Merge remote-tracking branch 'origin'

CHANGESTODO

@@ -7,43 +7,53 @@ vim:nosmarttab:syntax=diff
 | This file is mostly being used by lynX. The public bug tracker for psyced
 | resides at https://projects.tgbit.net/projects/psyced/ and contains the
 | same stuff in a more multiuser accessible fashion.
+|
+| Then again, no. psyced is in low maintenance mode since it roughly
+| does what it should and we need a distributed communication system
+| such as secushare.org anyway.
 ________________________________________________________________________
-== SERIOUS!!! ==========================================================
+== NUISANCES worth fixing, possibly ====================================
 ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
-- MUC im arsch
+- offline messages not being output (which *can* work even with OTR!)
-- fix /part behaviour
+     <<< did i fix that recently?
-- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt.
 
+- xmpp friendships for local xmpp clients (see /show in and out)
+
+- we should add warnings about browsers that arent mozilla compatible but claim to be
+     <<< did i recently fix that with browsercap?
+
++ clean-up and release the historic webchat code
+	(in case you wondered what browsercap is.. it's there)
+
+== XMPP MUC MOSTLY BROKEN ==============================================
+
+    * XMTUX sagt: and these scratchboard-messages and the "going down" messages are sent by this "special user", too
+    * why do these messags have the type "chat" and not "groupchat"?
+    * <message from='*welcome@psyced.org/psyc://psyced.org:51024d/' to='[censored-recipient]' type='groupchat'> <- this is a snippet of the xml that was just sent by psyced
+    * while the other messages are sent with ¿<message from='*welcome@psyced.org' to='[censored-recipient]/Home' type='chat'>)
+    * XMTUX: zu eurer info, es scheint irgendwie möglich zu sein, nachrichten vom muc selbst kommen zu lassen, d.h. sowas wie ¿<message from='room@server.com' to='user@server.de/Home' type='groupchat'> funktioniert... (damit könnte man diese ganzen nachrichten, die jetzt au?erhalb des muc oder von einem komischen user erscheinen schön in den raum machen)
+
+- remote psycers do not always show up properly via jabber client + MUC
+* see also older notes below on "MUC"
+________________________________________________________________________
+== desperate, but not serious ==========================================
+¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
 - check in user:input() if data is in utf8 (using RE_UTF8) in order to produce
   proper error messages before it is processed further and may end up in
   net/jabber's emit() where it is dropped silently (see CHARS_XMPP.log)
 
-- make polly use oauth
+SAME BUG?
-
+- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt.
-- remote psycers do not always show up properly via jabber client + MUC
-
-- /m freenode:symlynx hey
-    Sorry, _message_private is not supported by the IRC gateway.
-  huh? wasn't that once the point to make them? debug...
-
-- msg from irc to remote psyc user doesn't work:
-	ERQ could not resolve "symlynX".
-	(it tries to resolve the irc:nick)
-
 - "invalid context" errors happen where local rooms send _context
   as string uniform while local users expect the object pointer. huh?
 
 LPC
-- large submissions into scratchpad can crash the driver
+- large submissions into scratchpad can crash the driver (disable http?)
-- configure script fails on libidn now being in glibc
+- unsafe buffer operations in erq (annoying but harmless)
-- buffer stuff in erq
 ________________________________________________________________________
-== NEXT RELEASE ========================================================
+== considered important long time ago ==================================
 ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
-+ active certs: have data/host/psyc.host.name.pem contain tls cert
+- fix /PART behaviour... what is wrong with it?
-  for this host, so when that file exists psyced automatically tries
-  a tls_init_connection() when psyc-connecting that host and checks if
-  the certificate is still correct. it also does on incoming tls.
 
 - net/jabber reissues unnecessary friend() requests whenever a user simply
   reorganizes friends into other roster groups
@@ -58,8 +68,6 @@ ________________________________________________________________________
 - autorefetch twitter isnt working
   http/fetch is too complicated. throw out the queue and callback logic. kiss!
 
-? support tls multiplexing on all suitable ports
-
 ? bugs in psyced install procedure
 
 - pointless to keep gentoo files in this git, if they can't be updated
@@ -68,7 +76,7 @@ ________________________________________________________________________
 + teach net/smtp to trust localhost etc.
 + teach net/smtp to ask recipient object if spam rules are to be applied
 ________________________________________________________________________
-== currently being inspected ===========================================
+== forever being inspected =============================================
 ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
 - https://psyced.org/~lynX should use web browser language, not mine
 
@@ -90,9 +98,6 @@ ________________________________________________________________________
   USE_THE_NICK code running. several "invite issues" should be solved once
   nicks are gone.
 
-- psyced.org tells me: Ungültige Route nach psyc://psyced.org
-    im psyc://psyced.org/~lynx Context festgestellt.
-
 ? who's gonna clean up the mess of having too many websites ?
 
 - when provided with a _focus pointing to yourself, _request_execute will
@@ -1556,6 +1561,14 @@ ________________________________________________________________________
   not need anybody's permission to do so. ok forget this. just documenting
   this here and poof forget it again.
 
+== IDEAS from the long gone TLS era ====================================
+
++ active certs: have data/host/psyc.host.name.pem contain tls cert
+  for this host, so when that file exists psyced automatically tries
+  a tls_init_connection() when psyc-connecting that host and checks if
+  the certificate is still correct. it also does on incoming tls.
+  (later people called this technique 'CERTIFICATE PINNING')
+
 == PSYC CLIENTS ========================================================
 - tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo
   is not accepted by the UNI and thus does not make it into _list_places
@@ -3940,4 +3953,13 @@ net/spyc net/psyc
 	(and still doesn't address the many problems of federation)
 === 201509 ============================================================
 -	fixed autojoin bug for psyc, telnet and webchat users
+=== 201510 ============================================================
+-	assert mapping during unlink (triggered by old .o file)
+=== 201601 ============================================================
++	looks like it is a good idea to activate XMPP_BIDI by default
+-	folklore: fixed the output order of messages in place/basic
+=== 201602 ============================================================
++	irc: introducing _data_psyctext as a way to output the proper
+	psyced error message to IRC clients when failing to enter
+	a channel with restrictions like obligatory encryption
 

bin/psyconf

@@ -44,18 +44,36 @@ use File::Spec;
 #    }
 #}
 
+sub debug() { 0 }
+
 # append something while testing
 #my $test = "-NEW";
-use Data::Dumper;
+#use Data::Dumper;
 
 sub say {
 	print join('', @_); # if $test;
 }
 
+sub sys {
+	print join(' ', @_), "\n" if debug;
+	if (system(@_)) {
+		if ($? == -1) {
+			print "\t{failed to execute: $!}\n";
+		} elsif ($? & 127) {
+			printf "\t{command died with sig %d, %s core dump}\n",
+			 ($? & 127),  ($? & 128) ? 'with' : 'without';
+		} else {
+			printf "\t{command exited with value %d}\n", $? >> 8;
+		}
+		exit $? if $?;
+		exit $@ if $@;
+	}
+}
 
 	### MAIN ###
 	# if you are manually compiling an ldmud, rename it or change here.
 	my $driver = 'psyclpc';
+	my $newbie = 0;
 
 	use Getopt::Std;
 	&getopt;
@@ -166,8 +184,26 @@ X
 		         $c{_basic_host_name} || 'psyced';
 	$chatname = 'psyced' if $chatname eq 'psyc';
 
-#	say "Generating control files in $c{_basic_path_base} ..\n\n";
+	my $t = "$base/local";
-	my $t = "$base/local/ports.h$test";
+	unless (-w $t) {
+		$newbie = 1;
+		say <<X;
+
+Welcome new installer!
+Copying (just this time) default configuration into $t ..
+X
+		sys("/bin/cp", "-rp", "$base/config/blueprint", $t);
+	}
+	$t = "$base/data";
+	mkdir($t) unless -w $t;
+	$t = "$base/data/person";
+	mkdir($t) unless -w $t;
+	$t = "$base/data/place";
+	mkdir($t) unless -w $t;
+	$t = "$base/log";
+	mkdir($t) unless -w $t;
+
+	$t = "$base/local/ports.h$test";
 	say "Generating control file $t ..\n";
 	rename $t, "$t~";
 	open O, '>', $t or die "Cannot write to $t";
@@ -549,6 +585,7 @@ X
 		print O "\t\$commandline\n";
 	} else {
 		say "The file $sandbox/log/psyced.out will contain the runtime output.\n";
+		say "The file $sandbox/log/psyced.err will contain error messages.\n";
 		print O <<X;
 	touch $sandbox/log/psyced.out $sandbox/log/psyced.err
 	$domv $sandbox/log/psyced.err $sandbox/log/psyced.err-old
@@ -581,9 +618,9 @@ X
 
 # PSYCED INIT.D SCRIPT
 	$t = "$base/etc";
-	mkdir($t);
+	mkdir($t) unless -w $t;
 	$t .= "/init.d";
-	mkdir($t);
+	mkdir($t) unless -w $t;
 	$t .= "/psyced$test";
 	say "Generating control file $t ..\n";
 	rename $t, "$t~";
@@ -675,13 +712,13 @@ X
 
 # TORRC
 	$t = "$base/etc/tor";
-	mkdir($t);
+	mkdir($t) unless -w $t;
 	$t = "$base/var";
-	mkdir($t);
+	mkdir($t) unless -w $t;
 	$t = "$base/var/tor";
-	mkdir($t);
+	mkdir($t) unless -w $t;
 	$t = "$base/etc/tor/torrc";
-	say "Generating Tor configuration $t ..\n";
+	say "Generating optional Tor configuration $t ..\n";
 	rename $t, "$t~";
 	open O, '>', $t or die "Cannot write to $t";
 
@@ -822,7 +859,9 @@ X
 
 ## end of former archetype.pl
 
+	unless ($newbie) {
 	    say "\nCaution: You may have to completely shut down and restart psyced\n";
 	    say "to ensure the newly generated start-up scripts are actually used.\n";
+	}
 
 # vim:ts=8

config/psyced.ini

@@ -11,6 +11,7 @@
 [_basic]
 ; Base directory of this PSYCED installation
 _path_base = /opt/psyced
+; psyced runs in a sandbox of psyclpc and therefore needs this to be writable
 
 ; Configuration directory of this PSYCED installation
 ; psyconf will automatically search /etc/psyc for psyced.ini.
@@ -20,8 +21,8 @@ _path_configuration = /etc/psyc
 
 ; Path leading to your private and public TLS keys
 ; (absolute or relative to the configuration directory).
-_path_PEM_key = /etc/ssl/private/psyced_key.pem
+_path_PEM_key = psyced.key
-_path_PEM_certificate = /etc/ssl/certs/psyced_cert.pem
+_path_PEM_certificate = psyced.crt
 ; Remember to make these files accessible to the userid
 ; running the psyced daemon!
 

world/default/de/plain.textdb

@@ -4,6 +4,9 @@
 _warning_server_shutdown_temporary
 |Serverneustart: [_reason]
 
+_error_missing_circuit_encryption
+|Deine Verbindung ist plötzlich nicht mehr verschlüsselt. Bitte kontrolliere Deine Konfiguration.
+
 _warning_missing_circuit_encryption
 |Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!
 

world/default/en/plain.textdb

@@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## Check utf-8: Praise Atatürk!
 
+_error_missing_circuit_encryption
+|Your connection has downgraded from being encrypted. Please fix your configuration.
+
 _warning_missing_circuit_encryption
 |Your connection is not encrypted. You are putting other people's privacy at risk!
 

world/default/it/plain.textdb

@@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## tradotto al 30% ... cerca /TODO/ per continuare
 
+_error_missing_circuit_encryption
+|La tua connessione ha smesso di essere crittata. Controlla la tua configurazione.
+
 _warning_missing_circuit_encryption
 |La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!
 

world/drivers/ldmud/master/master.c

@@ -217,7 +217,7 @@ void receive_udp(string host, string msg, int port) {
 	if (strlen(msg) > 1 && msg[1] == '\n') switch(msg[0]) {
 #ifdef SPYC_PATH
 # if !__EFUN_DEFINED__(psyc_parse)
-#  echo New PSYC syntax will not work: Driver compiled without libpsyc!
+#  echo libpsyc is not enabled in driver. Using old protocol parser instead.
 # else
 	case '|':
 		unless (spycd) {

world/net/user.c

@@ -28,6 +28,7 @@ volatile mixed query;
 volatile mapping tags;
 volatile int showEcho;
 volatile mixed beQuiet;
+volatile int encrypted = 0;
 
 // my nickspace. used by psyctext(). could be passed as closure, but then
 // it wouldn't be available for *any* psyctext call in user objects.
@@ -1572,6 +1573,7 @@ logon() {
 	string evil;
 
 	if (tls_query_connection_state(ME) == 1) {
+	    encrypted++;
 	    // evil TLS ciphers are no problem if the connection is being
 	    // tunneled through SSH or Tor, so we shut up in that case.
 	    if (probably_private(ME) < PRIVACY_REASONABLE &&
@@ -1583,12 +1585,23 @@ logon() {
                 unless (beQuiet) w("_status_circuit_encryption_cipher");
 	    }
 	} else if (!probably_private(ME)) {
+	    if (encrypted) {
+		// do not allow a person to (be) downgrade(d) from TLS...
+		// at least not during the lifetime of this object
+		w("_error_missing_circuit_encryption"
+# ifdef _error_missing_circuit_encryption
+		  , _error_missing_circuit_encryption
+# endif
+		);
+		return remove_interactive(ME);
+	    } else {
 		w("_warning_missing_circuit_encryption"
 # ifdef _warning_missing_circuit_encryption
 		  , _warning_missing_circuit_encryption
 # endif
 		);
 	    }
+	}
 #endif
 	// cannot if (greeting) here this since jabber:iq:auth depends on this
 	// also greeting will only be defined after ::logon()