diff --git a/doc/RELEASE-NOTES.md b/doc/RELEASE-NOTES.md index 980cac135..9cd94691e 100644 --- a/doc/RELEASE-NOTES.md +++ b/doc/RELEASE-NOTES.md @@ -18,14 +18,25 @@ This version comes with a few enhancements and has quite a number of bugfixes. have not even send a message yet. * The [module manager](https://www.unrealircd.org/docs/Module_manager) now allows 3rd party modules to specify external libraries and build flags. +* Two new settings that control the use of `SETIDENT` and `SETNAME`: + * [set::allow-setident](https://www.unrealircd.org/docs/Set_block#set::allow-setident) + now defaults to 'no'. Previously all users were allowed to change their + ident (taking into account + [set::allow-userhost-change](https://www.unrealircd.org/docs/Set_block#set::allow-userhost-change) + restrictions). + * [set::allow-setname])(https://www.unrealircd.org/docs/Set_block#set::allow-setname) + has a default of 'yes' which matches older UnrealIRCd versions (no change). + Perhaps some admins who use controlled (web)chats may want to set this + to 'no' if users are not supposed to change their realname/gecos. + This is probably rare, but they have the option now. ### Changes: -* Small updates to `HELPOP`. * `./unrealircd module install` now gives a non-zero exit code on failure * If SASL authentication is ongoing and a client sends `CAP END`, we now wait for SASL to succeed/fail/timeout before actually ending the handshake. This solves a race condition for IRC clients that don't follow the recommendation in the [sasl specification](https://ircv3.net/specs/extensions/sasl-3.1#the-authenticate-command). +* Small updates to `HELPOP`. * Slightly raise default [set::handshake-timeout](https://www.unrealircd.org/docs/Set_block#set::handshake-timeout) from 30 to 40 seconds. diff --git a/include/dynconf.h b/include/dynconf.h index d33ca4909..be301c865 100644 --- a/include/dynconf.h +++ b/include/dynconf.h @@ -102,6 +102,8 @@ struct Configuration { char *outdated_tls_policy_oper_message; Policy outdated_tls_policy_server; enum UHAllowed userhost_allowed; + int allow_setident; + int allow_setname; char *restrict_channelmodes; int named_extended_bans; char *channel_command_prefix; @@ -327,6 +329,8 @@ struct SetCheck { unsigned has_maxdccallow:1; unsigned has_anti_spam_quit_message_time:1; unsigned has_allow_userhost_change:1; + unsigned has_allow_setident:1; + unsigned has_allow_setname:1; unsigned has_restrict_channelmodes:1; unsigned has_channel_command_prefix:1; unsigned has_modes_on_join:1; diff --git a/src/conf.c b/src/conf.c index 9a366ee3c..7d969963c 100644 --- a/src/conf.c +++ b/src/conf.c @@ -1842,6 +1842,8 @@ void config_setdefaultsettings(Configuration *i) i->dns_dnsbl_timeout = DNS_DEFAULT_DNSBL_TIMEOUT; i->dns_dnsbl_retry = DNS_DEFAULT_DNSBL_RETRIES; i->send_isupport_updates = 0; /* Off for now, will be turned on by default later after more testing */ + i->allow_setident = 0; + i->allow_setname = 1; } /* Some settings have been moved to here - we (re)set some defaults */ @@ -7808,6 +7810,12 @@ int _conf_set(ConfigFile *conf, ConfigEntry *ce) else tempiConf.userhost_allowed = UHALLOW_REJOIN; } + else if (!strcmp(cep->name, "allow-setident")) { + tempiConf.allow_setident = config_checkval(cep->value, CFG_YESNO); + } + else if (!strcmp(cep->name, "allow-setname")) { + tempiConf.allow_setname = config_checkval(cep->value, CFG_YESNO); + } else if (!strcmp(cep->name, "channel-command-prefix")) { safe_strdup(tempiConf.channel_command_prefix, cep->value); } @@ -8567,6 +8575,14 @@ int _test_set(ConfigFile *conf, ConfigEntry *ce) continue; } } + else if (!strcmp(cep->name, "allow-setident")) { + CheckNull(cep); + CheckDuplicate(cep, allow_setident, "allow-setident"); + } + else if (!strcmp(cep->name, "allow-setname")) { + CheckNull(cep); + CheckDuplicate(cep, allow_setname, "allow-setname"); + } else if (!strcmp(cep->name, "anti-spam-quit-message-time")) { CheckNull(cep); CheckDuplicate(cep, anti_spam_quit_message_time, "anti-spam-quit-message-time"); diff --git a/src/modules/setident.c b/src/modules/setident.c index 2746230a7..1c0448185 100644 --- a/src/modules/setident.c +++ b/src/modules/setident.c @@ -63,6 +63,12 @@ CMD_FUNC(cmd_setident) { const char *vident, *s; + if (MyUser(client) && !iConf.allow_setident && !IsOper(client)) + { + sendnumeric(client, ERR_NOPRIVILEGES); + return; + } + if ((parc < 2) || BadPtr(parv[1])) { if (MyConnect(client)) diff --git a/src/modules/setname.c b/src/modules/setname.c index a5af6b01f..6fa190e82 100644 --- a/src/modules/setname.c +++ b/src/modules/setname.c @@ -89,6 +89,12 @@ CMD_FUNC(cmd_setname) ConfigItem_ban *bconf; MessageTag *mtags = NULL; + if (MyUser(client) && !iConf.allow_setname && !IsOper(client)) + { + sendnumeric(client, ERR_NOPRIVILEGES); + return; + } + if ((parc < 2) || BadPtr(parv[1])) { sendnumeric(client, ERR_NEEDMOREPARAMS, "SETNAME");