From e7a194e703b90e47e330dc0e0281b939c741bf75 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Thu, 11 Feb 2016 09:39:37 +0100 Subject: [PATCH 1/3] don't stress people on unimportant things like libpsyc --- CHANGESTODO | 82 ++++++++++++++++++----------- world/drivers/ldmud/master/master.c | 2 +- 2 files changed, 53 insertions(+), 31 deletions(-) diff --git a/CHANGESTODO b/CHANGESTODO index 5234445..b48985a 100644 --- a/CHANGESTODO +++ b/CHANGESTODO @@ -7,43 +7,53 @@ vim:nosmarttab:syntax=diff | This file is mostly being used by lynX. The public bug tracker for psyced | resides at https://projects.tgbit.net/projects/psyced/ and contains the | same stuff in a more multiuser accessible fashion. +| +| Then again, no. psyced is in low maintenance mode since it roughly +| does what it should and we need a distributed communication system +| such as secushare.org anyway. ________________________________________________________________________ -== SERIOUS!!! ========================================================== +== NUISANCES worth fixing, possibly ==================================== ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ -- MUC im arsch -- fix /part behaviour -- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt. +- offline messages not being output (which *can* work even with OTR!) + <<< did i fix that recently? +- xmpp friendships for local xmpp clients (see /show in and out) + +- we should add warnings about browsers that arent mozilla compatible but claim to be + <<< did i recently fix that with browsercap? + ++ clean-up and release the historic webchat code + (in case you wondered what browsercap is.. it's there) + +== XMPP MUC MOSTLY BROKEN ============================================== + + * XMTUX sagt: and these scratchboard-messages and the "going down" messages are sent by this "special user", too + * why do these messags have the type "chat" and not "groupchat"? + * <- this is a snippet of the xml that was just sent by psyced + * while the other messages are sent with ¿) + * XMTUX: zu eurer info, es scheint irgendwie möglich zu sein, nachrichten vom muc selbst kommen zu lassen, d.h. sowas wie ¿ funktioniert... (damit könnte man diese ganzen nachrichten, die jetzt au?erhalb des muc oder von einem komischen user erscheinen schön in den raum machen) + +- remote psycers do not always show up properly via jabber client + MUC +* see also older notes below on "MUC" +________________________________________________________________________ +== desperate, but not serious ========================================== +¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ - check in user:input() if data is in utf8 (using RE_UTF8) in order to produce proper error messages before it is processed further and may end up in net/jabber's emit() where it is dropped silently (see CHARS_XMPP.log) -- make polly use oauth - -- remote psycers do not always show up properly via jabber client + MUC - -- /m freenode:symlynx hey - Sorry, _message_private is not supported by the IRC gateway. - huh? wasn't that once the point to make them? debug... - -- msg from irc to remote psyc user doesn't work: - ERQ could not resolve "symlynX". - (it tries to resolve the irc:nick) - +SAME BUG? +- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt. - "invalid context" errors happen where local rooms send _context as string uniform while local users expect the object pointer. huh? LPC -- large submissions into scratchpad can crash the driver -- configure script fails on libidn now being in glibc -- buffer stuff in erq +- large submissions into scratchpad can crash the driver (disable http?) +- unsafe buffer operations in erq (annoying but harmless) ________________________________________________________________________ -== NEXT RELEASE ======================================================== +== considered important long time ago ================================== ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ -+ active certs: have data/host/psyc.host.name.pem contain tls cert - for this host, so when that file exists psyced automatically tries - a tls_init_connection() when psyc-connecting that host and checks if - the certificate is still correct. it also does on incoming tls. +- fix /PART behaviour... what is wrong with it? - net/jabber reissues unnecessary friend() requests whenever a user simply reorganizes friends into other roster groups @@ -58,8 +68,6 @@ ________________________________________________________________________ - autorefetch twitter isnt working http/fetch is too complicated. throw out the queue and callback logic. kiss! -? support tls multiplexing on all suitable ports - ? bugs in psyced install procedure - pointless to keep gentoo files in this git, if they can't be updated @@ -68,7 +76,7 @@ ________________________________________________________________________ + teach net/smtp to trust localhost etc. + teach net/smtp to ask recipient object if spam rules are to be applied ________________________________________________________________________ -== currently being inspected =========================================== +== forever being inspected ============================================= ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ - https://psyced.org/~lynX should use web browser language, not mine @@ -90,9 +98,6 @@ ________________________________________________________________________ USE_THE_NICK code running. several "invite issues" should be solved once nicks are gone. -- psyced.org tells me: Ungültige Route nach psyc://psyced.org - im psyc://psyced.org/~lynx Context festgestellt. - ? who's gonna clean up the mess of having too many websites ? - when provided with a _focus pointing to yourself, _request_execute will @@ -1556,6 +1561,14 @@ ________________________________________________________________________ not need anybody's permission to do so. ok forget this. just documenting this here and poof forget it again. +== IDEAS from the long gone TLS era ==================================== + ++ active certs: have data/host/psyc.host.name.pem contain tls cert + for this host, so when that file exists psyced automatically tries + a tls_init_connection() when psyc-connecting that host and checks if + the certificate is still correct. it also does on incoming tls. + (later people called this technique 'CERTIFICATE PINNING') + == PSYC CLIENTS ======================================================== - tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo is not accepted by the UNI and thus does not make it into _list_places @@ -3940,4 +3953,13 @@ net/spyc net/psyc (and still doesn't address the many problems of federation) === 201509 ============================================================ - fixed autojoin bug for psyc, telnet and webchat users +=== 201510 ============================================================ +- assert mapping during unlink (triggered by old .o file) +=== 201601 ============================================================ ++ looks like it is a good idea to activate XMPP_BIDI by default +- folklore: fixed the output order of messages in place/basic +=== 201602 ============================================================ ++ irc: introducing _data_psyctext as a way to output the proper + psyced error message to IRC clients when failing to enter + a channel with restrictions like obligatory encryption diff --git a/world/drivers/ldmud/master/master.c b/world/drivers/ldmud/master/master.c index 86e1246..4966af5 100644 --- a/world/drivers/ldmud/master/master.c +++ b/world/drivers/ldmud/master/master.c @@ -217,7 +217,7 @@ void receive_udp(string host, string msg, int port) { if (strlen(msg) > 1 && msg[1] == '\n') switch(msg[0]) { #ifdef SPYC_PATH # if !__EFUN_DEFINED__(psyc_parse) -# echo New PSYC syntax will not work: Driver compiled without libpsyc! +# echo libpsyc is not enabled in driver. Using old protocol parser instead. # else case '|': unless (spycd) { From 02d4e8011945b71a7fc551fa43ee0722e06e8e97 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Mon, 22 Feb 2016 06:38:36 +0100 Subject: [PATCH 2/3] disallow people to expose private data by crypto downgrade --- world/default/de/plain.textdb | 3 +++ world/default/en/plain.textdb | 3 +++ world/default/it/plain.textdb | 3 +++ world/net/user.c | 21 +++++++++++++++++---- 4 files changed, 26 insertions(+), 4 deletions(-) diff --git a/world/default/de/plain.textdb b/world/default/de/plain.textdb index c35cf6e..f9cc60f 100644 --- a/world/default/de/plain.textdb +++ b/world/default/de/plain.textdb @@ -4,6 +4,9 @@ _warning_server_shutdown_temporary |Serverneustart: [_reason] +_error_missing_circuit_encryption +|Deine Verbindung ist plötzlich nicht mehr verschlüsselt. Bitte kontrolliere Deine Konfiguration. + _warning_missing_circuit_encryption |Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen! diff --git a/world/default/en/plain.textdb b/world/default/en/plain.textdb index 1caf82d..2d4c8f7 100644 --- a/world/default/en/plain.textdb +++ b/world/default/en/plain.textdb @@ -1,6 +1,9 @@ ## vim:syntax=mail ## Check utf-8: Praise Atatürk! +_error_missing_circuit_encryption +|Your connection has downgraded from being encrypted. Please fix your configuration. + _warning_missing_circuit_encryption |Your connection is not encrypted. You are putting other people's privacy at risk! diff --git a/world/default/it/plain.textdb b/world/default/it/plain.textdb index 9cac9f4..f365f60 100644 --- a/world/default/it/plain.textdb +++ b/world/default/it/plain.textdb @@ -1,6 +1,9 @@ ## vim:syntax=mail ## tradotto al 30% ... cerca /TODO/ per continuare +_error_missing_circuit_encryption +|La tua connessione ha smesso di essere crittata. Controlla la tua configurazione. + _warning_missing_circuit_encryption |La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone! diff --git a/world/net/user.c b/world/net/user.c index f469e33..38f31fe 100644 --- a/world/net/user.c +++ b/world/net/user.c @@ -28,6 +28,7 @@ volatile mixed query; volatile mapping tags; volatile int showEcho; volatile mixed beQuiet; +volatile int encrypted = 0; // my nickspace. used by psyctext(). could be passed as closure, but then // it wouldn't be available for *any* psyctext call in user objects. @@ -1572,6 +1573,7 @@ logon() { string evil; if (tls_query_connection_state(ME) == 1) { + encrypted++; // evil TLS ciphers are no problem if the connection is being // tunneled through SSH or Tor, so we shut up in that case. if (probably_private(ME) < PRIVACY_REASONABLE && @@ -1583,11 +1585,22 @@ logon() { unless (beQuiet) w("_status_circuit_encryption_cipher"); } } else if (!probably_private(ME)) { - w("_warning_missing_circuit_encryption" -# ifdef _warning_missing_circuit_encryption - , _warning_missing_circuit_encryption + if (encrypted) { + // do not allow a person to (be) downgrade(d) from TLS... + // at least not during the lifetime of this object + w("_error_missing_circuit_encryption" +# ifdef _error_missing_circuit_encryption + , _error_missing_circuit_encryption # endif - ); + ); + return remove_interactive(ME); + } else { + w("_warning_missing_circuit_encryption" +# ifdef _warning_missing_circuit_encryption + , _warning_missing_circuit_encryption +# endif + ); + } } #endif // cannot if (greeting) here this since jabber:iq:auth depends on this From 5739aacad6d54565b294a49c83c10a5126011968 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Wed, 24 Feb 2016 10:04:06 +0100 Subject: [PATCH 3/3] teach psyconf to generate the full config --- bin/psyconf | 61 ++++++++++++++++++++++++++++------- config/psyced.ini | 5 +-- install.sh | 12 +++---- {bin => utility/attic}/psyked | 0 4 files changed, 59 insertions(+), 19 deletions(-) rename {bin => utility/attic}/psyked (100%) diff --git a/bin/psyconf b/bin/psyconf index 498692c..6ec5682 100755 --- a/bin/psyconf +++ b/bin/psyconf @@ -44,18 +44,36 @@ use File::Spec; # } #} +sub debug() { 0 } + # append something while testing #my $test = "-NEW"; -use Data::Dumper; +#use Data::Dumper; sub say { print join('', @_); # if $test; } +sub sys { + print join(' ', @_), "\n" if debug; + if (system(@_)) { + if ($? == -1) { + print "\t{failed to execute: $!}\n"; + } elsif ($? & 127) { + printf "\t{command died with sig %d, %s core dump}\n", + ($? & 127), ($? & 128) ? 'with' : 'without'; + } else { + printf "\t{command exited with value %d}\n", $? >> 8; + } + exit $? if $?; + exit $@ if $@; + } +} ### MAIN ### # if you are manually compiling an ldmud, rename it or change here. my $driver = 'psyclpc'; + my $newbie = 0; use Getopt::Std; &getopt; @@ -166,8 +184,26 @@ X $c{_basic_host_name} || 'psyced'; $chatname = 'psyced' if $chatname eq 'psyc'; -# say "Generating control files in $c{_basic_path_base} ..\n\n"; - my $t = "$base/local/ports.h$test"; + my $t = "$base/local"; + unless (-w $t) { + $newbie = 1; + say <', $t or die "Cannot write to $t"; @@ -549,6 +585,7 @@ X print O "\t\$commandline\n"; } else { say "The file $sandbox/log/psyced.out will contain the runtime output.\n"; + say "The file $sandbox/log/psyced.err will contain error messages.\n"; print O <', $t or die "Cannot write to $t"; @@ -822,7 +859,9 @@ X ## end of former archetype.pl - say "\nCaution: You may have to completely shut down and restart psyced\n"; - say "to ensure the newly generated start-up scripts are actually used.\n"; + unless ($newbie) { + say "\nCaution: You may have to completely shut down and restart psyced\n"; + say "to ensure the newly generated start-up scripts are actually used.\n"; + } # vim:ts=8 diff --git a/config/psyced.ini b/config/psyced.ini index 61f6871..490a028 100644 --- a/config/psyced.ini +++ b/config/psyced.ini @@ -11,6 +11,7 @@ [_basic] ; Base directory of this PSYCED installation _path_base = /opt/psyced +; psyced runs in a sandbox of psyclpc and therefore needs this to be writable ; Configuration directory of this PSYCED installation ; psyconf will automatically search /etc/psyc for psyced.ini. @@ -20,8 +21,8 @@ _path_configuration = /etc/psyc ; Path leading to your private and public TLS keys ; (absolute or relative to the configuration directory). -_path_PEM_key = /etc/ssl/private/psyced_key.pem -_path_PEM_certificate = /etc/ssl/certs/psyced_cert.pem +_path_PEM_key = psyced.key +_path_PEM_certificate = psyced.crt ; Remember to make these files accessible to the userid ; running the psyced daemon! diff --git a/install.sh b/install.sh index 46cf769..86974f2 100755 --- a/install.sh +++ b/install.sh @@ -192,12 +192,12 @@ if ! test `ls -1 ${driver}-*tar.${zip} 2>/dev/null` then if wget "${lpcbaseurl}/${driver}-${driverver}.tar.${zip}" then - echo "${driver} successfully retrieved." - else - echo "${hi}ATTENTION: Unable to download ${driver}" - echo "${hi}ATTENTION: ${lo}You have no ${driver}-*.tar.${zip} in this directory." - echo "Please obtain one from http://lpc.psyc.eu." - $exit + echo "${driver} successfully retrieved." + else + echo "${hi}ATTENTION: Unable to download ${driver}" + echo "${hi}ATTENTION: ${lo}You have no ${driver}-*.tar.${zip} in this directory." + echo "Please obtain one from http://lpc.psyc.eu." + $exit fi else if test -d .git diff --git a/bin/psyked b/utility/attic/psyked similarity index 100% rename from bin/psyked rename to utility/attic/psyked