SRP?

DH-Blowfish from Atheme looks ok but is easily DoS'able...

ECDH probably better idea.

Make the ticket command more consitent with the other commands on G and use :reason instead of "reason" (or simply support both).

Also, do not ignore the ticket reason when longer than 128 chars, just allow the max on IRC, 512 chars so that it always fits and always gets through.

(originally reported by wiebe)

Reported by modul8:

[18:39:39] -> n trustgroupadd
[18:39:39] N $A$ From: [email protected]/Wineasy: trustgroupadd
[18:39:39] N Usage: trustgroupadd ?comment?
[18:40:47] -> n trustgroupadd test 25 1 1 Wineasy trust testing group
[18:40:47] N $A$ From: [email protected]/Wineasy: trustgroupadd test 25 1 1 Wineasy trust testing group
[18:40:47] N Group added.
[18:40:47] N $t$ [email protected]/Wineasy TRUSTGROUPADD'ed 'test'
[18:41:08] -> n TRUSTLOGGREP test
[18:41:08] N $A$ From: [email protected]/Wineasy: TRUSTLOGGREP test
[18:41:09] N [2013-11-08 12:40:47] #7/test (Wineasy) Created trust group 'test' (ID #25): howmany=7, enforceident=1, maxperident=1, createdby=#Wineasy, contact=Wineasy, comment=trust testing group
[18:41:09] N — Done. Found 4 entries.

Fix attached:

diff -r 3f154eb428a9 trusts/trusts_management.c
--- a/trusts/trusts_management.c    Tue Sep 24 00:35:42 2013 +0100
+++ b/trusts/trusts_management.c    Fri Nov 08 19:04:56 2013 +0100
@@ -207,7 +207,7 @@
   controlwall(NO_OPER, NL_TRUSTS, "%s TRUSTGROUPADD'ed '%s'", controlid(sender), tg->name->content);
   trustlog(tg, sender->authname, "Created trust group '%s' (ID #%d): howmany=%d, enforceident=%d, maxperident=%d, "
     "createdby=%s, contact=%s, comment=%s",
-    tg->name->content, howmany, tg->id, enforceident, maxperident, createdby, contact, comment);
+    tg->name->content, tg->id, howmany, enforceident, maxperident, createdby, contact, comment);

   return CMD_OK;
 }

this way namespacing would be automatic

e.g. db = db_open("sqlite", "myscriptname")

instead of everything being in the lua schema/db

(Labels: Chanserv Enhancement)

Add a chanflag to chanserv that auto-voices all registered users who join the channel.

Proposed help:

-Q-  +r VOICEREG   Automatically grants voice (+v) on the channel to any registered user who enters,
-Q-                unless they have quiet (+q) chanlev flag.

Rationale:
Delaying the ability to speak in the channel for unregistered people is a good mitigation strategy against the current spam attack.
This can be archived by setting the channel +DM (delay join, reg-only moderated), and auto-voicing anyone who enters with a delay.

Technically, it is not required to voice unregistered users - but this cause envy if only unregistered users are voiced.
Therefore it might be useful to voice anyone who can speak as soon as they enter the channel.
Also, Q can see through +D, making this feature even more useful - as the join and mode change line come together, and are easier to associate in my brain.

G does not store who set what ban/censor/ticket/improper etc., I think it should do that, not only for accountability, but also for finding who to contact regarding a specific ban/censor/ticket etc.

And also for oneself, I know most of the bans/censors I set have reason "get out", "stay out" or "no thanks", but storing the owner's account makes things easier. Also other info should/could be stored, such as timestamp when added, last used, etc.

(originally reported by wiebe)

When a ban is set on chanserv's banlist and a user joins the channel - he is kicked and banned. However, when a user changes his nick to fit the banmask - he isn't getting kicked and banned.

Example:

[03/10/13 09:02:04] * blal ([email protected]) has joined #thechannel
[03/10/13 09:02:40] * Q sets mode: +b [S]!@
[03/10/13 09:02:49] * blal is now known as [S]test
[03/10/13 09:03:59] * AnOppedUser sets mode: -b [S]!@
[03/10/13 09:03:59] * Q sets mode: +b [S]!@
[03/10/13 09:03:59] * [S]test was kicked by Q (Banned.)
[03/10/13 09:04:17] * AnOppedUser sets mode: -b [S]!@
[03/10/13 09:04:23] * [S]test ([email protected]) has joined #thechannel
[03/10/13 09:04:23] * Q sets mode: +b [S]!@
[03/10/13 09:04:23] * [S]test was kicked by Q (Banned.)
[03/10/13 09:02:04] * blal ([email protected]) has joined #thechannel
[03/10/13 09:02:40] * Q sets mode: +b [S]!@
[03/10/13 09:02:49] * blal is now known as [S]test
[03/10/13 09:03:59] * AnOppedUser sets mode: -b [S]!@
[03/10/13 09:03:59] * Q sets mode: +b [S]!@
[03/10/13 09:03:59] * [S]test was kicked by Q (Banned.)
[03/10/13 09:04:17] * AnOppedUser sets mode: -b [S]!@
[03/10/13 09:04:23] * [S]test ([email protected]) has joined #thechannel
[03/10/13 09:04:23] * Q sets mode: +b [S]!@
[03/10/13 09:04:23] * [S]test was kicked by Q (Banned.)

(originally reported by NaNg)

• AUTH / authlib
• database alterations

Friends on G cannot be given a ticket, G claims they do not need it, but they cannot get to #feds without it. Of course the work around at the moment, is to -peon -ticket -friend them, but it would be nice if this could be corrected.

(originally reported by wiebe)

(Labels: Chanserv Enhancement)

Add a channel setting to voice all joining users after a delay.

Rationale:
Delaying the ability to speak in the channel for unregistered people is a good mitigation strategy against the current spam attack.
This can be archived by setting the channel mode +DM (delay join, reg-only moderated), and auto-voicing anyone who enters with a delay.

If a fixed delay is used, a chanflag can be used.
If the delay should be configurable on a per channel basis, then more changes are needed.

Currently they're pretty bad.

(requestq / requests)

Hello some a day i connect to channel support in quakenet and someone there say this possible run Q without send email my a question how i do it please help thanks!!

how i disble send email from Q thankss

pqsql currently does not survive the PostgreSQL server restarting or going away at all.

If the PostgreSQL server goes away, it will send some input, signaling PQisBusy == false, but we may not even have queryhead != NULL at the time, leading to a crash. To avoid the crash, queryhead == NULL would first need to be checked, then PQresultStatus(PQgetResult(dbconn)) should be verified to be PGRES_FATAL_ERROR, else the connection may continue to function as intended.

The discussion about PostgreSQL bug 5837 has yielded that the API is meant to be used with PQisBusy to immediately go ahead to PQgetResult, which will then inform about the fatal error. PQstatus will still return CONNECTION_OK despite it obviously not being okay.

However, even if that were to be detected correctly, then there is no reasonable recovery plan:

1. Reconnecting is very risky. Should the connectdb() function hang due to its nature of connecting in a blocking manner, all network I/O will stall, possibly sendq'ing newserv off the network.
2. At the very least, the chanserv does not survive a reload the pqsql module, it crashes at least somewhere around dbhandler/loadmaillocksdone/csc_dochanstat/chanservstdmessage due to invalid parameters. Due to this, waiting for the PostgreSQL server to be confirmed working and then reloading pqsql manually is no option. More modules may or may not fail in similar ways.

PostgreSQL servers may go away even over local connections when admins enable automatic security updates on Linux distributions and the like, due to it being restarted in the process.

authgate currently uses checkhashpass command which can't work with hashed passwords.

alter to use mechanism similar to CREATEACCOUNT.

Can't release S until extracted.

There are confusing error messages originating from the nickrate module: it claims to be proxyscan.

Attached a patch (created using hg export).

(originally reported by anders)

hello if this a possible register to Q without email more options for client please?

Add account info in output from nicksearch to the usermode part.
For example: nick!user@host [ip](+ixr account) (realname)

(originally reported by wiebe)

In case a split entry is removed in error, there is currently no way to fix that (apart from using O to jupe it, but then the server cannot link probably..), so it may be an idea to add a splitadd command.

(originally reported by wiebe)

(self explanatory)

Currently hacked around by forcing sqlite.

help please how i disble send email from !

Add noticeflag system on Q like the newserv instances have, allowing opers to choose what to receive.

Also add notices about things like, but not limited to, usage of addchan/delchan by opers (perhaps not R), chanlev and chanflags changes which are only possible by oper priv, suspendchan/unsuspendchan, etc.

(originally reported by wiebe)

to fix: replace match with that from ircd

Hello i read readme and what i only see it configure file but i`m not see explain about create sql for newserv i happy if this possible set explain about this

Q leaves empty channels after about 5 minutes and then rejoins when a user joins it. It may be a nice feature if Q saves the topic when leaving, and restore it upon rejoin.

Or only when chanflag +f is set and a topic was set with /msg Q settopic.

(originally reported by wiebe)

(self explanatory)

(original reporter: wiebe)

(self explanatory)

Note: this may end up having to run in a separate daemon / thread to prevent DoS.

Add an additional field to the whois output, to display the timestamp of when a staff comment was last set.

The field would not be shown unless a staff comment is present.

(originally reported by Bazerka)

The nterfacer protocol has no forward security: Once the password for any connection that was fully recorded is known, the key derivation algorithm allows decryption of all data. If the session in question is still going on, creating valid MACs becomes viable as the key becomes known.

Assuming best case, brute-forcing passwords is infeasible. Best case is all characters other than \n and \0 are actually used in the password. The maximum password length is 255 - strlen("password=") - 1 == 245. This leads to a potential maximum password strength of meaning 245 bytes with each byte having 253 potential values, which is entirely unreasonable to brute-force. However, should it ever be leaked or cracked due to a weak password (matching /^[a-z]{8}$/, for example), all previous captured communications would be compromised.

(There are other somewhat scary things, such as using memcmp instead of a function with constant timing for HMAC comparison, but it apparently can't be abused since the connection is immediately dropped on invalid MAC, plus keys are only per-session as well as not generated until after authentication of the other party. Additionally, CBC here shouldn't have any issues with its predictable PKCS#7 padding since the nterfacer protocol is correctly encrypt-then-MAC.)

newserv's ping/pong routine with its uplink current does not support the ping time or the info for AsLL. I think it might be nice if it did. It does not need to reply to remote AsLL requests, simply providing the needed info in the ping/pong routine should make the AsLL info available on its uplink. See example below.

xx.cc.quakenet.org AsLL for hub.xx.quakenet.org – RTT: 2ms Upstream: -28ms Downstream: 30ms
xx.cc.quakenet.org AsLL for services.cc.quakenet.org – [unknown]
xx.cc.quakenet.org AsLL for *: 2 local servers matched

(originally from wiebe)

bit horrible to use otherwise

note we could display a hash of the hash, and rollback can just rollback the hashes.