To achieve that, split internal cookie jar into a jar for received cookies
and one for cookies that are to be sent with the response.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1840 726aef4b-f618-498e-8847-2d620e286838
It turns out that there was still another Close() hiding in CHTTPSock which made
stuff fail. However, just removing it fixes stuff.
Thanks to DarthGandalf for noticing that my fix wasn't fixing the bug that was
bugging him.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1835 726aef4b-f618-498e-8847-2d620e286838
When e.g. imapauth started handling a login from WebMods it opened a new TCP
connection etc. This took time, but WebMods didn't actually wait for the login
to finish which caused the login to fail later on since the HTTP socket was
already destroyed.
This fixes it by letting the HTTP sock just hang. Once the login finishes,
CHTTPSock::Redirect() is called to let it come back to life again.
Thanks to DarthGandalf for finding this issue.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1834 726aef4b-f618-498e-8847-2d620e286838
Instead of return a bool, this now returns an enum. This explains the meaning of
the returned value better and will be used in the next commit to fix a bug.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1833 726aef4b-f618-498e-8847-2d620e286838
This changes CHTTPSock so that one can handle HTTP requests asynchronously.
This is done by not forcing a page to be sent out in the caller of
OnPageRequest() but instead requiring a call to the new function
CHTTPSock::PrintPage().
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1830 726aef4b-f618-498e-8847-2d620e286838
Someone semi-messed-up Makefile.in and the very same guy forgot to regenerate
configure when he modified configure.in. Whooops.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1829 726aef4b-f618-498e-8847-2d620e286838
If a user who is currently logged in to WebMods is deleted, his CWebSession
still kept a stale CUser pointer around. The next time he loaded a web page,
Bad Things(tm) happened.
This is fixed by deleting all of a user's sessions when that user is deleted.
Thanks to DarthGandalf for spotting the bug and writing the patch.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1827 726aef4b-f618-498e-8847-2d620e286838
When a CWebSock was destroyed before its CWebAuth, the CWebAuth dereferenced a
stale pointer once it was used again. Fix this by calling
CAuthBase::Invalidate() appropriately.
Thanks to DarthGandalf for finding this.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1826 726aef4b-f618-498e-8847-2d620e286838
The traffic generated by it was just discarded. Now it's accounted towards a
user if one is logged in, else towards the global traffic usage.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1825 726aef4b-f618-498e-8847-2d620e286838
WebModules use CHTTPSock for the HTTP server. That class requires a CModule
instance for working since it's based on CSocket. This was solved by creating a
fake module instance which is destroyed when the socket is destroyed.
The problem here was that CSocket's destructor tried to access that module
instance which was already destroyed resulting in a use-after-free.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1824 726aef4b-f618-498e-8847-2d620e286838
Now that we have the new ServerThrottle, we should be able to live with this
higher connect rate. Connecting lots of users is still awfully slow. :(
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1822 726aef4b-f618-498e-8847-2d620e286838
We now use a lot more data for generating the session id which is fed to a hash
to make it impossible to attack specific parts of the input.
Also we now retry generating a new session id in the (improbable) case of
collision with an existing session id.
Thanks a lot to cnu for pointing out the weakness in the old code by stealing my
session cookie, you evil hacker!
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1819 726aef4b-f618-498e-8847-2d620e286838
The old code only worked when the CSmartPtr instance was at the left side of the
comparison and comparing two CSmartPtr directly resulted in a compiler error.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1818 726aef4b-f618-498e-8847-2d620e286838
Before this, --makeconf used "Listen" if you said "no" to "do you want ipv6?"
and "Listen6" else. Since yesterday, "Listen" means "v4 and v6 please" (thanks
to DarthGandalg) which means we now use "Listen4" for "no" and "Listen" else.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1817 726aef4b-f618-498e-8847-2d620e286838
"Listen6" and "Listen4" now do what the name implies and "Listen" listens on
both ipv4 and ipv6 (unless a bind host was set which forces something
different).
This also changes webadmin appropriately.
Thanks to DarthGandalf for the idea and the patch.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1816 726aef4b-f618-498e-8847-2d620e286838
Instead of just time() (which can be easily guessed by an attacker when he gets
a couple of samples of rand() results), this now also uses the current
microseconds, znc's pid and the old PRNG state for computing a seed.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1813 726aef4b-f618-498e-8847-2d620e286838
This adds support for the general CAP protocol and the multi-prefix and
userhost-in-names (NAMESX and UHNAMES) to znc. There is no module call for CAP
tokens yet, but if modules really want to "catch" capabilities, we should most
likely add one.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1812 726aef4b-f618-498e-8847-2d620e286838
Before, route_replies bypassed this function which caused "wrong" replies to
/names, because clients who didnt understand it still got NAMESX and UHNAMES
replies.
git-svn-id: https://znc.svn.sourceforge.net/svnroot/znc/trunk@1811 726aef4b-f618-498e-8847-2d620e286838
cflakes