 2016-01-09 18:00:47 +00:00