Deprecate old module hooks which accept mode as unsigned char.
SWIG handles unsigned char as int, but char as a string.
Before this commit, usage of HasPerm from perl modules required this:
either $chan->HasPerm(ord('@')) or $chan->HasPerm(ord($ZNC::CChan::Op)).
Now ord() is not necessary, and these calls work too:
$chan->HasPerm('@') and $chan->HasPerm($ZNC::CChan::Op).
Fix#1486
Setting AuthOnlyViaModule on a user causes CheckPass to never return true,
causing all authentication attempts using the configured password to fail, both
on IRC connections and for webadmin. This is useful in situations where an
external module (cyrusauth, certauth, imapauth) handles authentication. Setting
the global AuthOnlyViaModule option causes similar behavior across every
user. If AuthOnlyViaModule is set to true globally, it cannot be overridden
per-user.
Close#1474Close#331
Stop hardcoding Russian in webadmin.
Limit the setting in controlpanel to the known languages, because
untrusted language code might lead to some interesting vulnerabilities.
This also alters PutClient such that the CMessage variant handles
sending messages, rather than the CString variant. As a side bonus, this
gives callers better information on whether the message was sent to the
client. Additionally, it eliminates the need for a hook to let modules
set the tags sent to a client, as that can now be done inside
OnSendToClientMessage.
Make version checks more strict.
This finishes attempt to preserve ABI between patch versions. That
didn't work well, and the people who could make it work, left the
project already.
Close#1255Close#1274Close#172
Useful for Web APIs and all other kinds of things.
API changes:
- Added public CHTTPSock::GetURI() method
- Added public CModule::ValidateWebRequestCSRFCheck() method
- Made CWebSock::GetCSRFCheck() method public so it can be accessed
from CModule
- Added public CWebSock::ValidateCSRFCheck() method
Other changes:
- Added a Sample Web API module (modules/samplewebapi.cpp) and a
simple web form with no CSRF check.
Implements feature request #1180.
Allows hooking into query buffer playback before and after all the
lines of the query buffer are replayed. The EModRet return value
has no effect at the moment, but may be used in the future to e.g.
prevent playback. The Chan version of these signals use EModRet to
skip emitting the status message, but not the whole playback.
A few different implementations of computing the current time were
spread out through the code base, most of them using gettimeofday().
This centralizes the logic in CUtil::GetTime() for easier maintenance,
and also allows all call sites to get the benefit of the clock_gettime()
code path on systems that support it.
Added the following two network-specific configuration options that can
be changed via controlpanel or webadmin:
* TrustAllCerts: Will trust ALL certificates when enabled, effectively
disabling TLS certificate validation.
Default value: false
* TrustPKI: Whether or not to trust PKI-valid certificates. Setting this
to false will make znc trust only trusted certificates added by the
user.
Default value: true
With default values, behavior is exactly the same as before.
This is based on the work of Roelf Wichertjes. See YourBNC/znc@5c747598.
See znc/znc#866.
Alexey Sokolov