GitLab

GCC parses literal code comments of the form /* FALLTHROUGH */ but
Clang does not; this statement attribute is a more concrete declaration
of intent supported by both compilers, and yet still readable by humans.

Supported since at least Clang v5, and since GCC v7.1.

Add the new statement attribute where missing to the codebase to finally
silence the unannotated fallthrough warnings emitted during Clang build.

Original commit by @lstarnes1024, edited by @aaronmdjones to further
remove the flag that it depended on, now that it has no use. Shuffling
the other flag up after it is okay because the only user of this flag
is saslserv/main, and reloading that will reload all other saslserv
modules anyway, so there is no ABI concern.

cf. https://github.com/atheme/atheme/issues/701
cf. https://github.com/atheme/atheme/pull/702/commits/2a446dd628ae9bf133b8

Closes #701
Closes #702

As pointed out in [1], the output of git-log(1) is not reliable,
depending on user configuration.

[1] https://github.com/atheme/atheme/issues/692#issuecomment-642976034

[ci skip]

cf. https://github.com/atheme/libmowgli-2/pull/49

[ci skip]

random_string() was changed to use a wider alphabet in commit
659dfb78, but the lengths of its consumers were not.

Bump these from 12 to 16 characters for even more prediction
resistance. I'm hesitant to go even further because people may
have to end up typing these out on mobile devices or such.

I cannot in my right mind fathom why Debian 9 ships with a 4-year-old
version of a cryptographic library, and not even a backport of a newer
version available, but it does, and there isn't.

This fixes building modules/crypto/argon2 on Debian 9.

Providing an empty action-if-not-found argument for PKG_CHECK_MODULES
doesn't stop ./configure from aborting. Actually do something (with no
effect) instead; we don't require any of these libraries.

This allows the configure script to succeed on a freshly-installed
machine without the libraries in question installed.

Further, warn the user that pkg-config is missing if it is. This is
necessary for a lot of the library detection tests, unless the user
manually specifies LIBFOO_CFLAGS and LIBFOO_LIBS on the ./configure
command-line, which we don't want to encourage, and is provided only
for compatibility with weird operating systems that install libraries
into paths that its toolchain does not look for libraries in.

[ci skip]

Also fix the loglevel of the message about creation.

Closes #696

nickserv/info: Make private last-seen times more private

The previous approach rounded the elapsed time down to weeks, which does
reduce the resolution of last seen times to a week over one observation.
Unfortunately, if we're allowed multiple observations, we can zero in on
the time the low-resolution clock ticks over.

The solution used here is to reduce the resolution of the last-seen time
itself. Since the time is not changing, this happens the same way each
time, and subsequent observations reveal no information. This is not
perfect on its own: it discloses high-resolution information about users
who were last seen at the beginning of the current Atheme week, since
they couldn't have been last seen in the future. We deal with this by
representing both 0- and 1-week differences as "less than two
weeks ago".

Finally, this is of limited value as long as we reveal the
high-resolution fact that a user is online now. We dispense with this
and show an obfuscated time for private users regardless of
logged-in status.

Suggested-by: Nicole Kleinhoff <ilbelkyr@atheme.services>

[ci skip]

During an saslserv/main reload, some modules (such as SCRAM) can end up
registering their mechanisms twice. We should ignore that; it pollutes
the mechanism list propagated to servers.

[ci skip]

When a client tries to login with e.g. SCRAM-SHA-512 but their database
credentials were calculated with SHA2-256, indicate to the client that
SCRAM-SHA-256 is the only acceptable SASL SCRAM method for login. This
is done by recalculating a new SASL mechanism list, against a list of
mechanisms to /avoid/ putting into the list, and then sending that list
to the client (but not telling servers to set their general mechanism
list to it, as that would affect other clients). The list of mechanisms
to avoid is calculated based on the database credentials, which we only
know after receiving a username from the client.

As an aside, I am rather disappointed with the design of SCRAM, in
particular its choice to leave negotiation of digest algorithm out of
band. This would be much cleaner if the mechanism was just named "SCRAM"
(or "SCRAM-PLUS"), and the server could indicate (in the server's first
message) which digest algorithm the client should use to calculate
SaltedPassword, ClientKey, & ServerKey. As it stands, we can only fail
the mechanism if the digest algorithm implied by the SASL mechanism name
doesn't match the digest algorithm used to calculate the database
credentials, and then hope that the client eventually falls back to the
correct mechanism.

This commit aids that fallback process for IRCv3.1 networks (IRCv3.2
networks will have the full mechlist as a value of the sasl= capability,
so clients always know which mechanisms it should try). To that end, we
also put a note in the documentation that deploying SCRAM on IRCv3.1
networks is discouraged.

This was identified by excercising the new bcrypt encryption functionality
introduced in the previous commit.

Since this is the algorithm backing the crypt3-openbsd module, remove
that too.

Some code taken from OpenBSD libc, attribution and licence preserved.

This removes the -t and -T command-line options from atheme-services and
adds a -T option to the crypto benchmark utility. Atheme proper now un-
conditionally requires the digest testsuite to pass (because libathemecore
itself uses the Digest API), with no option to skip it. CI builds can now
invoke the testsuite from the crypto benchmarking utility.

This does not rename the modules themselves; you still load them with the
standard modules/crypto/ prefix. This is just to tidy up the source tree.

This also removes the modules/crypto/posix compatibility module. Please
see the Password Hashing Modules section of dist/atheme.conf.example if
you still use this module on v7.2 or older, for migration instructions.

Finally, document the ./configure options necessary to have each module
built, and elaborate on the distinction between pbkdf2 and pbkdf2v2.

This is a default off option; its help string should be enable.

[ci skip]

We shouldn't do all the NLS checks before parsing --enable-nls; it should
be the other way around: only do the checks if --enable-nls=yes was given.

Since all but one of our translations are currently broken, also change
the default from yes to no. This can be revisited after our translations
are brought up to scratch.

This is not necessarily SHA; we support verifying with MD5 too, and might
support non-SHA in the future.

[ci skip]

The libgettextpo-dev package no longer seems to pull this in.

[ci skip]

[ci skip]

This is what we do in all the other library test files.

[ci skip]

Group lines by category, indent them some more, indicate which SASL
mechanisms are going to be built (some are always built, so this output
won't change, but they're just there for consistency's sake...).

Good news for all of those stuck in 1995: Aside from the build variables
(CC/CFLAGS/CPPFLAGS/LDFLAGS/LIBS), it all still fits into 80 columns, so
your VGA console can render it just fine.

This file tests whether we can use the clock_gettime(3) function, and
whether we need to link against -lrt to do so (as on older GNU libc...)

However, the functionality we're actually looking for is clock_gettime(3),
not whether we need -lrt or not, so don't name it after the library we
might need, but rather after the function we do need.

Silences two harmless unused macro diagnostics.

[ci skip]

This looks *MUCH* better, and is also much more maintainable.

Also document, in libathemecore/memory_frontend.c, where various memory
comparison and wiping functions originated, and clean up some other
miscellaneous things.

These C library functions are present in NetBSD v7.0+ and possibly other
C libraries. On NetBSD they both require only <string.h>, which we
already include (by way of <atheme/stdheaders.h>).

Also move the preprocessor warning directive down to where it is actually
needed.

This puts them in a dedicated file, where they can live in peace and not
pollute the rest.

We also put needed things once per line, even if it is a bit more verbose,
it saves us having to re-wrap lines when we add or remove something.

- Explain the ./configure argument to force GNU libidn to be available
  and what to look for when it prints its configuration.

- Reorder mechanisms in order of strength when asking to decide.

- Clarify that regular PBKDF2 credentials definitely allow impersonation,
  and that this is why the SCRAM module does nothing if this style of
  credentials is being used.

- Move loadmodule advice to next to eachother.

- Space everything out a bit more for readability.

- Directly discourage uncommenting the SCRAM loadmodule line in the
  example configuration file without having read the documentation.

Also denote lack of need for zeroing potentially-sensitive information.