search

charybdis-ircd / charybdis

Scalable IRCv3.2 server for large, community-oriented networks
GNU General Public License v2.0
231 stars 102 forks source link

KICK without a source is ignored #367

Closed JustAnotherArchivist closed 3 years ago

JustAnotherArchivist commented 3 years ago

It appears that charybdis always requires a source on KICK commands coming from a client. KICK #channel other fails silently (i.e. no ERR_CHANOPRIVSNEEDED reply if I don't have ops, no kick if I do), but :me KICK #channel other works as expected (ERR_CHANOPRIVSNEEDED or successful kick). This is contrary to RFC 1459, which actually even includes an example without a source. The modern IRC docs are currently missing documentation on the KICK command (https://github.com/ircdocs/modern-irc/issues/2).

I discovered this on hackint, which is currently running 3.5.6 and 3.5.7 (varying by server) according to RPL_YOURHOST. Based on the messages of commits made to modules/core/m_kick.c since then, it doesn't seem like this was fixed, but I'm unable to test with the most recent version at the moment. Apologies if this is no longer relevant.

One interesting thing I observed is that, when using openssl s_client for these tests, the source-less KICK always triggers a KEYUPDATE in OpenSSL. This could be entirely unrelated, but I figured I'd mention it anyway since I didn't see it happen on any other occasion in my tests.

aaronmdjones commented 3 years ago

I am unable to reproduce this on Charybdis 3.5.

(Where <-- indicates commands sent, and --> received, from WeeChat's rawlog)

10:20:08Z <-- AlphaChat │ JOIN #ftg7h8f9f3fb
10:20:08Z --> AlphaChat │ :Aaron!aaron@alphachat.net JOIN #ftg7h8f9f3fb Aaron :Aaron Jones
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net MODE #ftg7h8f9f3fb +nt
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net 353 Aaron = #ftg7h8f9f3fb :@Aaron!aaron@alphachat.net
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net 366 Aaron #ftg7h8f9f3fb :End of /NAMES list.
10:20:08Z <-- AlphaChat │ MODE #ftg7h8f9f3fb
10:20:08Z <-- AlphaChat │ WHO #ftg7h8f9f3fb %cuhsnfdar
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net 324 Aaron #ftg7h8f9f3fb +nt
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net 329 Aaron #ftg7h8f9f3fb 1601893208
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net 354 Aaron #ftg7h8f9f3fb aaron alphachat.net hub-eu1.alphachat.net Aaron H*@ 0 Aaron :Aaron Jones
10:20:08Z --> AlphaChat │ :hub-eu1.alphachat.net 315 Aaron #ftg7h8f9f3fb :End of /WHO list.

10:20:26Z --> AlphaChat │ :UltraBot!~UltraBot@I.Belong.To.Aaron JOIN #ftg7h8f9f3fb UltraBot :UltraBot Perl IRC Bot v2.7

(/quote KICK #ftg7h8f9f3fb UltraBot)

10:20:33Z <-- AlphaChat │ KICK #ftg7h8f9f3fb UltraBot
10:20:33Z --> AlphaChat │ :Aaron!aaron@alphachat.net KICK #ftg7h8f9f3fb UltraBot :UltraBot

(The victim is kicked at this point)

10:21:07Z <-- AlphaChat │ VERSION
10:21:07Z --> AlphaChat │ :hub-eu1.alphachat.net 351 Aaron charybdis-3.5.5(20180812-151c461). hub-eu1.alphachat.net :eHIKMpS6 TS6ow 1EU
jesopo commented 3 years ago

I'm not even able to repro on hackint

> JOIN ##jesstest
< :jesstest!jess@hostname JOIN ##jesstest
< :nuke.hackint.org 353 jesstest = ##jesstest :jesstest @jess
< :nuke.hackint.org 366 jesstest ##jesstest :End of /NAMES list.
< :jess!jess@hackint/user/jess MODE ##jesstest +o jesstest
> KICK ##jesstest jess
< :jesstest!jess@hostname KICK ##jesstest jess :jess
> VERSION
< :nuke.hackint.org 351 jesstest charybdis-3.5.7-529e870(20200301-529e870). nuke.hackint.org :eIKMpZ6 TS6ow 666
JustAnotherArchivist commented 3 years ago

As it turns out, this is coming from openssl s_client, and the KEYUPDATE I mentioned above is indeed related: s_client interprets any line that starts with a K as 'Send a key update message to the server and request one back (TLSv1.3 only)' per the 'CONNECTED COMMANDS' section of the man page. -ign_eof has the side effect of disabling these commands, and I can confirm that everything works as expected with that option.

Sorry for the noise.

jesopo commented 3 years ago

might I suggest you use ircdog instead of s_client