Merge remote-tracking branch 'origin'

This commit is contained in:
psyc://psyced.org/~lynX 2016-02-24 15:43:03 +01:00
commit 1cc3dc1dc8
10 changed files with 138 additions and 54 deletions

View File

@ -7,43 +7,53 @@ vim:nosmarttab:syntax=diff
| This file is mostly being used by lynX. The public bug tracker for psyced
| resides at https://projects.tgbit.net/projects/psyced/ and contains the
| same stuff in a more multiuser accessible fashion.
|
| Then again, no. psyced is in low maintenance mode since it roughly
| does what it should and we need a distributed communication system
| such as secushare.org anyway.
________________________________________________________________________
== SERIOUS!!! ==========================================================
== NUISANCES worth fixing, possibly ====================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
- MUC im arsch
- fix /part behaviour
- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt.
- offline messages not being output (which *can* work even with OTR!)
<<< did i fix that recently?
- xmpp friendships for local xmpp clients (see /show in and out)
- we should add warnings about browsers that arent mozilla compatible but claim to be
<<< did i recently fix that with browsercap?
+ clean-up and release the historic webchat code
(in case you wondered what browsercap is.. it's there)
== XMPP MUC MOSTLY BROKEN ==============================================
* XMTUX sagt: and these scratchboard-messages and the "going down" messages are sent by this "special user", too
* why do these messags have the type "chat" and not "groupchat"?
* <message from='*welcome@psyced.org/psyc://psyced.org:51024d/' to='[censored-recipient]' type='groupchat'> <- this is a snippet of the xml that was just sent by psyced
* while the other messages are sent with ¿<message from='*welcome@psyced.org' to='[censored-recipient]/Home' type='chat'>)
* XMTUX: zu eurer info, es scheint irgendwie möglich zu sein, nachrichten vom muc selbst kommen zu lassen, d.h. sowas wie ¿<message from='room@server.com' to='user@server.de/Home' type='groupchat'> funktioniert... (damit könnte man diese ganzen nachrichten, die jetzt au?erhalb des muc oder von einem komischen user erscheinen schön in den raum machen)
- remote psycers do not always show up properly via jabber client + MUC
* see also older notes below on "MUC"
________________________________________________________________________
== desperate, but not serious ==========================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
- check in user:input() if data is in utf8 (using RE_UTF8) in order to produce
proper error messages before it is processed further and may end up in
net/jabber's emit() where it is dropped silently (see CHARS_XMPP.log)
- make polly use oauth
- remote psycers do not always show up properly via jabber client + MUC
- /m freenode:symlynx hey
Sorry, _message_private is not supported by the IRC gateway.
huh? wasn't that once the point to make them? debug...
- msg from irc to remote psyc user doesn't work:
ERQ could not resolve "symlynX".
(it tries to resolve the irc:nick)
SAME BUG?
- Ungültige Route nach psyc://psyced.org im psyc://psyced.org/~lynx Context festgestellt.
- "invalid context" errors happen where local rooms send _context
as string uniform while local users expect the object pointer. huh?
LPC
- large submissions into scratchpad can crash the driver
- configure script fails on libidn now being in glibc
- buffer stuff in erq
- large submissions into scratchpad can crash the driver (disable http?)
- unsafe buffer operations in erq (annoying but harmless)
________________________________________________________________________
== NEXT RELEASE ========================================================
== considered important long time ago ==================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
+ active certs: have data/host/psyc.host.name.pem contain tls cert
for this host, so when that file exists psyced automatically tries
a tls_init_connection() when psyc-connecting that host and checks if
the certificate is still correct. it also does on incoming tls.
- fix /PART behaviour... what is wrong with it?
- net/jabber reissues unnecessary friend() requests whenever a user simply
reorganizes friends into other roster groups
@ -58,8 +68,6 @@ ________________________________________________________________________
- autorefetch twitter isnt working
http/fetch is too complicated. throw out the queue and callback logic. kiss!
? support tls multiplexing on all suitable ports
? bugs in psyced install procedure
- pointless to keep gentoo files in this git, if they can't be updated
@ -68,7 +76,7 @@ ________________________________________________________________________
+ teach net/smtp to trust localhost etc.
+ teach net/smtp to ask recipient object if spam rules are to be applied
________________________________________________________________________
== currently being inspected ===========================================
== forever being inspected =============================================
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
- https://psyced.org/~lynX should use web browser language, not mine
@ -90,9 +98,6 @@ ________________________________________________________________________
USE_THE_NICK code running. several "invite issues" should be solved once
nicks are gone.
- psyced.org tells me: Ungültige Route nach psyc://psyced.org
im psyc://psyced.org/~lynx Context festgestellt.
? who's gonna clean up the mess of having too many websites ?
- when provided with a _focus pointing to yourself, _request_execute will
@ -1556,6 +1561,14 @@ ________________________________________________________________________
not need anybody's permission to do so. ok forget this. just documenting
this here and poof forget it again.
== IDEAS from the long gone TLS era ====================================
+ active certs: have data/host/psyc.host.name.pem contain tls cert
for this host, so when that file exists psyced automatically tries
a tls_init_connection() when psyc-connecting that host and checks if
the certificate is still correct. it also does on incoming tls.
(later people called this technique 'CERTIFICATE PINNING')
== PSYC CLIENTS ========================================================
- tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo
is not accepted by the UNI and thus does not make it into _list_places
@ -3940,4 +3953,13 @@ net/spyc net/psyc
(and still doesn't address the many problems of federation)
=== 201509 ============================================================
- fixed autojoin bug for psyc, telnet and webchat users
=== 201510 ============================================================
- assert mapping during unlink (triggered by old .o file)
=== 201601 ============================================================
+ looks like it is a good idea to activate XMPP_BIDI by default
- folklore: fixed the output order of messages in place/basic
=== 201602 ============================================================
+ irc: introducing _data_psyctext as a way to output the proper
psyced error message to IRC clients when failing to enter
a channel with restrictions like obligatory encryption

View File

@ -44,18 +44,36 @@ use File::Spec;
# }
#}
sub debug() { 0 }
# append something while testing
#my $test = "-NEW";
use Data::Dumper;
#use Data::Dumper;
sub say {
print join('', @_); # if $test;
}
sub sys {
print join(' ', @_), "\n" if debug;
if (system(@_)) {
if ($? == -1) {
print "\t{failed to execute: $!}\n";
} elsif ($? & 127) {
printf "\t{command died with sig %d, %s core dump}\n",
($? & 127), ($? & 128) ? 'with' : 'without';
} else {
printf "\t{command exited with value %d}\n", $? >> 8;
}
exit $? if $?;
exit $@ if $@;
}
}
### MAIN ###
# if you are manually compiling an ldmud, rename it or change here.
my $driver = 'psyclpc';
my $newbie = 0;
use Getopt::Std;
&getopt;
@ -166,8 +184,26 @@ X
$c{_basic_host_name} || 'psyced';
$chatname = 'psyced' if $chatname eq 'psyc';
# say "Generating control files in $c{_basic_path_base} ..\n\n";
my $t = "$base/local/ports.h$test";
my $t = "$base/local";
unless (-w $t) {
$newbie = 1;
say <<X;
Welcome new installer!
Copying (just this time) default configuration into $t ..
X
sys("/bin/cp", "-rp", "$base/config/blueprint", $t);
}
$t = "$base/data";
mkdir($t) unless -w $t;
$t = "$base/data/person";
mkdir($t) unless -w $t;
$t = "$base/data/place";
mkdir($t) unless -w $t;
$t = "$base/log";
mkdir($t) unless -w $t;
$t = "$base/local/ports.h$test";
say "Generating control file $t ..\n";
rename $t, "$t~";
open O, '>', $t or die "Cannot write to $t";
@ -549,6 +585,7 @@ X
print O "\t\$commandline\n";
} else {
say "The file $sandbox/log/psyced.out will contain the runtime output.\n";
say "The file $sandbox/log/psyced.err will contain error messages.\n";
print O <<X;
touch $sandbox/log/psyced.out $sandbox/log/psyced.err
$domv $sandbox/log/psyced.err $sandbox/log/psyced.err-old
@ -581,9 +618,9 @@ X
# PSYCED INIT.D SCRIPT
$t = "$base/etc";
mkdir($t);
mkdir($t) unless -w $t;
$t .= "/init.d";
mkdir($t);
mkdir($t) unless -w $t;
$t .= "/psyced$test";
say "Generating control file $t ..\n";
rename $t, "$t~";
@ -675,13 +712,13 @@ X
# TORRC
$t = "$base/etc/tor";
mkdir($t);
mkdir($t) unless -w $t;
$t = "$base/var";
mkdir($t);
mkdir($t) unless -w $t;
$t = "$base/var/tor";
mkdir($t);
mkdir($t) unless -w $t;
$t = "$base/etc/tor/torrc";
say "Generating Tor configuration $t ..\n";
say "Generating optional Tor configuration $t ..\n";
rename $t, "$t~";
open O, '>', $t or die "Cannot write to $t";
@ -822,7 +859,9 @@ X
## end of former archetype.pl
unless ($newbie) {
say "\nCaution: You may have to completely shut down and restart psyced\n";
say "to ensure the newly generated start-up scripts are actually used.\n";
}
# vim:ts=8

View File

@ -11,6 +11,7 @@
[_basic]
; Base directory of this PSYCED installation
_path_base = /opt/psyced
; psyced runs in a sandbox of psyclpc and therefore needs this to be writable
; Configuration directory of this PSYCED installation
; psyconf will automatically search /etc/psyc for psyced.ini.
@ -20,8 +21,8 @@ _path_configuration = /etc/psyc
; Path leading to your private and public TLS keys
; (absolute or relative to the configuration directory).
_path_PEM_key = /etc/ssl/private/psyced_key.pem
_path_PEM_certificate = /etc/ssl/certs/psyced_cert.pem
_path_PEM_key = psyced.key
_path_PEM_certificate = psyced.crt
; Remember to make these files accessible to the userid
; running the psyced daemon!

View File

@ -4,6 +4,9 @@
_warning_server_shutdown_temporary
|Serverneustart: [_reason]
_error_missing_circuit_encryption
|Deine Verbindung ist plötzlich nicht mehr verschlüsselt. Bitte kontrolliere Deine Konfiguration.
_warning_missing_circuit_encryption
|Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!

View File

@ -1,6 +1,9 @@
<PSYC:TEXTDB> ## vim:syntax=mail
## Check utf-8: Praise Atatürk!
_error_missing_circuit_encryption
|Your connection has downgraded from being encrypted. Please fix your configuration.
_warning_missing_circuit_encryption
|Your connection is not encrypted. You are putting other people's privacy at risk!

View File

@ -1,6 +1,9 @@
<PSYC:TEXTDB> ## vim:syntax=mail
## tradotto al 30% ... cerca /TODO/ per continuare
_error_missing_circuit_encryption
|La tua connessione ha smesso di essere crittata. Controlla la tua configurazione.
_warning_missing_circuit_encryption
|La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!

View File

@ -217,7 +217,7 @@ void receive_udp(string host, string msg, int port) {
if (strlen(msg) > 1 && msg[1] == '\n') switch(msg[0]) {
#ifdef SPYC_PATH
# if !__EFUN_DEFINED__(psyc_parse)
# echo New PSYC syntax will not work: Driver compiled without libpsyc!
# echo libpsyc is not enabled in driver. Using old protocol parser instead.
# else
case '|':
unless (spycd) {

View File

@ -28,6 +28,7 @@ volatile mixed query;
volatile mapping tags;
volatile int showEcho;
volatile mixed beQuiet;
volatile int encrypted = 0;
// my nickspace. used by psyctext(). could be passed as closure, but then
// it wouldn't be available for *any* psyctext call in user objects.
@ -1572,6 +1573,7 @@ logon() {
string evil;
if (tls_query_connection_state(ME) == 1) {
encrypted++;
// evil TLS ciphers are no problem if the connection is being
// tunneled through SSH or Tor, so we shut up in that case.
if (probably_private(ME) < PRIVACY_REASONABLE &&
@ -1583,12 +1585,23 @@ logon() {
unless (beQuiet) w("_status_circuit_encryption_cipher");
}
} else if (!probably_private(ME)) {
if (encrypted) {
// do not allow a person to (be) downgrade(d) from TLS...
// at least not during the lifetime of this object
w("_error_missing_circuit_encryption"
# ifdef _error_missing_circuit_encryption
, _error_missing_circuit_encryption
# endif
);
return remove_interactive(ME);
} else {
w("_warning_missing_circuit_encryption"
# ifdef _warning_missing_circuit_encryption
, _warning_missing_circuit_encryption
# endif
);
}
}
#endif
// cannot if (greeting) here this since jabber:iq:auth depends on this
// also greeting will only be defined after ::logon()