Commit Graph

918 Commits (54251acae34fe7d72f1f93a69158fbe16cc8a30e)

Author SHA1 Message Date
C. McEnroe 0b4004c202 Only explicitly load the default CA file on OpenBSD 2021-06-10 15:23:33 -04:00
Klemens Nanni 552cd49833 OpenBSD: Drop now unneeded promise from initial pledge
Both ssl(8) as well as ncurses(3) related files are now read completely
by the time of ircConfig() and uiInitEarly() respectively, so read
access to the filesystem is no longer needed at all unless the "log" or
"save" options are used.
2021-06-10 14:44:35 -04:00
Klemens Nanni 71a84aa502 OpenBSD: Remove now obsolete unveil code
Previous tls_default_ca_cert_file(3) hoisting makes this possible: all
TLS related files are fully loaded into memory by ircConfig() such that
ircConnect() will not do any file I/O.

Call ircConfig() before pledge(2) in the `-o' "print cert" case so this
works out -- that order should have been preserved in the previous
a989e15 "OpenBSD: hoist -o/printCert code to simplify" but fixing it now
nicely demonstrates the achivement even more so.
2021-06-10 14:44:35 -04:00
Klemens Nanni 171a56ee2d Hoist loading default root certificates into ircConfig()
tls_connect_socket(3) in ircConnect() does that by default already
unless tls_config_set_ca_file(3) was used.

Loading CA certificates before connecting makes no practical difference
except on OpenBSD where this allows for tighter unveil und pledge setups
now that all required (TLS related) file I/O is finished by the time
ircConnect() gets to do network I/O.

In case of the hidden `-!' insecure flag which is implied by `-o' to
print server certificates and exit, loading root certificates is not
required at all;  likewise, using explicit self signed server
certificates will not involve certificate authorities either, hence load
them only if needed.
2021-06-10 14:44:35 -04:00
Michael Forney 0a1cfca0f4 Avoid creating out-of-bounds pointer when checking for seprintf truncation
It is technically undefined behavior (see C11 6.5.6p8) to construct
a pointer more than one past the end of an array. To prevent this,
compare n with the remaining space in the array before adding to
ptr.
2021-06-09 17:54:26 -04:00
C. McEnroe dfc3ac95c1 Remove catf 2021-06-09 11:56:49 -04:00
C. McEnroe e066a954f5 Replace catf with seprintf 2021-06-09 11:56:35 -04:00
C. McEnroe 5c3cd59af6 Add seprintf
Based on seprint(2) from Plan 9. I'm not sure if my return value
exactly matches Plan 9's in the case of truncation. seprint(2) is
described only as returning a pointer to the terminating '\0', but
if it does so even in the case of truncation, it is awkward for the
caller to detect. This implementation returns end in the truncation
case, so that (ptr == end) indicates truncation.
2021-06-09 11:41:15 -04:00
Klemens Nanni 3d931d0f5a OpenBSD: pledge minimum promises from the start
catgirl needs:
- "stdio tty" at all times
- "rpath inet dns" once at startup for terminfo(5) and ssl(8)
- "proc exec" iff -R/restrict options is disabled
- "rpath wpath cpath" iff -s/save or -l/log options is enabled

Status quo:  catgirl starts with the superset of all possible promises
"stdio rpath wpath cpath inet dns tty proc exec", drops offline with
"stdio rpath wpath cpath tty proc exec" and possibly drops to either of
"stdio rpath wpath cpath tty", "stdio tty proc exec" or "stdio tty"
depending on the options used.

Such step-by-step reduction is straight forward and easy to model along
the process runtime, but it comes with the drawback of starting with
too broad promises right from the beginning, i.e. `catgirl -R -h host'
is able to execute code and write to filesystems even though it must
never do so according the (un)used options.

Lay out required promises up front and pledge in two stages:
1. initial setup, i.e. fixed "stdio tty" plus temporary "rpath inet dns"
   plus potential "rpath wpath cpath" plus potential "proc exec"
2. final rutime,  i.e. fixed "stdio tty"
   plus potential "rpath wpath cpath" plus potential "proc exec"

This way the above mentioned usage example can never execute or write
files, hence less potential for bugs and more accurate modelling of
catgirl's runtime -- dropping "inet dns" alone in between also becomes
obsolete with this approach.
2021-06-09 09:41:22 -04:00
Klemens Nanni c97a9eb870 OpenBSD: unveil after ncurses(3) init to support TERMINFO
initscr(3) in uiInitEarly() attempts more than /usr/share/terminfo/, see
`mandoc -O tag=TERMINFO ncurses`.

Even though non-default terminfo handling seems rare and it is unlikely
to have ever caused a problem for catgirl users on OpenBSD, the current
is still wrong by oversimplifying it.

Avoid the entire curses/unveil clash by setting up the screen before
unveiling.
2021-06-09 09:21:51 -04:00
Klemens Nanni a989e156a1 OpenBSD: hoist -o/printCert code to simplify
Nothing but the TLS handshake is required, so skip all other setup.

On OpenBSD, unveil() handling needs fixing which will involve code
reshuffling -- this is the first related but standalone step.

Also pledge this one-off code path individually such with simpler and
tighter promises while here.
2021-06-09 09:21:17 -04:00
C. McEnroe 7ea14eec84 Pad kiosk username with zero, not space
Oops!
2021-06-06 10:24:22 -04:00
Klemens Nanni 0fe004c5c4 OpenBSD: unveil XDG directories only when needed
The (not perfectly obvious) way catgirl crafts directories gets triggered
by unveilAll() even if no passed option requires filesystem access:

	$ env -i TERM=xterm ./catgirl -h irc.hackint.eu -R -n nobody
	catgirl: HOME unset

Here unveil(2) is used due to the "restrict" option, but besides terminfo(5)
and certificates catgirl does not need any other files, yet it tries to init
the data path -- passing XDG_DATA_HOME=/var/empty makes above invocation work
showing how the then successful path setup is not required.

Fix this by not unveiling the unneeded data path in the first place.
2021-06-06 10:18:52 -04:00
Klemens Nanni 1c7a755e67 Nickname defaults to system's username not IRC username
"username" alone is ambiguous and without jumping to ENVIRONMENT
explaining the use of USER, catgirl's user- and nickname options read
like pointing at each other:

-n nick | nick = nick
        Set nickname to nick.  The default nickname is the user's name.
[...]
-u user | user = user
        Set username to user.  The default username is the same as the
        nickname.

Clarify that `-n' does *not* default to `-u's value.
2021-06-05 16:02:46 -04:00
Michael Forney 8d7460859b Avoid writing past the end of the status bar
When waddnstr is called with a string that would extend past the
end of the window, the string is truncated, the cursor remains at
the last column, and ERR is returned. If this error is ignored and
the loop continues, the next call to waddnstr overwrites the character
at this column, resulting in a slight visual artifact. When the
window is too small to fit the full status line, it is effectively
truncated by one space on the right, since the string shown for
each channel begins with a space.  Additionally, if the last window
is the current window, the space is shown with a colored background.

To fix this, when waddnstr returns ERR, exit the loop in styleAdd()
early return -1 to propogate this error down to the caller.
2021-06-05 13:23:23 -04:00
C. McEnroe f559322224 List windows with /window
Reuse the /window command to preserve /wi abbreviation.
2021-05-28 20:40:25 -04:00
C. McEnroe 1deee3c81b Improve missing param behavior for /msg, /whois, /ns, /cs 2021-05-28 15:35:09 -04:00
C. McEnroe 98206d27ec Use | for /window | /num command 2021-05-28 15:04:08 -04:00
C. McEnroe fc327db52b Prefix = for options with No in manual
Without, the mandoc HTML output includes the space and equals in
the class="Cm" element and generates a permalink of #hash_= for
example.
2021-05-28 14:35:10 -04:00
Klemens Nanni 37343179a4 Tag config options in manual
E.g. ":t debug" will now jump right to the definition just like ":t v"
already did -- at least with mandoc(1) from OpenBSD.
2021-05-27 20:52:41 -04:00
C. McEnroe 27a93090bb Document channel key parameters 2021-05-27 14:10:34 -04:00
C. McEnroe b106440752 Set username from SSH_CLIENT in chroot 2021-05-27 15:53:02 +00:00
C. McEnroe 6d5bcf72c1 Hash the username in kiosk mode
So that the first part of $SSH_CLIENT can be passed as username.
2021-05-27 11:45:47 -04:00
C. McEnroe 5e7c31b637 Log nick and ssh connection in chroot-prompt 2021-05-27 15:19:33 +00:00
C. McEnroe 27c967864c Clarify -H hash option 2021-05-25 16:11:45 -04:00
Klemens Nanni 868c604a55 Use reverse video not colors for topic change when disabled
`-H 0,0`/"hash = 0,0" makes catgirl mostly colorless which is great,
but topic changes still hardcode brown/green colors to show differences
which is usually not desired by users (like me) disabling colors.

Go for a less eye stressing topic change message that shows both old
and new in reverse video with default terminal colors.

This isn't perfect, other parts of catgirl still hardcode colors and
`-H 0,0`/"hash = 0,0" was never meant to disable colors completely, but
topics change often enough that avoiding less readable^Waccessible topic
diffs seems sensible enough.

NB: parseHash() is brittle and "0,0" is not the only value disabling
colors...
2021-05-25 16:11:31 -04:00
Klemens Nanni f9a36441e0 Use color enum instead of hardcoded value 2021-05-25 14:33:08 -04:00
C. McEnroe 7bacf63d9e Don't require 4 parameters to ERR_USERONCHANNEL
It should have 4, but the handler only uses 3.
2021-05-20 16:38:22 -04:00
C. McEnroe c501437735 Replace freenode with tilde.chat 2021-05-19 11:00:15 -04:00
C. McEnroe 4ac099e31a Remove no longer needed advice about mandir 2021-05-04 18:35:18 -04:00
C. McEnroe 6207aaf1a8 Ignore messages in reply to previously ignored messages
Using the +draft/reply client tag, which is supported by BitBot.
This hides the bot's replies to ignored users or ignored bot command
messages.

This commit is dedicated to the land of Estonia.
2021-05-04 15:34:27 -04:00
C. McEnroe ff87d561bd Add support for BINDIR, fix default MANDIR, use LDADD vars
I avoided defaulting MANDIR to /usr/local/man because I thought it
didn't work on GNU/Linux and users would be confused, but it turns
out man-db's default configuration includes both /usr/local/man and
/usr/man, so ${PREFIX}/man is a sensical default.
2021-05-04 12:13:50 -04:00
C. McEnroe 94f79e889f Reset formatting after realnames 2021-04-27 21:06:16 -04:00
C. McEnroe cfd5bf213c Set id color from completion in /msg
In the same way that /query copies the id color from completion.
Also make both first check that a color isn't already set.
2021-04-16 16:39:24 -04:00
C. McEnroe 63bffae8c1 Always show 341 RPL_INVITING
At least in InspIRCd's implementation, you only get invite-notify
INVITEs if you are op, so inviting with no op (where allowed by a
channel mode) results in only a 341. On the other hand, inviting
as an op produces both a 341 and an INVITE, so will be displayed
twice, but showing something sometimes twice is better than not
showing it at all.
2021-04-16 16:39:24 -04:00
C. McEnroe df6bc07f44 Skip STATUSMSG prefixes
This feature is rarely used, so just skip STATUSMSG prefixes in the
target so messages get routed correctly.
2021-04-02 17:26:43 -04:00
C. McEnroe 86a0594cd2 Fix README typo
How long has this been here?
2021-03-18 16:15:06 -04:00
C. McEnroe d7ce4b9bc6 Add C-z keys for directly inserting most color codes
So you don't have to remember those dang numbers whose order makes
no sense!
2021-03-17 16:00:06 -04:00
C. McEnroe 8d56311314 Reset style after newline in input
Reflect what will actually be sent.
2021-03-17 13:49:26 -04:00
C. McEnroe 8ea881a097 Show where too-long-messages will be automatically split 2021-03-17 13:34:33 -04:00
C. McEnroe 64d14d3541 Allow multi-line /me and split long /me messages
/me shouldn't behave differently from a regular message.
2021-03-14 17:36:16 -04:00
Klemens Nanni e8be141cc0 Refer to glob(7) not sh(1)
Those patterns are not specific to the shell, many commands support them.
2021-03-13 13:23:24 -05:00
C. McEnroe 69450d9fe0 Add note about arrow and navigation keys
And I think with C-Left and C-Right I can actually say "as expected"
now.
2021-03-13 13:17:41 -05:00
Klemens Nanni 441f561f72 chat.tmux.conf: use config_files format for reload
The recent addition of "#{source_files}" allows us to avoid hardcoding
the file name and instead ask tmux itself for the very file it used to
create the session in the first place, i.e. "-f ./chat.tmux.conf".
2021-03-10 20:24:39 -05:00
C. McEnroe 34cfcb1f04 Attempt to clarify trust option use
Trust is not certificate pinning and should only be used for
self-signed certificates.
2021-03-08 12:42:43 -05:00
C. McEnroe 6435dfdda5 Disable nick and channel colors with hash bound 0 2021-03-08 10:47:18 -05:00
C. McEnroe 8f578ee73d Add bindings for C-Left and C-Right
Apparently these are common. There's no terminfo for these, so
manually define the xterm sequences.

There's no documentation in the manual for the "intuitive" keys...
I'm not sure if that should continue to be the case or not.
2021-03-07 18:18:37 -05:00
C. McEnroe d88ffd9f3f Add all window names to global completion
Don't want to be touching window names much though, otherwise query
window names would interfere with tab completion within a channel.
2021-03-02 14:45:01 -05:00
C. McEnroe f4e8f055fb Add workaround for lack of A_ITALIC in old ncurses
A_BLINK has probably always existed, but there's no good reason to
ever use it, so make it do italics instead. Normally all attributes
are set by a single set_attributes string if it's set, so clear it
to force ncurses to use the reassigned enter_blink_mode string. If
the terminal has no enter_italics_mode string, then nothing will
happen.

This makes setting multiple attributes a bit less efficient, but I
don't think it's likely to make much of a difference since using
multiple attributes at once is so uncommon.
2021-02-27 16:28:21 -05:00
C. McEnroe 06fb025496 Error if hash bound is less than 2
Bad things happen otherwise.
2021-02-25 22:36:06 -05:00