1
0
Fork 0
mirror of git://git.psyced.org/git/psyced synced 2024-08-15 03:25:10 +00:00

Merge remote-tracking branch 'origin'

This commit is contained in:
psyc://psyced.org/~lynX 2016-02-24 15:43:03 +01:00
commit 1cc3dc1dc8
10 changed files with 138 additions and 54 deletions

View file

@ -7,43 +7,53 @@ vim:nosmarttab:syntax=diff
| This file is mostly being used by lynX. The public bug tracker for psyced | This file is mostly being used by lynX. The public bug tracker for psyced
| resides at https://projects.tgbit.net/projects/psyced/ and contains the | resides at https://projects.tgbit.net/projects/psyced/ and contains the
| same stuff in a more multiuser accessible fashion. | same stuff in a more multiuser accessible fashion.
|
| Then again, no. psyced is in low maintenance mode since it roughly
| does what it should and we need a distributed communication system
| such as secushare.org anyway.
________________________________________________________________________ ________________________________________________________________________
== SERIOUS!!! ========================================================== == NUISANCES worth fixing, possibly ====================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
- MUC im arsch - offline messages not being output (which *can* work even with OTR!)
- fix /part behaviour <<< did i fix that recently?
- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt.
- xmpp friendships for local xmpp clients (see /show in and out)
- we should add warnings about browsers that arent mozilla compatible but claim to be
<<< did i recently fix that with browsercap?
+ clean-up and release the historic webchat code
(in case you wondered what browsercap is.. it's there)
== XMPP MUC MOSTLY BROKEN ==============================================
* XMTUX sagt: and these scratchboard-messages and the "going down" messages are sent by this "special user", too
* why do these messags have the type "chat" and not "groupchat"?
* <message from='*welcome@psyced.org/psyc://psyced.org:51024d/' to='[censored-recipient]' type='groupchat'> <- this is a snippet of the xml that was just sent by psyced
* while the other messages are sent with ¿<message from='*welcome@psyced.org' to='[censored-recipient]/Home' type='chat'>)
* XMTUX: zu eurer info, es scheint irgendwie möglich zu sein, nachrichten vom muc selbst kommen zu lassen, d.h. sowas wie ¿<message from='room@server.com' to='user@server.de/Home' type='groupchat'> funktioniert... (damit könnte man diese ganzen nachrichten, die jetzt au?erhalb des muc oder von einem komischen user erscheinen schön in den raum machen)
- remote psycers do not always show up properly via jabber client + MUC
* see also older notes below on "MUC"
________________________________________________________________________
== desperate, but not serious ==========================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
- check in user:input() if data is in utf8 (using RE_UTF8) in order to produce - check in user:input() if data is in utf8 (using RE_UTF8) in order to produce
proper error messages before it is processed further and may end up in proper error messages before it is processed further and may end up in
net/jabber's emit() where it is dropped silently (see CHARS_XMPP.log) net/jabber's emit() where it is dropped silently (see CHARS_XMPP.log)
- make polly use oauth SAME BUG?
- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt.
- remote psycers do not always show up properly via jabber client + MUC
- /m freenode:symlynx hey
Sorry, _message_private is not supported by the IRC gateway.
huh? wasn't that once the point to make them? debug...
- msg from irc to remote psyc user doesn't work:
ERQ could not resolve "symlynX".
(it tries to resolve the irc:nick)
- "invalid context" errors happen where local rooms send _context - "invalid context" errors happen where local rooms send _context
as string uniform while local users expect the object pointer. huh? as string uniform while local users expect the object pointer. huh?
LPC LPC
- large submissions into scratchpad can crash the driver - large submissions into scratchpad can crash the driver (disable http?)
- configure script fails on libidn now being in glibc - unsafe buffer operations in erq (annoying but harmless)
- buffer stuff in erq
________________________________________________________________________ ________________________________________________________________________
== NEXT RELEASE ======================================================== == considered important long time ago ==================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
+ active certs: have data/host/psyc.host.name.pem contain tls cert - fix /PART behaviour... what is wrong with it?
for this host, so when that file exists psyced automatically tries
a tls_init_connection() when psyc-connecting that host and checks if
the certificate is still correct. it also does on incoming tls.
- net/jabber reissues unnecessary friend() requests whenever a user simply - net/jabber reissues unnecessary friend() requests whenever a user simply
reorganizes friends into other roster groups reorganizes friends into other roster groups
@ -58,8 +68,6 @@ ________________________________________________________________________
- autorefetch twitter isnt working - autorefetch twitter isnt working
http/fetch is too complicated. throw out the queue and callback logic. kiss! http/fetch is too complicated. throw out the queue and callback logic. kiss!
? support tls multiplexing on all suitable ports
? bugs in psyced install procedure ? bugs in psyced install procedure
- pointless to keep gentoo files in this git, if they can't be updated - pointless to keep gentoo files in this git, if they can't be updated
@ -68,7 +76,7 @@ ________________________________________________________________________
+ teach net/smtp to trust localhost etc. + teach net/smtp to trust localhost etc.
+ teach net/smtp to ask recipient object if spam rules are to be applied + teach net/smtp to ask recipient object if spam rules are to be applied
________________________________________________________________________ ________________________________________________________________________
== currently being inspected =========================================== == forever being inspected =============================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
- https://psyced.org/~lynX should use web browser language, not mine - https://psyced.org/~lynX should use web browser language, not mine
@ -90,9 +98,6 @@ ________________________________________________________________________
USE_THE_NICK code running. several "invite issues" should be solved once USE_THE_NICK code running. several "invite issues" should be solved once
nicks are gone. nicks are gone.
- psyced.org tells me: Ungültige Route nach psyc://psyced.org
im psyc://psyced.org/~lynx Context festgestellt.
? who's gonna clean up the mess of having too many websites ? ? who's gonna clean up the mess of having too many websites ?
- when provided with a _focus pointing to yourself, _request_execute will - when provided with a _focus pointing to yourself, _request_execute will
@ -1556,6 +1561,14 @@ ________________________________________________________________________
not need anybody's permission to do so. ok forget this. just documenting not need anybody's permission to do so. ok forget this. just documenting
this here and poof forget it again. this here and poof forget it again.
== IDEAS from the long gone TLS era ====================================
+ active certs: have data/host/psyc.host.name.pem contain tls cert
for this host, so when that file exists psyced automatically tries
a tls_init_connection() when psyc-connecting that host and checks if
the certificate is still correct. it also does on incoming tls.
(later people called this technique 'CERTIFICATE PINNING')
== PSYC CLIENTS ======================================================== == PSYC CLIENTS ========================================================
- tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo - tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo
is not accepted by the UNI and thus does not make it into _list_places is not accepted by the UNI and thus does not make it into _list_places
@ -3940,4 +3953,13 @@ net/spyc net/psyc
(and still doesn't address the many problems of federation) (and still doesn't address the many problems of federation)
=== 201509 ============================================================ === 201509 ============================================================
- fixed autojoin bug for psyc, telnet and webchat users - fixed autojoin bug for psyc, telnet and webchat users
=== 201510 ============================================================
- assert mapping during unlink (triggered by old .o file)
=== 201601 ============================================================
+ looks like it is a good idea to activate XMPP_BIDI by default
- folklore: fixed the output order of messages in place/basic
=== 201602 ============================================================
+ irc: introducing _data_psyctext as a way to output the proper
psyced error message to IRC clients when failing to enter
a channel with restrictions like obligatory encryption

View file

@ -44,18 +44,36 @@ use File::Spec;
# } # }
#} #}
sub debug() { 0 }
# append something while testing # append something while testing
#my $test = "-NEW"; #my $test = "-NEW";
use Data::Dumper; #use Data::Dumper;
sub say { sub say {
print join('', @_); # if $test; print join('', @_); # if $test;
} }
sub sys {
print join(' ', @_), "\n" if debug;
if (system(@_)) {
if ($? == -1) {
print "\t{failed to execute: $!}\n";
} elsif ($? & 127) {
printf "\t{command died with sig %d, %s core dump}\n",
($? & 127), ($? & 128) ? 'with' : 'without';
} else {
printf "\t{command exited with value %d}\n", $? >> 8;
}
exit $? if $?;
exit $@ if $@;
}
}
### MAIN ### ### MAIN ###
# if you are manually compiling an ldmud, rename it or change here. # if you are manually compiling an ldmud, rename it or change here.
my $driver = 'psyclpc'; my $driver = 'psyclpc';
my $newbie = 0;
use Getopt::Std; use Getopt::Std;
&getopt; &getopt;
@ -166,8 +184,26 @@ X
$c{_basic_host_name} || 'psyced'; $c{_basic_host_name} || 'psyced';
$chatname = 'psyced' if $chatname eq 'psyc'; $chatname = 'psyced' if $chatname eq 'psyc';
# say "Generating control files in $c{_basic_path_base} ..\n\n"; my $t = "$base/local";
my $t = "$base/local/ports.h$test"; unless (-w $t) {
$newbie = 1;
say <<X;
Welcome new installer!
Copying (just this time) default configuration into $t ..
X
sys("/bin/cp", "-rp", "$base/config/blueprint", $t);
}
$t = "$base/data";
mkdir($t) unless -w $t;
$t = "$base/data/person";
mkdir($t) unless -w $t;
$t = "$base/data/place";
mkdir($t) unless -w $t;
$t = "$base/log";
mkdir($t) unless -w $t;
$t = "$base/local/ports.h$test";
say "Generating control file $t ..\n"; say "Generating control file $t ..\n";
rename $t, "$t~"; rename $t, "$t~";
open O, '>', $t or die "Cannot write to $t"; open O, '>', $t or die "Cannot write to $t";
@ -549,6 +585,7 @@ X
print O "\t\$commandline\n"; print O "\t\$commandline\n";
} else { } else {
say "The file $sandbox/log/psyced.out will contain the runtime output.\n"; say "The file $sandbox/log/psyced.out will contain the runtime output.\n";
say "The file $sandbox/log/psyced.err will contain error messages.\n";
print O <<X; print O <<X;
touch $sandbox/log/psyced.out $sandbox/log/psyced.err touch $sandbox/log/psyced.out $sandbox/log/psyced.err
$domv $sandbox/log/psyced.err $sandbox/log/psyced.err-old $domv $sandbox/log/psyced.err $sandbox/log/psyced.err-old
@ -581,9 +618,9 @@ X
# PSYCED INIT.D SCRIPT # PSYCED INIT.D SCRIPT
$t = "$base/etc"; $t = "$base/etc";
mkdir($t); mkdir($t) unless -w $t;
$t .= "/init.d"; $t .= "/init.d";
mkdir($t); mkdir($t) unless -w $t;
$t .= "/psyced$test"; $t .= "/psyced$test";
say "Generating control file $t ..\n"; say "Generating control file $t ..\n";
rename $t, "$t~"; rename $t, "$t~";
@ -675,13 +712,13 @@ X
# TORRC # TORRC
$t = "$base/etc/tor"; $t = "$base/etc/tor";
mkdir($t); mkdir($t) unless -w $t;
$t = "$base/var"; $t = "$base/var";
mkdir($t); mkdir($t) unless -w $t;
$t = "$base/var/tor"; $t = "$base/var/tor";
mkdir($t); mkdir($t) unless -w $t;
$t = "$base/etc/tor/torrc"; $t = "$base/etc/tor/torrc";
say "Generating Tor configuration $t ..\n"; say "Generating optional Tor configuration $t ..\n";
rename $t, "$t~"; rename $t, "$t~";
open O, '>', $t or die "Cannot write to $t"; open O, '>', $t or die "Cannot write to $t";
@ -822,7 +859,9 @@ X
## end of former archetype.pl ## end of former archetype.pl
unless ($newbie) {
say "\nCaution: You may have to completely shut down and restart psyced\n"; say "\nCaution: You may have to completely shut down and restart psyced\n";
say "to ensure the newly generated start-up scripts are actually used.\n"; say "to ensure the newly generated start-up scripts are actually used.\n";
}
# vim:ts=8 # vim:ts=8

View file

@ -11,6 +11,7 @@
[_basic] [_basic]
; Base directory of this PSYCED installation ; Base directory of this PSYCED installation
_path_base = /opt/psyced _path_base = /opt/psyced
; psyced runs in a sandbox of psyclpc and therefore needs this to be writable
; Configuration directory of this PSYCED installation ; Configuration directory of this PSYCED installation
; psyconf will automatically search /etc/psyc for psyced.ini. ; psyconf will automatically search /etc/psyc for psyced.ini.
@ -20,8 +21,8 @@ _path_configuration = /etc/psyc
; Path leading to your private and public TLS keys ; Path leading to your private and public TLS keys
; (absolute or relative to the configuration directory). ; (absolute or relative to the configuration directory).
_path_PEM_key = /etc/ssl/private/psyced_key.pem _path_PEM_key = psyced.key
_path_PEM_certificate = /etc/ssl/certs/psyced_cert.pem _path_PEM_certificate = psyced.crt
; Remember to make these files accessible to the userid ; Remember to make these files accessible to the userid
; running the psyced daemon! ; running the psyced daemon!

View file

@ -4,6 +4,9 @@
_warning_server_shutdown_temporary _warning_server_shutdown_temporary
|Serverneustart: [_reason] |Serverneustart: [_reason]
_error_missing_circuit_encryption
|Deine Verbindung ist plötzlich nicht mehr verschlüsselt. Bitte kontrolliere Deine Konfiguration.
_warning_missing_circuit_encryption _warning_missing_circuit_encryption
|Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen! |Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!

View file

@ -1,6 +1,9 @@
<PSYC:TEXTDB> ## vim:syntax=mail <PSYC:TEXTDB> ## vim:syntax=mail
## Check utf-8: Praise Atatürk! ## Check utf-8: Praise Atatürk!
_error_missing_circuit_encryption
|Your connection has downgraded from being encrypted. Please fix your configuration.
_warning_missing_circuit_encryption _warning_missing_circuit_encryption
|Your connection is not encrypted. You are putting other people's privacy at risk! |Your connection is not encrypted. You are putting other people's privacy at risk!

View file

@ -1,6 +1,9 @@
<PSYC:TEXTDB> ## vim:syntax=mail <PSYC:TEXTDB> ## vim:syntax=mail
## tradotto al 30% ... cerca /TODO/ per continuare ## tradotto al 30% ... cerca /TODO/ per continuare
_error_missing_circuit_encryption
|La tua connessione ha smesso di essere crittata. Controlla la tua configurazione.
_warning_missing_circuit_encryption _warning_missing_circuit_encryption
|La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone! |La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!

View file

@ -217,7 +217,7 @@ void receive_udp(string host, string msg, int port) {
if (strlen(msg) > 1 && msg[1] == '\n') switch(msg[0]) { if (strlen(msg) > 1 && msg[1] == '\n') switch(msg[0]) {
#ifdef SPYC_PATH #ifdef SPYC_PATH
# if !__EFUN_DEFINED__(psyc_parse) # if !__EFUN_DEFINED__(psyc_parse)
# echo New PSYC syntax will not work: Driver compiled without libpsyc! # echo libpsyc is not enabled in driver. Using old protocol parser instead.
# else # else
case '|': case '|':
unless (spycd) { unless (spycd) {

View file

@ -28,6 +28,7 @@ volatile mixed query;
volatile mapping tags; volatile mapping tags;
volatile int showEcho; volatile int showEcho;
volatile mixed beQuiet; volatile mixed beQuiet;
volatile int encrypted = 0;
// my nickspace. used by psyctext(). could be passed as closure, but then // my nickspace. used by psyctext(). could be passed as closure, but then
// it wouldn't be available for *any* psyctext call in user objects. // it wouldn't be available for *any* psyctext call in user objects.
@ -1572,6 +1573,7 @@ logon() {
string evil; string evil;
if (tls_query_connection_state(ME) == 1) { if (tls_query_connection_state(ME) == 1) {
encrypted++;
// evil TLS ciphers are no problem if the connection is being // evil TLS ciphers are no problem if the connection is being
// tunneled through SSH or Tor, so we shut up in that case. // tunneled through SSH or Tor, so we shut up in that case.
if (probably_private(ME) < PRIVACY_REASONABLE && if (probably_private(ME) < PRIVACY_REASONABLE &&
@ -1583,12 +1585,23 @@ logon() {
unless (beQuiet) w("_status_circuit_encryption_cipher"); unless (beQuiet) w("_status_circuit_encryption_cipher");
} }
} else if (!probably_private(ME)) { } else if (!probably_private(ME)) {
if (encrypted) {
// do not allow a person to (be) downgrade(d) from TLS...
// at least not during the lifetime of this object
w("_error_missing_circuit_encryption"
# ifdef _error_missing_circuit_encryption
, _error_missing_circuit_encryption
# endif
);
return remove_interactive(ME);
} else {
w("_warning_missing_circuit_encryption" w("_warning_missing_circuit_encryption"
# ifdef _warning_missing_circuit_encryption # ifdef _warning_missing_circuit_encryption
, _warning_missing_circuit_encryption , _warning_missing_circuit_encryption
# endif # endif
); );
} }
}
#endif #endif
// cannot if (greeting) here this since jabber:iq:auth depends on this // cannot if (greeting) here this since jabber:iq:auth depends on this
// also greeting will only be defined after ::logon() // also greeting will only be defined after ::logon()