1. 24 Jul, 2020 1 commit
  2. 23 Jul, 2020 1 commit
    • Ed Kellett's avatar
      nickserv: Prefer advertising two-argument IDENTIFY · 09191c76
      Ed Kellett authored
      Many users are only ever exposed to the one-argument variant, and
      require human assistance to get out of situations that could have been
      resolved easily. For example, a user matching a +q $~a may find
      themselves stuck on an alternate nick.
      Attempt to mitigate this problem by making two-argument IDENTIFY more
      prominent in help and nags.
  3. 12 Jun, 2020 3 commits
  4. 31 May, 2020 1 commit
  5. 03 May, 2020 1 commit
  6. 02 May, 2020 1 commit
    • Aaron Jones's avatar
      modules/nickserv/: email keys & changed passwords: bump lengths · 27db1eb6
      Aaron Jones authored
      random_string() was changed to use a wider alphabet in commit
      659dfb78, but the lengths of its consumers were not.
      Bump these from 12 to 16 characters for even more prediction
      resistance. I'm hesitant to go even further because people may
      have to end up typing these out on mobile devices or such.
  7. 30 Apr, 2020 2 commits
    • Aaron Jones's avatar
      modules/crypto/argon2: warn if building against very old libargon2 · 52d1876b
      Aaron Jones authored
      I cannot in my right mind fathom why Debian 9 ships with a 4-year-old
      version of a cryptographic library, and not even a backport of a newer
      version available, but it does, and there isn't.
      This fixes building modules/crypto/argon2 on Debian 9.
    • Aaron Jones's avatar
      m4/atheme-libtest-*.m4: pkg-config: actually no-op on not found · cbd32d76
      Aaron Jones authored
      Providing an empty action-if-not-found argument for PKG_CHECK_MODULES
      doesn't stop ./configure from aborting. Actually do something (with no
      effect) instead; we don't require any of these libraries.
      This allows the configure script to succeed on a freshly-installed
      machine without the libraries in question installed.
      Further, warn the user that pkg-config is missing if it is. This is
      necessary for a lot of the library detection tests, unless the user
      manually specifies LIBFOO_CFLAGS and LIBFOO_LIBS on the ./configure
      command-line, which we don't want to encourage, and is provided only
      for compatibility with weird operating systems that install libraries
      into paths that its toolchain does not look for libraries in.
      [ci skip]
  8. 29 Apr, 2020 1 commit
  9. 13 Apr, 2020 1 commit
  10. 12 Apr, 2020 1 commit
    • Ed Kellett's avatar
      nickserv/info: Make private times more private · 647556cc
      Ed Kellett authored
      The previous approach rounded the elapsed time down to weeks, which does
      reduce the resolution of last seen times to a week over one observation.
      Unfortunately, if we're allowed multiple observations, we can zero in on
      the time the low-resolution clock ticks over.
      The solution used here is to reduce the resolution of the last-seen time
      itself. Since the time is not changing, this happens the same way each
      time, and subsequent observations reveal no information. This is not
      perfect on its own: it discloses high-resolution information about users
      who were last seen at the beginning of the current Atheme week, since
      they couldn't have been last seen in the future. We deal with this by
      representing both 0- and 1-week differences as "less than two
      weeks ago".
      Finally, this is of limited value as long as we reveal the
      high-resolution fact that a user is online now. We dispense with this
      and show an obfuscated time for private users regardless of
      logged-in status.
  11. 21 Mar, 2020 1 commit
  12. 27 Feb, 2020 3 commits
    • Aaron Jones's avatar
      modules/saslserv/main: fix double mechanism registration · d09d063b
      Aaron Jones authored
      During an saslserv/main reload, some modules (such as SCRAM) can end up
      registering their mechanisms twice. We should ignore that; it pollutes
      the mechanism list propagated to servers.
      [ci skip]
    • Aaron Jones's avatar
      modules/saslserv/scram: provide correct mechanism to use on mismatch · d94294d7
      Aaron Jones authored
      When a client tries to login with e.g. SCRAM-SHA-512 but their database
      credentials were calculated with SHA2-256, indicate to the client that
      SCRAM-SHA-256 is the only acceptable SASL SCRAM method for login. This
      is done by recalculating a new SASL mechanism list, against a list of
      mechanisms to /avoid/ putting into the list, and then sending that list
      to the client (but not telling servers to set their general mechanism
      list to it, as that would affect other clients). The list of mechanisms
      to avoid is calculated based on the database credentials, which we only
      know after receiving a username from the client.
      As an aside, I am rather disappointed with the design of SCRAM, in
      particular its choice to leave negotiation of digest algorithm out of
      band. This would be much cleaner if the mechanism was just named "SCRAM"
      (or "SCRAM-PLUS"), and the server could indicate (in the server's first
      message) which digest algorithm the client should use to calculate
      SaltedPassword, ClientKey, & ServerKey. As it stands, we can only fail
      the mechanism if the digest algorithm implied by the SASL mechanism name
      doesn't match the digest algorithm used to calculate the database
      credentials, and then hope that the client eventually falls back to the
      correct mechanism.
      This commit aids that fallback process for IRCv3.1 networks (IRCv3.2
      networks will have the full mechlist as a value of the sasl= capability,
      so clients always know which mechanisms it should try). To that end, we
      also put a note in the documentation that deploying SCRAM on IRCv3.1
      networks is discouraged.
    • Aaron Jones's avatar
  13. 22 Feb, 2020 1 commit
  14. 18 Feb, 2020 5 commits
  15. 09 Feb, 2020 2 commits
    • Aaron Jones's avatar
      m4/atheme-featuretest-nls.m4: fix option name · ffe17165
      Aaron Jones authored
      This is a default off option; its help string should be enable.
      [ci skip]
    • Aaron Jones's avatar
      m4/: tidy up NLS logic · 3828bfac
      Aaron Jones authored
      We shouldn't do all the NLS checks before parsing --enable-nls; it should
      be the other way around: only do the checks if --enable-nls=yes was given.
      Since all but one of our translations are currently broken, also change
      the default from yes to no. This can be revisited after our translations
      are brought up to scratch.
  16. 06 Feb, 2020 10 commits
  17. 02 Feb, 2020 5 commits
    • Aaron Jones's avatar
    • Aaron Jones's avatar
      Use #elif more to avoid pointless preprocessor soup · d03a5bbc
      Aaron Jones authored
      This looks *MUCH* better, and is also much more maintainable.
      Also document, in libathemecore/memory_frontend.c, where various memory
      comparison and wiping functions originated, and clean up some other
      miscellaneous things.
    • Aaron Jones's avatar
      libathemecore/memory: support consttime_memequal & explicit_memset · fa795301
      Aaron Jones authored
      These C library functions are present in NetBSD v7.0+ and possibly other
      C libraries. On NetBSD they both require only <string.h>, which we
      already include (by way of <atheme/stdheaders.h>).
      Also move the preprocessor warning directive down to where it is actually
    • Aaron Jones's avatar
      configure.ac: move most build system / toolchain / header / etc checks · ddf1c059
      Aaron Jones authored
      This puts them in a dedicated file, where they can live in peace and not
      pollute the rest.
      We also put needed things once per line, even if it is a bit more verbose,
      it saves us having to re-wrap lines when we add or remove something.
    • Aaron Jones's avatar
      doc/SASL-SCRAM: clarify setup instructions · d097d154
      Aaron Jones authored
      - Explain the ./configure argument to force GNU libidn to be available
        and what to look for when it prints its configuration.
      - Reorder mechanisms in order of strength when asking to decide.
      - Clarify that regular PBKDF2 credentials definitely allow impersonation,
        and that this is why the SCRAM module does nothing if this style of
        credentials is being used.
      - Move loadmodule advice to next to eachother.
      - Space everything out a bit more for readability.
      - Directly discourage uncommenting the SCRAM loadmodule line in the
        example configuration file without having read the documentation.