From 3cca1e2c39815a0c620d34a55a32caced59fa26a Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 18 Apr 2021 20:03:17 -0400 Subject: [PATCH 1/6] fix #1619 Clean up channels during unregistration if necessary. --- irc/channelmanager.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/irc/channelmanager.go b/irc/channelmanager.go index 72ce0183..671020e3 100644 --- a/irc/channelmanager.go +++ b/irc/channelmanager.go @@ -176,6 +176,10 @@ func (cm *ChannelManager) maybeCleanup(channel *Channel, afterJoin bool) { return } + cm.maybeCleanupInternal(cfname, entry, afterJoin) +} + +func (cm *ChannelManager) maybeCleanupInternal(cfname string, entry *channelManagerEntry, afterJoin bool) { if afterJoin { entry.pendingJoins -= 1 } @@ -288,6 +292,9 @@ func (cm *ChannelManager) SetUnregistered(channelName string, account string) (e entry.skeleton = skel cm.chans[cfname] = entry } + // #1619: if the channel has 0 members and was only being retained + // because it was registered, clean it up: + cm.maybeCleanupInternal(cfname, entry, false) } return nil } From fed002d11aed78b431ed0ccada2e2572a5d371c3 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 18 Apr 2021 20:06:00 -0400 Subject: [PATCH 2/6] fix #1618 Allow snomasks to be added via oper config block, even if the oper doesn't have `ban` or `snomasks` and therefore can't add snomasks on their own. --- irc/modes.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/irc/modes.go b/irc/modes.go index 414a8ebd..9d95966f 100644 --- a/irc/modes.go +++ b/irc/modes.go @@ -86,7 +86,7 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool, if len(addMasks) != 0 { oper := client.Oper() // #1176: require special operator privileges to subscribe to snomasks - if oper.HasRoleCapab("snomasks") || oper.HasRoleCapab("ban") { + if force || oper.HasRoleCapab("snomasks") || oper.HasRoleCapab("ban") { success = true client.server.snomasks.AddMasks(client, addMasks...) } From eb2dfa78c9388d2d55611d348a551b5d172d14aa Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 18 Apr 2021 20:18:02 -0400 Subject: [PATCH 3/6] fix #1617 Prevent LUSERS stats from getting out of sync when modes are modified on offline clients. --- irc/modes.go | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/irc/modes.go b/irc/modes.go index 9d95966f..c4c4beb7 100644 --- a/irc/modes.go +++ b/irc/modes.go @@ -32,6 +32,9 @@ var ( // to confirm that the client actually has a valid operclass) func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool, oper *Oper) modes.ModeChanges { applied := make(modes.ModeChanges, 0) + // #1617: if the user is offline, they are not counted in LUSERS, + // so don't modify the LUSERS stats for +i or +o. + present := len(client.Sessions()) != 0 for _, change := range changes { if change.Mode != modes.ServerNotice { @@ -42,9 +45,9 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool, } if client.SetMode(change.Mode, true) { - if change.Mode == modes.Invisible { + if change.Mode == modes.Invisible && present { client.server.stats.ChangeInvisible(1) - } else if change.Mode == modes.Operator { + } else if change.Mode == modes.Operator && present { client.server.stats.ChangeOperators(1) } applied = append(applied, change) @@ -53,11 +56,13 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool, case modes.Remove: var removedSnomasks string if client.SetMode(change.Mode, false) { - if change.Mode == modes.Invisible { + if change.Mode == modes.Invisible && present { client.server.stats.ChangeInvisible(-1) } else if change.Mode == modes.Operator { removedSnomasks = client.server.snomasks.String(client) - client.server.stats.ChangeOperators(-1) + if present { + client.server.stats.ChangeOperators(-1) + } applyOper(client, nil, nil) if removedSnomasks != "" { client.server.snomasks.RemoveClient(client) From 1a5d079670d1305528cd0c7b8766ea51c9400a40 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 18 Apr 2021 20:31:11 -0400 Subject: [PATCH 4/6] fix #1611 Allow setting the minimum TLS version --- default.yaml | 2 ++ irc/config.go | 20 ++++++++++++++++++++ traditional.yaml | 2 ++ 3 files changed, 24 insertions(+) diff --git a/default.yaml b/default.yaml index 87a91a57..c97a2b84 100644 --- a/default.yaml +++ b/default.yaml @@ -58,6 +58,8 @@ server: # always send a PROXY protocol header ahead of the connection. See the # manual ("Reverse proxies") for more details. proxy: false + # set the minimum TLS version: + min-tls-version: 1.2 # Example of a Unix domain socket for proxying: # "/tmp/oragono_sock": diff --git a/irc/config.go b/irc/config.go index d421a073..769aba0b 100644 --- a/irc/config.go +++ b/irc/config.go @@ -59,6 +59,7 @@ type listenerConfigBlock struct { TLS TLSListenConfig // SNI configuration, with multiple certificates: TLSCertificates []TLSListenConfig `yaml:"tls-certificates"` + MinTLSVersion string `yaml:"min-tls-version"` Proxy bool Tor bool STSOnly bool `yaml:"sts-only"` @@ -881,10 +882,29 @@ func loadTlsConfig(config listenerConfigBlock) (tlsConfig *tls.Config, err error result := tls.Config{ Certificates: certificates, ClientAuth: clientAuth, + MinVersion: tlsMinVersionFromString(config.MinTLSVersion), } return &result, nil } +func tlsMinVersionFromString(version string) uint16 { + version = strings.ToLower(version) + version = strings.TrimPrefix(version, "v") + switch version { + case "1", "1.0": + return tls.VersionTLS10 + case "1.1": + return tls.VersionTLS11 + case "1.2": + return tls.VersionTLS12 + case "1.3": + return tls.VersionTLS13 + default: + // tls package will fill in a sane value, currently 1.0 + return 0 + } +} + func loadCertWithLeaf(certFile, keyFile string) (cert tls.Certificate, err error) { // LoadX509KeyPair: "On successful return, Certificate.Leaf will be nil because // the parsed form of the certificate is not retained." tls.Config: diff --git a/traditional.yaml b/traditional.yaml index 47601ac4..92d95728 100644 --- a/traditional.yaml +++ b/traditional.yaml @@ -32,6 +32,8 @@ server: # always send a PROXY protocol header ahead of the connection. See the # manual ("Reverse proxies") for more details. proxy: false + # optionally set the minimum TLS version (defaults to 1.0): + # min-tls-version: 1.2 # Example of a Unix domain socket for proxying: # "/tmp/oragono_sock": From 517b776b626b7c4e4750406c97dad0568ca139f0 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 18 Apr 2021 21:38:56 -0400 Subject: [PATCH 5/6] don't call (*Config).prepareListeners twice --- irc/config.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/irc/config.go b/irc/config.go index 769aba0b..1e7e8686 100644 --- a/irc/config.go +++ b/irc/config.go @@ -1497,11 +1497,6 @@ func LoadConfig(filename string) (config *Config, err error) { return nil, err } - err = config.prepareListeners() - if err != nil { - return nil, fmt.Errorf("failed to prepare listeners: %v", err) - } - // #1428: Tor listeners should never see STS config.Server.supportedCapsWithoutSTS = caps.NewSet() config.Server.supportedCapsWithoutSTS.Union(config.Server.supportedCaps) From 3e05502c3f66d7ad69d9cbd7fca4e3cc2abad384 Mon Sep 17 00:00:00 2001 From: Shivaram Lingamneni Date: Sun, 18 Apr 2021 23:16:37 -0400 Subject: [PATCH 6/6] bump irctest to latest --- irctest | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/irctest b/irctest index 5e622a34..322cb7ae 160000 --- a/irctest +++ b/irctest @@ -1 +1 @@ -Subproject commit 5e622a34d38be329aec98b3b983a239fe3e1b4b7 +Subproject commit 322cb7ae26a2a94a0daec5458373319fa4e0e743