"Listen6" and "Listen4" now do what the name implies and "Listen" listens on
both ipv4 and ipv6 (unless a bind host was set which forces something
different).
This also changes webadmin appropriately.
Thanks to DarthGandalf for the idea and the patch.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1816 726aef4b-f618-498e-8847-2d620e286838
This broke webadmin, changed CString::Token()'s behavior possibly breaking a lot
of stuff just before a release and added an unused config entry.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1748 726aef4b-f618-498e-8847-2d620e286838
If a module like imapauth needs some time to process a login, it's possible that
the client already disconnected by the time the lookup finished. This would then
cause a stale pointer in CAuthBase to be dereferenced.
Fix this remotely exploitable crash bug by adding a new function
CAuthBase::Invalidate(). After this was called, the CAuthBase instance doesn't
do anything at all anymore, especially not dereferencing the (possibly stale)
m_pSock pointer.
This also makes sure that one can only call AcceptLogin() or RefuseLogin() once.
Thanks to Sm0ke0ut for providing backtraces and reporting this bug.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1669 726aef4b-f618-498e-8847-2d620e286838
webadmin loaded a user's modules before it set its admin flag - fix this by
changing the order.
webadmin failed at setting a new user's admin flag. This is fixed too.
Thanks to DarthGandalf for reporting this.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1625 726aef4b-f618-498e-8847-2d620e286838
This imports the sha256 code from http://www.ouah.org/ogay/sha2/ (The other
hashes from sha-2 were removed). sha256 is a much stronger hashing algorithm
than md5 is (There were successful birthday attacks against md5).
All the code now defaults to creating sha256 salted hashes (The salting used is
the same as before).
Old znc.conf files can still be read.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1618 726aef4b-f618-498e-8847-2d620e286838
When webadmin "grabs" HTTP connections from the IRC port, it moves the
underlying connection to its own socket class and copies all of the settings
from the old socket to this new one.
One of the properties that is copied is the MaxBufferThreshold which is 1024 for
IRC sockets, but which should be 10240 webadmin sockets (CSocket::CSocket()).
This could theoretically cause bugs like the "blank page in firefox" reported by
kaiz0ku.
Anyway, this is hopefully fixed by setting the 10k MaxBufferThreshold again.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1617 726aef4b-f618-498e-8847-2d620e286838
The directory prefix checking which prevents path traversal exploits had a logic
error that made it always fail.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1574 726aef4b-f618-498e-8847-2d620e286838
A common pattern for checking directories in ZNC is the following:
sAbsolutePath = CDir::ChangeDir(sAllowedPath, sFile);
if (sAbsolutePath.Left(sAllowedPath.length()) != sAllowedPath)
Error;
But there is a problem: If sAllowedPath doesn't end with a slash, we are
vulnerable to an attack. If e.g. sAllowedPath = "/foo/bar", then
sFile = "../bartender" would result in sAbsolutePath = "/foo/bartender". Since
this path does begin with sAllowedPath, the code allowed it.
There shouldn't be any places where this can be exploited currently, but it is
still a security bug (path traversal).
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1569 726aef4b-f618-498e-8847-2d620e286838
r1481 moved the /img/ subdir into /data/, but forgot to fix the path which
is used for the favicon, which meant we generated a 404 for the favicon.
Fix this by using the correct path and everyone is happy again.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1524 726aef4b-f618-498e-8847-2d620e286838
This moves all static webadmin files (images, css) to the data/ subdirectory
of the skin dir. The webadmin module is changed to redirect requests to
/<skin name>/ to that data directory. The skins are changed to use the
new URL when linking to their stuff. (I only needed to change the path to
the main.css file in each Header.tmpl. Since the .css and the images are now
in the same directory, relative URLs work just fine).
This means that we now generate different URLs after changing the webadmin
skins and the browser cache can do its thing.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1481 726aef4b-f618-498e-8847-2d620e286838
One needs to be admin to change the current skin dir, but it still sounds
like a good idea to be careful...
Plus, this wont deny symlinks anyway!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1412 726aef4b-f618-498e-8847-2d620e286838
There was a bug in webadmin which allowed any users to write arbitrary strings
to znc.conf by setting e.g. their quit message to:
Some quit message
Admin = true
LoadModule = shell
</User>
ISpoofFile = /home/<user>/.ssh/authorited_keys
ISpoofFormat = <some ssh key>
<User a>
(The newlines must be sent as newlines to webadmin)
This commit fixes this by stripping all newlines from all the data fields
by default. Since some fields (e.g. CTCPReplies and Servers) do need newlines,
there is a new function CHTTPSock::GetRawParam() which doesn't do the stripping.
Thanks to cnu for finding and reporting this bug.
Thanks to kroimon for patch review.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1395 726aef4b-f618-498e-8847-2d620e286838
This breaks CAuthBase's API for modules that want to auth users.
Instead of overloading AcceptLogin() and RefuseLogin(), they now have to
overload AcceptedLogin() and RefusedLogin().
Modules that auth users (e.g. imapauth) still call AcceptLogin() and
RefuseLogin() which is where OnFailedLogin() gets called.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1389 726aef4b-f618-498e-8847-2d620e286838
The stuff in CUtils::GetHashPass() and CUtils::GetSaltedHashPass() shouldn't
hurt, since we don't do such stuff in other places for passwords either.
This should improve the readability of the code a lot.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1324 726aef4b-f618-498e-8847-2d620e286838
Now every module that uses CSocket automatically gets its generated traffic
counted. Those which use Csock directly should be shot and burried anyway ;)
This adds CModule::IsGlobal().
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1283 726aef4b-f618-498e-8847-2d620e286838
I just got this: (binding to ::1 on an ipv4-only build)
Module [webadmin] aborted: Could not bind to port 8080: No such file or directory
Module [webadmin] aborted: Could not bind to port 8080: Success
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1259 726aef4b-f618-498e-8847-2d620e286838
This also changes the layout of the default skin a little, because it was
a little messed up. I still don't like the result, but meh, send patches!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1187 726aef4b-f618-498e-8847-2d620e286838
This should hopefully fix a couple of 'Excess flood' problems we were having.
Thanks to SilverLeo for finally writing this :P
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1177 726aef4b-f618-498e-8847-2d620e286838
This also removes all the code catching those exceptions. There was nothing
which justified these exceptions and removing them doesn't hurt.
ByeBye CException::EX_BadModVersion
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1137 726aef4b-f618-498e-8847-2d620e286838
auth modules = imapauth and saslauth
Some code in CWebAdminSock::OnLogin() is skipped if a module handles auth
and thus m_pUser stays NULL. Most checks for admin rights only check for
m_pUser being NULL and thus any user WHO ALREADY HAS A VALID LOGIN can edit
other users if they know their user name.
(=Change the password of an admin and log in using this info)
One of the major excpeptions are the templates which use m_bAdmin instead of
m_pUser for checking the privieleges, thus users still see the normal pages
and this bug stayed unnoticed for a while.
This patch now moves the code that sets m_pUser to some code which is executed
in both cases, when an auth module is in effect and when one isn't.
(Well, technically this isn't a move, but code duplication, but executing this
twice won't hurt and one of the follow-up patches cleans this up.)
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1113 726aef4b-f618-498e-8847-2d620e286838
In r1058 the behaviour of CUser::Clone() was changed. It now also handles the
channel settings. This change breaks webadmin, because it doesn't properly
set up the channels it feeds to CUser::Clone()
This commit 'fixes' this by adding an extra parameter to CUser::Clone() which
makes it revert to the old behaviour. Webadmin uses this parameter.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1074 726aef4b-f618-498e-8847-2d620e286838
psychon