Bram Matthys
08bc61ec00
We now refuse to enable SSL/TLS with weak ciphers: DES, 3DES, RC4.
2017-09-06 08:21:14 +02:00
Bram Matthys
1faa91ed0e
Add helper function plaintextpolicy_valtochar().
2017-09-02 15:49:02 +02:00
Bram Matthys
199a7e162d
Make new functions more generic and use it from crash reporter so
...
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys
ac66a0fe12
Add hostname verification code from ssl conservatory & curl
...
(will be used in next commit)
2017-09-01 17:02:36 +02:00
Bram Matthys
d53d46fce4
Add set::plaintext-policy block by which you can warn or deny user connections,
...
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys
0b5e46cd23
Fix extban_conv_param_nuh not marked as extern. Reported by Gottem ( #4975 )
2017-08-15 12:08:11 +02:00
Bram Matthys
74d5f380dd
A /REHASH from a WebSocket connection would cause a crash (requires
...
IRCOp privileges). This is a rather technical issue, we now simply
reject the rehash. See comments in code for more information.
2017-08-10 09:02:05 +02:00
Bram Matthys
455420afc1
SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec)
2017-08-09 15:39:52 +02:00
Bram Matthys
b2129205f9
Added support for the "Server Name Indication" (SNI) SSL/TLS extension.
...
See https://www.unrealircd.org/docs/Sni_block
Requested in #4380 by Eman.
2017-08-09 12:00:04 +02:00
Bram Matthys
e62ea1dedd
Module coders: added two functions to search for user modes:
...
has_user_mode(acptr, 'i'): returns 1 / 0
find_user_mode('i'): returns the user mode (as 'long')
extern int has_user_mode(aClient *acptr, char mode);
extern long find_user_mode(char mode);
2017-03-26 15:40:36 +02:00
Bram Matthys
ec9db8fd5f
Move match_user() to module (efunc in m_tkl)
2017-03-18 15:00:34 +01:00
Bram Matthys
e0130ab0b6
Fix silly crash issue.
2017-02-10 14:28:32 +01:00
Bram Matthys
1f1ac6c4ee
Less duplicate code: add internal function invisible_user_in_channel()
...
and remove many calls to HOOKTYPE_VISIBLE_IN_CHANNEL + flag checking.
2016-12-27 20:22:12 +01:00
Bram Matthys
99e087d50c
Remove temporary workaround and actually fix stuff in QUIT for delayjoin. Add new function user_can_see_member()...
2016-12-27 20:02:35 +01:00
Bram Matthys
79ed5694b2
split part of read_packet() off to new function process_packet().
...
This will later be used by a new feature.
2016-11-30 08:18:56 +01:00
Bram Matthys
f2d21943fe
Bump version to 4.0.7-rc1
2016-09-30 15:53:36 +02:00
Bram Matthys
e586b5457c
* Prevent flood from unknown connection
2016-07-28 15:09:47 +02:00
Bram Matthys
f98a5e69dc
When: 1) IPv6 functionality is enabled, and
...
2) link::outgoing::bind-ip is an IPv4 address, and
3) link::outgoing::hostname is a hostname, and
4) this hostname has both A and AAAA records,
then connect by IPv4 only, which is what the user expects (#4615 ).
2016-04-03 09:55:51 +02:00
Bram Matthys
3389a99ae1
Get rid of some warnings on Windows (use more CMD_FUNCs & externs for it).
2016-03-11 14:22:07 +01:00
Bram Matthys
b3c371ddf4
Add './unrealircd reloadtls' to reload SSL/TLS certificates and keys.
...
Suggested by Bob_Sheep (#4537 ) to aid the usage of Let's Encrypt.
Note that this is the same as doing '/REHASH -ssl' on IRC.
2016-01-13 11:37:17 +01:00
Bram Matthys
dd31542e2c
Use UID's in MD commands. Add functions / remove duplicate code. Modularize various functions
...
in src/moddata.c (move them to src/modules/m_md.c as per TODO). Looks good but more testing warranted.
2016-01-03 12:18:55 +01:00
Bram Matthys
208f4a504b
SSL Fingerprint wasn't broadcasted correctly to other servers. For Unreal this only affected WHOIS since
...
extban +e/+I ~S:xxx worked fine (only checked locally). But this also prevented services from being
informed, IOTW: services could not make use of this new certfp feature yet.
2016-01-03 10:28:15 +01:00
Bram Matthys
34b9797ffc
Add buildvarstring() function and make blacklist module support %ip and %server variables in reason field. Suggested by blank ( #4507 ).
2015-12-28 19:03:05 +01:00
Bram Matthys
f04e95376b
/LIST never finished if more than 50-100 channels ( #4473 ). Oh neno... does it ever stop?
2015-12-09 19:42:50 +01:00
Bram Matthys
f6a58b60af
Added workaround for "Cannot accept connections: Operation not supported" problem ( #4469 ).
2015-12-09 17:44:54 +01:00
Bram Matthys
f6837d0202
Add has_channel_mode(chptr, 'X') for modules.
...
Since many channel modes are modular now you can't simply check chptr->mode.mode & SOME_MODE, instead use this function ;)
2015-10-17 19:51:59 +02:00
Bram Matthys
b428f9b3a3
Windows: wircd.exe -> UnrealIRCd.exe. unreal.exe -> unrealsvc.exe. And some more name changes.
2015-10-11 17:44:49 +02:00
Bram Matthys
69a121278f
De-duplicate code. Make sendto_serv_butone_nickcmd() use sendto_one_nickcmd(). Fixes bug reported by Adam.
2015-09-12 11:16:02 +02:00
Bram Matthys
15469cae2e
Send version information in SERVER command like before (VL). Expand PROTOCTL EAUTH.
...
PROTOCTL EAUTH=servername,protocolversion,flags,unrealversiontext
This makes deny link { } work again and gives a bit more information too.
Bug reported by GLolol (#4408 ).
2015-09-05 12:06:55 +02:00
Bram Matthys
f211a5424a
Accept relative path if you boot the binary with -f cfgfile
2015-08-30 09:50:47 +02:00
Bram Matthys
ad23afc81f
Improve (error) messages shown on console while booting. Fatal boot errors are now shown on the console, no need to check ircd.log.
2015-08-10 21:50:23 +02:00
Bram Matthys
fb157899dc
Implemented #1613 : When doing a remote /REHASH show the rehash result (such as warnings and errors encountered).
2015-08-09 16:18:27 +02:00
Bram Matthys
e627d3682c
pass by ref instead of pass by value for chmode_str()
2015-07-29 16:03:25 +02:00
Bram Matthys
ae23d99e07
Get rid of #if INET6 stuff, as all supported OS's support IPv6 at compile time. Use set::options::disable-ipv6 to disable IPv6 at runtime. Cleanup unused IPv6 structs/vars/functions/..
2015-07-29 10:31:12 +02:00
Bram Matthys
a29baf96f6
upgrade some ipv4-only stuff. Also set::link::bind-ip was broken in multiple ways.
2015-07-28 22:24:17 +02:00
Bram Matthys
fa87577918
and some more.
2015-07-28 22:14:58 +02:00
Bram Matthys
47ec1da3f5
Remove unused functions
2015-07-28 21:42:40 +02:00
Bram Matthys
46ee510da6
ipv4/ipv6 split. interim commit (does not compile)
2015-07-28 17:42:24 +02:00
Bram Matthys
3577583eaf
ipv4/ipv6 split - phase 1 (unstable!!)
2015-07-28 16:20:00 +02:00
Bram Matthys
a444964730
Convert TLD code to use match_user(): MOTD OPERMOTD BOTMOTD RULES etc..
2015-07-28 13:50:47 +02:00
Bram Matthys
709c7e890e
Use match_user() for is banned checking. This also makes CIDR work in bans/exempt/invex.
...
Remove ban_realhost, ban_virthost, ban_cloakhost and ban_ip stuff. Should be just as fast if you use match_user() now.
2015-07-28 13:39:56 +02:00
Bram Matthys
58b864edd5
Re-do CIDR and at the same time all the user matching stuff. Introducing match_user(mask, acptr, options): this should be used everywhere rather than the many DIY routines everywhere that create a nick!user@host and then run a match() on it.
...
The match_user() function is not been fully tested yet, at this point I'm happy we can compile again.
2015-07-28 13:26:03 +02:00
Bram Matthys
5bfa5c701e
Never understood why it's called get_sockhost() if it actually sets it. Renamed to set_sockhost()
2015-07-27 18:30:25 +02:00
Bram Matthys
85dceb0bae
mark some stuff with __attribute__((warn_unused_result))
2015-07-25 20:29:04 +02:00
Bram Matthys
2cb395216a
First version of crash reporter. TODO: Windows, SSL (HTTPS), prettify code, ..
2015-07-24 21:21:35 +02:00
Bram Matthys
6be099d2b1
Actually wait for the ident response rather than just hope it to arrive in time (which it often won't).
2015-07-23 12:58:33 +02:00
Bram Matthys
1452a2821b
sendto_server() w/multiple (combined) caps or nocaps was broken. It matched on ANY cap instead of ALL caps.
2015-07-20 16:39:47 +02:00
Bram Matthys
6379956521
strip 2 useless args from sendto_connect & sendto_fconnect (maybe useful in the past, not anymore)
2015-07-19 13:14:37 +02:00
Bram Matthys
13fffa4e1a
split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
...
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys
50d1b194df
Linking: for outgoing connects, only support SSL/TLS by default (either 'directly' on an ssl port or via STARTTLS 'upgrading'). Set link::outgoing::options::insecure to disable.
2015-07-15 12:42:47 +02:00