1. 22 Mar, 2021 1 commit
  2. 15 Feb, 2021 1 commit
  3. 14 Feb, 2021 1 commit
    • Nicole Kleinhoff's avatar
      chanserv: add default_mlock option · 4691a167
      Nicole Kleinhoff authored
      This allows the default mlock to be configured without the requirement
      for a module like contrib/mlocktweaker. Notably, unlike that module,
      this option overrides the default mlock of +nt; in particular, this
      makes it possible to remove these default entires entirely instead of
      having to overwrite them with a -n or -t entry.
      As with contrib/mlocktweaker, currently only simple modes (without a
      parameter) are supported. Additionally, the behaviour of locking -lk
      unless a limit/key is already set is preserved and cannot currently be
      configured (not even by explicitly specifying these in the default mlock
      as they both take a parameter).
      Fixes #602, with the above caveats.
  4. 11 Feb, 2021 2 commits
    • Aaron Jones's avatar
    • Aaron Jones's avatar
      libathemecore/conf.c: process loadmodule lines relatively · 7d3d3925
      Aaron Jones authored
      module_load() already handles the case of a relative module name;
      it is, after all, what is passed to MODULE_TRY_REQUEST_DEPENDENCY
      and MODULE_TRY_REQUEST_SYMBOL. In that case, it prepends the
      module installation prefix and "modules/" to the path given,
      emitting a "translated x to y" debug-level message in the process
      which describes the corresponding absolute path it chose to use.
      However, the configuration parser for loadmodule lines was
      duplicating some of this logic; prepending the module installation
      prefix (only). This means that all loadmodule lines would have to
      be prefixed with "modules/" since the loadmodule parser was not
      doing that. It also means that when loading modules as a result of
      encountering a loadmodule line, there is no translation performed
      and no corresponding debug message, as opposed to encountering a
      module dependency. This makes it harder to follow what's going on.
      It also looks slightly uglier, because the "loading" line is using
      an absolute path in this case, cluttering the debug output.
      Because module_load() is already doing some of this logic for us,
      just pass the raw name to it. This means the configuration file
      will have to have loadmodule lines without "modules/" in the path.
      This simplifies the code, makes logging nicer, reduces the size of
      the example configuration file by more than 4k, enables all of the
      lines in the example configuration file to fit within 80 columns,
      and enables circular module dependencies to be caught more reliably
      and even earlier in some circumstances; it is now only processing
      path names, as opposed to having to error out much later, at
      comparing the published names from the MAPI header after opening it.
      Existing loadmodule lines that contain absolute paths will continue
      to work. This also means that absolute paths can be provided on
      Windows now; the previous code only tested if it started with "/".
      Lines which contain relative paths will need to have the "modules/"
      prefix stripped from them. Instructions are provided in NEWS.md.
  5. 30 Dec, 2020 1 commit
  6. 12 Dec, 2020 1 commit
  7. 22 Oct, 2020 1 commit
    • Aaron Jones's avatar
      modules/hostserv/request: small bugfixes, two new small features · 2a4c04d3
      Aaron Jones authored
      - Fix memory leaks when removing a vhost request from the outstanding
        requests list. Also consolidate the code responsible for this into
        one function, to save having to repeat it 6 times.
      - Add a silent rejection feature. If a rejection reason is provided,
        and it is the string "SILENT", no memos or notices will be sent to
        the user whose vhost is being rejected.
      - Add an option restricting users from making a subsequent vhost
        request until they no longer have an outstanding request that has
        yet to be accepted or rejected.
  8. 18 Feb, 2020 2 commits
    • Aaron Jones's avatar
      modules/crypto/: add extended-key-setup blowfish (bcrypt) support · d9187a0f
      Aaron Jones authored
      Since this is the algorithm backing the crypt3-openbsd module, remove
      that too.
    • Aaron Jones's avatar
      modules/crypto/: move legacy modules to subdirectory · a910d094
      Aaron Jones authored
      This does not rename the modules themselves; you still load them with the
      standard modules/crypto/ prefix. This is just to tidy up the source tree.
      This also removes the modules/crypto/posix compatibility module. Please
      see the Password Hashing Modules section of dist/atheme.conf.example if
      you still use this module on v7.2 or older, for migration instructions.
      Finally, document the ./configure options necessary to have each module
      built, and elaborate on the distinction between pbkdf2 and pbkdf2v2.
  9. 26 Jan, 2020 1 commit
    • Aaron Jones's avatar
      Entire codebase: Clean up Makefiles and assorted build system stuff · 8f1afa5d
      Aaron Jones authored
      - Add a license header to Makefiles (and the files they include)
        where missing, and indicate who has modified each Makefile based on
        the Git history. This was overlooked by commit 507f4911.
      - Add myself to the copyright headers in Makefiles that I have heavily
        modified; mostly during my work over the last 2 years on refactoring
        and cleaning up the entire build system.
      - Relicense Makefiles I have entirely (re)written to CC0-1.0, i.e. now
        Public Domain.
      - Always include extra.mk first, then define any non-additive variables
        that buildsys.mk depends on for dependency tracking, then include
        buildsys.mk and, if needed, buildsys.module.mk, before adding to any
        variables those would have defined.
      - Add missing test for the preprocessor to configure.ac
        buildsys.mk.in was relying on this being set
      - Don't use ${PACKAGE} in includesubdir because the header files
        themselves have a hardcoded "atheme/" inclusion of other headers.
      - Don't add '-I.' to CPPFLAGS; the compiler always looks in the current
        directory first for #include "foo.h" style directives.
      - Use ${foo} instead of $(foo) in Makefiles; make allows either form,
        and treats them identically, except when you mix () and {} in some
        expressions, so settle on a single set of braces now.
      - Break long lists of sources / libraries / flags into a list of one per
        line, indent and align with spaces instead of tabs so that it still
        renders the same for people who change the tab width in their editor,
        and align the line-continuation marker to a column not a multiple of 8
        to immediately discourage most future additions that use tabs.
      - Alphabetise some erroneously-overlooked source file lists in Makefiles,
        particularly modules/nickserv/Makefile.
      - Use $@ in Makefiles where possible to avoid using redundant filenames
      - Test for -Wno-format-zero-length to hide a harmless diagnostic
        introduced during the addition of translation support to the crypto
        benchmarking utility
      - Library test M4 files that don't use pkg-config now unconditionally
        set FOO_CFLAGS as well as FOO_LIBS. Normally the _CFLAGS variable is
        provided by pkg-config, but we should start using it unconditionally
        in extra.mk.in and Makefiles so that if those libraries gain pkg-config
        compatibility in the future we can start making use of it immediately.
      - Put all conditional build variables/targets first in their respective
        variables in Makefiles.
      - Move the "Remember to edit your config file" notice to the Makefile in
        src/services/ so that it is displayed close to the bottom of the install
        target, where it is more likely to be read.
      - Remove obsolete rm calls from src/services/Makefile for installing into
        a directory containing an extremely old Atheme installation.
      - Move installation of NEWS.md -> RELEASE outside of the bottom of a
        subshell in src/services/Makefile -- its presence there was only
      - Add missing subdirectory to SUBDIRS in tools/Makefile.
      - Make both tools/*/Makefiles not install their respective programs.
        These are not expected to be used by users, and in fact are not even
        installed at all anyway because tools itself is not in the SUBDIRS
        variable in the root Makefile, nor does this commit add it.
  10. 18 Jan, 2020 1 commit
    • Aaron Jones's avatar
      modules/saslserv/scram-sha: rename to scram · befc630e
      Aaron Jones authored
      It's conceivable in the future that SCRAM would be updated to
      include other kinds of password hashing algorithms, such as
      scrypt and/or Argon2. The name of the mechanism is itself also
      just "SCRAM", so name the module that instead, while we can
      rename it now to avoid breaking configuration compatibility.
      While we're at it, make the module register all supported
      mechanisms. This is because changing the digest algorithm
      should not break logins that would have continued to succeed
      before doing so. Clients can try each mechanism in turn until
      one succeeds, or cache the configuration and credentials that
      succeeded last time and continue to re-use them without even
  11. 16 Jan, 2020 1 commit
    • Aaron Jones's avatar
      configure: replace --enable-debugging with --enable-compiler-sanitizers · 3f9992da
      Aaron Jones authored
      This enables ASan, UBSan, et al. and supports both GCC and Clang.
      Clang support requires an LLVM-bitcode-parsing-capable linker (because
      Clang requires LTO for these sanitizers, and Clang in LTO mode outputs
      LLVM bitcode, instead of machine code, leaving it to the linker to
      translate it after performing its link-time optimisations).
      If you need to, pass LDFLAGS="-fuse-ld=lld" to override the LD variable
      set by `./configure` (which isn't used anyway) and use the LLVM linker.
      Alternatively, use the Gold linker with the LLVM plugin.
      Or just use GCC, but that doesn't support as many sanitizers ...
      This commit removes the `--enable-debugging` flag added by commit
      447cda49. It wasn't particularly useful anyway. The build
      system still checks for CFLAGS="-g", with or without this new option, &
      with or without any explicit CFLAGS being passed to `./configure`, so
      that the occasionally-submitted backtraces are at least still somewhat
      This commit also makes the CI build script pass the following options
      to `./configure`:
          --enable-compiler-sanitizers              (this newly-added option)
      The former is so that the sanitizers can catch any memory issues. The
      shared heap allocator(s) hide use-after-free problems, because they
      don't taint the memory, or release it back to the OS, after Atheme
      "frees" it.
  12. 15 Jan, 2020 3 commits
  13. 29 Dec, 2019 1 commit
    • Aaron Jones's avatar
      modules/crypto/argon2d: rip out and replace with libargon2 binding · 5fa0bd86
      Aaron Jones authored
      I don't like the idea of a password encryption-capable module needing
      a third-party library, but I liked this module even less. It doesn't
      support parallelism, it doesn't support other versions of Argon2, it
      doesn't support other types of Argon2; one of those types, Argon2id,
      is more suitable for password hashing than Argon2d is, ...
      It is also rather difficult to write a benchmarking utility for,
      because it is not in libathemecore like our new Digest API is.
      Now that we have a proper binding to a library, update the included
      PBKDF2 benchmarking utility to support Argon2 as well. Change the
      default type from Argon2d to Argon2id. Add automatic optimal crypto
      module parameter benchmarking to the utility, and fix a long-standing
      memory corruption bug in it. Finally, elaborate a lot on the various
      configuration options of Argon2 in the example configuration file.
      While we're at it, tweak the time recommendations in the example
      configuration file too.
  14. 07 Dec, 2019 1 commit
  15. 07 Sep, 2019 1 commit
  16. 29 May, 2019 2 commits
    • Aaron Jones's avatar
      modules/crypto/: add verify-only Anope v2.0+ compatible enc_sha256 · 668e61ed
      Aaron Jones authored
      Verify-only module for Anope v2.0+ "enc_sha256" password hashes. This is
      a straight SHA2-256 invocation but with a custom initial hash value,
      which sets this module apart from modules/crypto/rawsha2-256.
      It also means that we can't use our Digest API directly, because it will
      usually be provided by a crypto library, which do not permit changing
      the IHVs. So we use our own internal digest algorithm implementation
      Note that this module differs from the Anope one in significant ways:
      1: Anope uses a prefix of "sha256:", while this module uses a prefix of
      2: The 2 values (message digest and IHV) are encoded in base-64 instead
         of Anope's hexadecimal.
      3: Fields are separated with "$" instead of Anope's ":".
      4: The order of the two fields is swapped; the IHV is first.
      It is the responsibility of a database migration program to perform
      these adaptations.
    • Aaron Jones's avatar
  17. 25 May, 2019 1 commit
  18. 04 May, 2019 2 commits
  19. 03 May, 2019 1 commit
  20. 25 Apr, 2019 3 commits
  21. 17 Mar, 2019 3 commits
  22. 16 Mar, 2019 1 commit
  23. 15 Mar, 2019 1 commit
    • Janik Kleinhoff's avatar
      operserv/override: remove · c5135c33
      Janik Kleinhoff authored
      The override functionality offered by this module was insufficiently
      transparent to users while providing large opportunities for abuse.
      Any legitimate use for this command should be met with a more specific,
      more accountable command, such as chanserv/fflags or operserv/mode.
      Since the module may cause crashes with commands that do not expect to
      be called under the unusual circumstances caused by this module, it is
      not suitable even for debugging purposes gated behind allow_taint.
      If this removal breaks network staff workflow for you, please consider
      whether there is a less invasive, more accountable method of doing what
      you need to do. If there could be one, but it isn't implemented, feel
      free to report it as a missing feature. If what you need to do can only
      be done by arbitrarily impersonating users, reconsider whether you
      really need to do it.
  24. 03 Mar, 2019 1 commit
  25. 14 Feb, 2019 1 commit
  26. 24 Jan, 2019 1 commit
    • Aaron Jones's avatar
      modules/crypto/: add libsodium scrypt password module (verify-only) · 8d8913e0
      Aaron Jones authored
      I made the decision to make this verify-only for three reasons:
      1) This algorithm has been superceded by Argon2, which we have an
         encryption-capable implementation of already.
      2) The module requires a third-party library, which may not always
         be available, and also may rely on platform architecture.
      3) Earlier versions of this software do not support this library, so
         making it encryption-capable would create a serious obstacle for
         downgrading to an earlier version of this software.
      Also remove `doc/CRYPTO-LIBRARIES` because it is duplicating much of
      what is already in `dist/atheme.conf.example`.
  27. 11 Jan, 2019 1 commit
    • Aaron Jones's avatar
      Add libpasswdqc support to complement libcrack2 · 583552e5
      Aaron Jones authored
      This renames modules/nickserv/cracklib to modules/nickserv/pwquality
      and adds libpasswdqc <https://www.openwall.com/passwdqc/> support to it.
      It also moves the cracklib_dict configuration option from nickserv/main
      to this new module. It doesn't make sense to have it elsewhere when
      this module is the only thing using it.
      Also, the cracklib functionality now requires a dictionary to be set and
      present, which reflects the example configuration file documentation.
      Finally, it reports the configured dictionary in OperServ INFO.
  28. 09 Jan, 2019 1 commit
    • Aaron Jones's avatar
      Build System: Separate the RNG providers & code · d9b514bf
      Aaron Jones authored
      This breaks the existing libathemecore/arc4random.c down into 3 files:
      - libathemecore/random_frontend.c
        This file is responsible for including one of the frontends below.
        This inclusion approach is elucidiated in commit bf697f05.
      - libathemecore/random_fe_internal.c
        This frontend is the internal ChaCha20-based fallback RNG taken from
        OpenBSD libc. It is used if no other files below are suitable.
      - libathemecore/random_fe_mbedtls.c
        This frontend is the RNG based on ARM mbedTLS HMAC-DRBG. This is just
        the code that was already in libathemecore, but in another file
        instead of intertwined with ifdef spaghetti.
      Additionally, 2 new frontends are introduced:
      - libathemecore/random_fe_openbsd.c
        This frontend is used if building on an OpenBSD machine. It uses
        OpenBSD's arc4random(3), located in libc.
      - libathemecore/random_fe_sodium.c
        This frontend uses the randombytes API in libsodium.
      The preferred frontend order is:
        - OpenBSD arc4random(3), or
        - libsodium randombytes(3), or
        - ARM mbedTLS hmac_drbg_random(3), or
        - Internal ChaCha20-based Fallback RNG, seeded by:
          - getentropy(3), or
          - getrandom(2), or
          - urandom(4)
  29. 28 Dec, 2018 1 commit
  30. 19 Dec, 2018 1 commit