287 Commits

Author	SHA1	Message	Date
Shivaram Lingamneni	2d31a16647	propagate require-sasl into tor-listeners.require-sasl	2021-04-26 10:26:16 -04:00
Shivaram Lingamneni	317720bfc8	Merge pull request #1632 from slingamn/mysql_safety ... fix #1622	2021-04-25 23:14:40 -04:00
Shivaram Lingamneni	e14aace1da	Merge pull request #1635 from slingamn/pass ... fix #1634 (forward-porting to master)	2021-04-25 21:34:12 -04:00
Shivaram Lingamneni	97ba1c3d63	fix #1634: ... 1. Fix auth bypass in the default configuration with the addition of server.password (the REGISTER command was allowed before connection registration, allowing unauthenticated users to REGISTER and then take advantage of skip-server-password) 2. Caution operators against the use of require-sasl without disabling user-initiated account registration. (Such a configuration is still valid in the case of a public server that requires everyone to register.)	2021-04-25 19:22:08 -04:00
Shivaram Lingamneni	5eed48c077	fix #1622 ... Allow users to set max MySQL connections and connection lifetime; set a sane default for max connections if it's not present.	2021-04-23 13:54:44 -04:00
Shivaram Lingamneni	517b776b62	don't call (*Config).prepareListeners twice	2021-04-18 21:40:33 -04:00
Shivaram Lingamneni	1a5d079670	fix #1611 ... Allow setting the minimum TLS version	2021-04-18 21:40:33 -04:00
Shivaram Lingamneni	8dd12b0693	publish the FORWARD 005 token	2021-04-08 07:10:05 -04:00
Shivaram Lingamneni	aecb28a616	support SNI	2021-04-07 23:30:24 -04:00
Shivaram Lingamneni	f9c1a00b91	populate (tls.Certificate).Leaf	2021-04-07 22:35:54 -04:00
Shivaram Lingamneni	03185ea4a9	deprecate message truncation ... Implements #1577, but the issue should remain open until we clean up the debugging loglines.	2021-03-04 22:29:34 -05:00
Shivaram Lingamneni	29666107ab	fix #1559 ... Improve debuggability of some config deserialization errors	2021-02-26 01:10:21 -05:00
Shivaram Lingamneni	9e25a3027a	fix #1549 ... If history is disabled, disable the history CAPs	2021-02-21 13:25:22 -05:00
Shivaram Lingamneni	430b40fc2f	upgrade go to 1.16 ... Fixes #1510	2021-02-17 15:14:53 -05:00
Shivaram Lingamneni	2e7cf3cc1e	Merge pull request #1496 from slingamn/jointime.1 ... fix #1490	2021-01-21 01:20:45 -05:00
Shivaram Lingamneni	4a48e52518	fix #1490 ... Track channel join times, use them to optionally enforce history access restrictions	2021-01-20 21:13:18 -05:00
Shivaram Lingamneni	64bc363cf1	fix #1443 ... Improve auditability of sensitive operator actions	2021-01-19 06:45:30 -05:00
Shivaram Lingamneni	e195854851	fix #1442 ... strip local_ from oper capab names, also consolidate unban into ban	2021-01-19 06:45:30 -05:00
Shivaram Lingamneni	db81b15acb	initial work on #1483 ... Add the new utf8-only cap, disallow non-utf8 when websockets are enabled	2021-01-15 06:19:13 -05:00
Shivaram Lingamneni	48166b5b4b	Implement expiration for always-on clients ... Fixes #810	2020-12-21 05:11:50 -05:00
Shivaram Lingamneni	45471138d2	update nick reservation docs	2020-12-08 02:11:53 -05:00
Shivaram Lingamneni	7bdbb01238	fix #1428 ... Tor listeners should never see an STS cap. Add an undocumented 'hide-sts' key for listeners that hides the STS cap. This can be used if the listener is secured at layer 3 or 4 (VPNs, E2E mixnets). It will be necessary to add the relevant IPs to `secure-nets`.	2020-12-05 23:06:23 -05:00
Shivaram Lingamneni	3ee6fd1f6c	allow overriding services hostname ... Fixes #1407	2020-11-29 00:02:26 -05:00
Shivaram Lingamneni	3062f97c2b	fix #1389 ... Support PROXY protocol v2, including ahead of plaintext connections	2020-11-19 12:31:58 -05:00
Shivaram Lingamneni	9c4b086113	Merge pull request #1355 from slingamn/invite ... security enhancements for INVITE	2020-10-26 13:30:41 -07:00
Shivaram Lingamneni	42d246b557	improve security properties of INVITE ... See #1171.	2020-10-25 22:09:17 -04:00
Shivaram Lingamneni	203fc580f4	fix #1049	2020-10-25 13:58:57 -04:00
Shivaram Lingamneni	cf5a426f90	fix #1346	2020-10-22 12:19:19 -04:00
Shivaram Lingamneni	bd40b46639	fix #307	2020-10-21 11:08:55 -04:00
Shivaram Lingamneni	a30e369225	add +u and +U to CHANMODES token	2020-10-20 21:24:47 -04:00
Shivaram Lingamneni	76e3d67b66	replace suppress-ident with coerce-ident	2020-10-20 13:48:19 -04:00
Shivaram Lingamneni	a37a91694c	fix #1337	2020-10-19 10:52:38 -04:00
Shivaram Lingamneni	4ee97ddb43	USERHOST needs to respect hidden operators as well	2020-10-09 12:29:09 -04:00
Shivaram Lingamneni	78b2f61707	fix #1194	2020-10-09 08:03:26 -04:00
Shivaram Lingamneni	9ed789f67c	fix #1075	2020-10-06 18:04:29 -04:00
Alex Jaspersen	504659abb5	Add +M (only registered/voice can speak) chanmode. ... Add chanmode preventing speech to error message. Fixes #1182.	2020-09-21 16:05:00 -07:00
Shivaram Lingamneni	6a0d11d449	make roleplay.enabled default to false when unset ... See #1240.	2020-09-16 11:32:52 -04:00
Shivaram Lingamneni	1a98a37a75	scripting API for IP bans ... See discussion on #68.	2020-09-14 04:28:12 -04:00
Shivaram Lingamneni	af056f26a9	fixes and refactoring	2020-09-09 05:35:04 -04:00
Shivaram Lingamneni	8102d1ddb6	Merge remote-tracking branch 'origin/master' into master+relaymsg	2020-09-09 03:55:41 -04:00
Shivaram Lingamneni	307adba8bd	fix #1213	2020-09-07 06:00:53 -04:00
Shivaram Lingamneni	20fcbe5147	remove stray references to timeout enforcement ... These should have been removed in #1027.	2020-08-25 14:11:13 -04:00
Shivaram Lingamneni	6628a3d1c6	fix #1244	2020-08-23 18:11:10 -04:00
Shivaram Lingamneni	df8be72c6f	move StringSet to utils package	2020-08-04 21:54:03 -04:00
Shivaram Lingamneni	9000383f88	Move config errors to call sites ... Since allocating them is rare.	2020-08-03 12:55:52 -04:00
Shivaram Lingamneni	32c58c1e1f	fix #1190	2020-07-17 04:19:33 -04:00
Shivaram Lingamneni	0a6c1f7cc6	Merge pull request #1189 from slingamn/tagmsg_storage.1 ... make TAGMSG storage configurable	2020-07-12 10:57:00 -07:00
jesopo	518b21e5aa	implement WHOX	2020-07-11 16:45:02 +01:00
Shivaram Lingamneni	bca3dd0b41	make TAGMSG storage configurable	2020-07-09 20:17:50 -04:00
Shivaram Lingamneni	0b0b1499b0	fix #1167	2020-07-01 04:20:27 -04:00