ngIRCd Release 21~rc1

Update NEWS and ChangeLog files

Actually KILL clients on GLINE/KLINE Kill all clients that match a new GLINE/KLINE mask and genrate apropriate KILL commands. These KILL commands can be superfluous, but are required when the IRC Operator isn't allowd to set remote G-Lines or if there are older servers in the network that don't kill clients on GLINE/KLINE. Closes bug #156.

Don't forward KILL commands for unknown clients

New function IRC_KillClient() to kill clients The old local function Kill_Nick() in irc.c has been an ugly hack. This patch implements a generic function for killing clients. Adjust all callers of Kill_Nick() and respect the return code!

Adjust log messages for invalid and spoofed prefixes Now invalid prefixes aren't logged no more when originating from an other server (besides in debug mode), and spoofed prefixes are correctly logged using LOG_WARNING (from an other server) or LOG_ERR (from a client) levels. In addition, the log message texts have been adjusted to better reflect what will happen: commands with invalid prefixes are ignored and logged, commands with spoofed prefixes will result in the client being disconncted (regular users) or the command being ignored (other servers). This cleans up logging of commands related to already KILL'ed clients.

Remove CLIENT.oper_by_my, Client_SetOperByMe() and Client_OperByMe() All places where Client_OperByMe() is used can either be converted to Client_HasMode(Client, 'o') or Op_Check(). And Op_Check() itself can use the connection handle for deciding whether the IRC Operator is a local user or not.

Add support to show user links using "STATS L" Change "stats L" to show servers and user links and restrict it to IRC Operators.

Log an error (not info) when working directory can't be changed

doc/PAM.txt: add a slightly more useful example

Change the certificate fingerprint digest to sha256 While here correct some indentation.

Change cipher defaults Switch cipher defaults to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS).

Merge remote-tracking branch 'alex/bug162-SSLCipherList' * alex/bug162-SSLCipherList: Cipher list selection for GnuTLS ConnSSL_Init_SSL(): correctly set CONN_SSL flag Cipher list selection for OpenSSL ConnSSL_InitLibrary(): Code cleanup

Fix server reconnection In some error cases conn_id will be left as SERVER_WAIT and subsequently ignored in Check_Servers(). Ensure conn_id is set to NONE before returning from New_Server() if we couldn't establish the connection. Prompted by a report from gabrielgi-at-gmail-dot-com.

Cipher list selection for GnuTLS This patch implements the missing functionality for cipher list selection using GnuTLS (our OpenSSL code has this already).

Don't ignore SSL-related errors during startup Without this patch, ngIRCd ignores SSL-related messages and continues to start up but only listens on plain text communication ports -- and this most probably isn't what the administrator wanted ... Closes bug #163.

ConnSSL_Init_SSL(): correctly set CONN_SSL flag The CONN_SSL flag must be set before any calls to ConnSSL_Free()!

Cipher list selection for OpenSSL This patch introduces the possibility to arbitrarily select ciphers which should be promoted resp. declined when establishing a SSL connection with a client by implementing the new configuration option "CipherList". By default, OpenSSL would accept low and medium strength and RC-4 ciphers, which nowadays are known to be broken. This patch only implements the feature for OpenSSL. A GnuTLS counterpart has to be implemented in another patch ... Original patch by Bastian <bastian-ngircd@t6l.de>. Closes bug #162.

TRACE: fix error message when there are too many parameters ircd 2.11 ignores additional parameters silently, but I don't think that this is the correct behaviour either ...

ConnSSL_InitLibrary(): Code cleanup

IRC_SetPenalty(): Code cleanup

Add more penalty times Ensure before every numeric 461 there is a call to IRC_SetPenalty().

Rework check for number of parameters Move most of the checks that return numeric 461 into Handle_Request().

Reorder checks Move oper and Conf_MorePrivacy checks after checking the number of parameters.

Move the IRC_SetPenalty() call after the asserts