3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-22 20:09:41 +01:00
Commit Graph

301 Commits

Author SHA1 Message Date
Shivaram Lingamneni
0a59f41cf9 add ip-check-script.exempt-sasl 2022-01-02 01:51:31 -05:00
Shivaram Lingamneni
ed75533cb1
optionally protect against multiple starts with flock (#1873)
* optionally protect against multiple starts with flock

Fixes #1823

* use traditional .lock extension

* move config key to top level
2022-01-01 18:56:40 -05:00
Shivaram Lingamneni
51d573d3c9 fix #1802
Add a config option to suppress LUSERS
2021-11-01 04:48:31 -04:00
Shivaram Lingamneni
2cae19dde5 remove unnecessary indirection in config 2021-09-19 02:09:43 -04:00
Shivaram Lingamneni
12947644e2 remove SCRAM-SHA-256 from advertised SASL mechanisms
Advertising SCRAM-SHA-256 breaks irccloud, which doesn't fall back to PLAIN
if it sees SCRAM advertised but SCRAM then fails (as is the case for any
account password hashed on Ergo 2.7 or lower).

Leave a config option for irctest to enable it in the controller.
2021-08-25 18:34:27 -04:00
Valentin Lorentz
f6f25039b7 Advertise support for multiple KICK targets
This is already implemented, but TARGMAX=KICK:1 says it isn't.

Instead, let's advertise that indefinitely many targets are allowed.
Refs:

* https://defs.ircdocs.horse/defs/isupport.html#targmax
* https://github.com/ircdocs/modern-irc/pull/112
2021-08-13 19:42:03 +02:00
Shivaram Lingamneni
e1401934df implement SCRAM-SHA-256 2021-07-30 12:20:13 -04:00
Shivaram Lingamneni
59bddd066f update draft/register -> draft/account-registration
Fixes #1740
2021-07-07 07:37:46 -04:00
Shivaram Lingamneni
0751f31b9e fix #1722
Validate operator vhosts against the configured (or default)
vhosts.valid-regexp
2021-06-29 10:06:37 -04:00
Shivaram Lingamneni
b68696eb9b fix #1714
Fix a panic if the operator class title is empty
2021-06-28 01:45:13 -04:00
Shivaram Lingamneni
4910aefa37 use ergochat/irc-go instead of goshuirc/irc-go 2021-06-18 02:43:25 -04:00
Shivaram Lingamneni
23c7218bf1 first pass at renaming Oragono to Ergo 2021-05-26 15:55:24 -04:00
Shivaram Lingamneni
7c5a8f2013 make MaxLineLen configurable 2021-05-24 00:38:47 -04:00
Shivaram Lingamneni
ba21987d03 remove draft/resume-0.5 2021-05-18 23:27:46 -04:00
Shivaram Lingamneni
2d31a16647 propagate require-sasl into tor-listeners.require-sasl 2021-04-26 10:26:16 -04:00
Shivaram Lingamneni
317720bfc8
Merge pull request #1632 from slingamn/mysql_safety
fix #1622
2021-04-25 23:14:40 -04:00
Shivaram Lingamneni
e14aace1da
Merge pull request #1635 from slingamn/pass
fix #1634 (forward-porting to master)
2021-04-25 21:34:12 -04:00
Shivaram Lingamneni
97ba1c3d63 fix #1634:
1. Fix auth bypass in the default configuration with the addition of
   server.password (the REGISTER command was allowed before connection
   registration, allowing unauthenticated users to REGISTER and then
   take advantage of skip-server-password)
2. Caution operators against the use of require-sasl without disabling
   user-initiated account registration. (Such a configuration is still valid
   in the case of a public server that requires everyone to register.)
2021-04-25 19:22:08 -04:00
Shivaram Lingamneni
5eed48c077 fix #1622
Allow users to set max MySQL connections and connection lifetime;
set a sane default for max connections if it's not present.
2021-04-23 13:54:44 -04:00
Shivaram Lingamneni
517b776b62 don't call (*Config).prepareListeners twice 2021-04-18 21:40:33 -04:00
Shivaram Lingamneni
1a5d079670 fix #1611
Allow setting the minimum TLS version
2021-04-18 21:40:33 -04:00
Shivaram Lingamneni
8dd12b0693 publish the FORWARD 005 token 2021-04-08 07:10:05 -04:00
Shivaram Lingamneni
aecb28a616 support SNI 2021-04-07 23:30:24 -04:00
Shivaram Lingamneni
f9c1a00b91 populate (tls.Certificate).Leaf 2021-04-07 22:35:54 -04:00
Shivaram Lingamneni
03185ea4a9 deprecate message truncation
Implements #1577, but the issue should remain open until we clean up
the debugging loglines.
2021-03-04 22:29:34 -05:00
Shivaram Lingamneni
29666107ab fix #1559
Improve debuggability of some config deserialization errors
2021-02-26 01:10:21 -05:00
Shivaram Lingamneni
9e25a3027a fix #1549
If history is disabled, disable the history CAPs
2021-02-21 13:25:22 -05:00
Shivaram Lingamneni
430b40fc2f upgrade go to 1.16
Fixes #1510
2021-02-17 15:14:53 -05:00
Shivaram Lingamneni
2e7cf3cc1e
Merge pull request #1496 from slingamn/jointime.1
fix #1490
2021-01-21 01:20:45 -05:00
Shivaram Lingamneni
4a48e52518 fix #1490
Track channel join times, use them to optionally enforce history access
restrictions
2021-01-20 21:13:18 -05:00
Shivaram Lingamneni
64bc363cf1 fix #1443
Improve auditability of sensitive operator actions
2021-01-19 06:45:30 -05:00
Shivaram Lingamneni
e195854851 fix #1442
strip local_ from oper capab names, also consolidate unban into ban
2021-01-19 06:45:30 -05:00
Shivaram Lingamneni
db81b15acb initial work on #1483
Add the new utf8-only cap, disallow non-utf8 when websockets are enabled
2021-01-15 06:19:13 -05:00
Shivaram Lingamneni
48166b5b4b Implement expiration for always-on clients
Fixes #810
2020-12-21 05:11:50 -05:00
Shivaram Lingamneni
45471138d2 update nick reservation docs 2020-12-08 02:11:53 -05:00
Shivaram Lingamneni
7bdbb01238 fix #1428
Tor listeners should never see an STS cap.

Add an undocumented 'hide-sts' key for listeners that hides the STS cap.
This can be used if the listener is secured at layer 3 or 4 (VPNs,
E2E mixnets). It will be necessary to add the relevant IPs to `secure-nets`.
2020-12-05 23:06:23 -05:00
Shivaram Lingamneni
3ee6fd1f6c allow overriding services hostname
Fixes #1407
2020-11-29 00:02:26 -05:00
Shivaram Lingamneni
3062f97c2b fix #1389
Support PROXY protocol v2, including ahead of plaintext connections
2020-11-19 12:31:58 -05:00
Shivaram Lingamneni
9c4b086113
Merge pull request #1355 from slingamn/invite
security enhancements for INVITE
2020-10-26 13:30:41 -07:00
Shivaram Lingamneni
42d246b557 improve security properties of INVITE
See #1171.
2020-10-25 22:09:17 -04:00
Shivaram Lingamneni
203fc580f4 fix #1049 2020-10-25 13:58:57 -04:00
Shivaram Lingamneni
cf5a426f90 fix #1346 2020-10-22 12:19:19 -04:00
Shivaram Lingamneni
bd40b46639 fix #307 2020-10-21 11:08:55 -04:00
Shivaram Lingamneni
a30e369225 add +u and +U to CHANMODES token 2020-10-20 21:24:47 -04:00
Shivaram Lingamneni
76e3d67b66 replace suppress-ident with coerce-ident 2020-10-20 13:48:19 -04:00
Shivaram Lingamneni
a37a91694c fix #1337 2020-10-19 10:52:38 -04:00
Shivaram Lingamneni
4ee97ddb43 USERHOST needs to respect hidden operators as well 2020-10-09 12:29:09 -04:00
Shivaram Lingamneni
78b2f61707 fix #1194 2020-10-09 08:03:26 -04:00
Shivaram Lingamneni
9ed789f67c fix #1075 2020-10-06 18:04:29 -04:00
Alex Jaspersen
504659abb5 Add +M (only registered/voice can speak) chanmode.
Add chanmode preventing speech to error message.

Fixes #1182.
2020-09-21 16:05:00 -07:00