1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 17:53:14 +02:00
Commit Graph

398 Commits

Author SHA1 Message Date
Bram Matthys 08bc61ec00 We now refuse to enable SSL/TLS with weak ciphers: DES, 3DES, RC4. 2017-09-06 08:21:14 +02:00
Bram Matthys 1faa91ed0e Add helper function plaintextpolicy_valtochar(). 2017-09-02 15:49:02 +02:00
Bram Matthys 199a7e162d Make new functions more generic and use it from crash reporter so
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys ac66a0fe12 Add hostname verification code from ssl conservatory & curl
(will be used in next commit)
2017-09-01 17:02:36 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys 0b5e46cd23 Fix extban_conv_param_nuh not marked as extern. Reported by Gottem (#4975) 2017-08-15 12:08:11 +02:00
Bram Matthys 74d5f380dd A /REHASH from a WebSocket connection would cause a crash (requires
IRCOp privileges). This is a rather technical issue, we now simply
reject the rehash. See comments in code for more information.
2017-08-10 09:02:05 +02:00
Bram Matthys 455420afc1 SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec) 2017-08-09 15:39:52 +02:00
Bram Matthys b2129205f9 Added support for the "Server Name Indication" (SNI) SSL/TLS extension.
See https://www.unrealircd.org/docs/Sni_block
Requested in #4380 by Eman.
2017-08-09 12:00:04 +02:00
Bram Matthys e62ea1dedd Module coders: added two functions to search for user modes:
has_user_mode(acptr, 'i'): returns 1 / 0
find_user_mode('i'): returns the user mode (as 'long')

extern int has_user_mode(aClient *acptr, char mode);
extern long find_user_mode(char mode);
2017-03-26 15:40:36 +02:00
Bram Matthys ec9db8fd5f Move match_user() to module (efunc in m_tkl) 2017-03-18 15:00:34 +01:00
Bram Matthys e0130ab0b6 Fix silly crash issue. 2017-02-10 14:28:32 +01:00
Bram Matthys 1f1ac6c4ee Less duplicate code: add internal function invisible_user_in_channel()
and remove many calls to HOOKTYPE_VISIBLE_IN_CHANNEL + flag checking.
2016-12-27 20:22:12 +01:00
Bram Matthys 99e087d50c Remove temporary workaround and actually fix stuff in QUIT for delayjoin. Add new function user_can_see_member()... 2016-12-27 20:02:35 +01:00
Bram Matthys 79ed5694b2 split part of read_packet() off to new function process_packet().
This will later be used by a new feature.
2016-11-30 08:18:56 +01:00
Bram Matthys f2d21943fe Bump version to 4.0.7-rc1 2016-09-30 15:53:36 +02:00
Bram Matthys e586b5457c * Prevent flood from unknown connection 2016-07-28 15:09:47 +02:00
Bram Matthys f98a5e69dc When: 1) IPv6 functionality is enabled, and
2) link::outgoing::bind-ip is an IPv4 address, and
3) link::outgoing::hostname is a hostname, and
4) this hostname has both A and AAAA records,
then connect by IPv4 only, which is what the user expects (#4615).
2016-04-03 09:55:51 +02:00
Bram Matthys 3389a99ae1 Get rid of some warnings on Windows (use more CMD_FUNCs & externs for it). 2016-03-11 14:22:07 +01:00
Bram Matthys b3c371ddf4 Add './unrealircd reloadtls' to reload SSL/TLS certificates and keys.
Suggested by Bob_Sheep (#4537) to aid the usage of Let's Encrypt.
Note that this is the same as doing '/REHASH -ssl' on IRC.
2016-01-13 11:37:17 +01:00
Bram Matthys dd31542e2c Use UID's in MD commands. Add functions / remove duplicate code. Modularize various functions
in src/moddata.c (move them to src/modules/m_md.c as per TODO). Looks good but more testing warranted.
2016-01-03 12:18:55 +01:00
Bram Matthys 208f4a504b SSL Fingerprint wasn't broadcasted correctly to other servers. For Unreal this only affected WHOIS since
extban +e/+I ~S:xxx worked fine (only checked locally). But this also prevented services from being
informed, IOTW: services could not make use of this new certfp feature yet.
2016-01-03 10:28:15 +01:00
Bram Matthys 34b9797ffc Add buildvarstring() function and make blacklist module support %ip and %server variables in reason field. Suggested by blank (#4507). 2015-12-28 19:03:05 +01:00
Bram Matthys f04e95376b /LIST never finished if more than 50-100 channels (#4473). Oh neno... does it ever stop? 2015-12-09 19:42:50 +01:00
Bram Matthys f6a58b60af Added workaround for "Cannot accept connections: Operation not supported" problem (#4469). 2015-12-09 17:44:54 +01:00
Bram Matthys f6837d0202 Add has_channel_mode(chptr, 'X') for modules.
Since many channel modes are modular now you can't simply check chptr->mode.mode & SOME_MODE, instead use this function ;)
2015-10-17 19:51:59 +02:00
Bram Matthys b428f9b3a3 Windows: wircd.exe -> UnrealIRCd.exe. unreal.exe -> unrealsvc.exe. And some more name changes. 2015-10-11 17:44:49 +02:00
Bram Matthys 69a121278f De-duplicate code. Make sendto_serv_butone_nickcmd() use sendto_one_nickcmd(). Fixes bug reported by Adam. 2015-09-12 11:16:02 +02:00
Bram Matthys 15469cae2e Send version information in SERVER command like before (VL). Expand PROTOCTL EAUTH.
PROTOCTL EAUTH=servername,protocolversion,flags,unrealversiontext
This makes deny link { } work again and gives a bit more information too.
Bug reported by GLolol (#4408).
2015-09-05 12:06:55 +02:00
Bram Matthys f211a5424a Accept relative path if you boot the binary with -f cfgfile 2015-08-30 09:50:47 +02:00
Bram Matthys ad23afc81f Improve (error) messages shown on console while booting. Fatal boot errors are now shown on the console, no need to check ircd.log. 2015-08-10 21:50:23 +02:00
Bram Matthys fb157899dc Implemented #1613: When doing a remote /REHASH show the rehash result (such as warnings and errors encountered). 2015-08-09 16:18:27 +02:00
Bram Matthys e627d3682c pass by ref instead of pass by value for chmode_str() 2015-07-29 16:03:25 +02:00
Bram Matthys ae23d99e07 Get rid of #if INET6 stuff, as all supported OS's support IPv6 at compile time. Use set::options::disable-ipv6 to disable IPv6 at runtime. Cleanup unused IPv6 structs/vars/functions/.. 2015-07-29 10:31:12 +02:00
Bram Matthys a29baf96f6 upgrade some ipv4-only stuff. Also set::link::bind-ip was broken in multiple ways. 2015-07-28 22:24:17 +02:00
Bram Matthys fa87577918 and some more. 2015-07-28 22:14:58 +02:00
Bram Matthys 47ec1da3f5 Remove unused functions 2015-07-28 21:42:40 +02:00
Bram Matthys 46ee510da6 ipv4/ipv6 split. interim commit (does not compile) 2015-07-28 17:42:24 +02:00
Bram Matthys 3577583eaf ipv4/ipv6 split - phase 1 (unstable!!) 2015-07-28 16:20:00 +02:00
Bram Matthys a444964730 Convert TLD code to use match_user(): MOTD OPERMOTD BOTMOTD RULES etc.. 2015-07-28 13:50:47 +02:00
Bram Matthys 709c7e890e Use match_user() for is banned checking. This also makes CIDR work in bans/exempt/invex.
Remove ban_realhost, ban_virthost, ban_cloakhost and ban_ip stuff. Should be just as fast if you use match_user() now.
2015-07-28 13:39:56 +02:00
Bram Matthys 58b864edd5 Re-do CIDR and at the same time all the user matching stuff. Introducing match_user(mask, acptr, options): this should be used everywhere rather than the many DIY routines everywhere that create a nick!user@host and then run a match() on it.
The match_user() function is not been fully tested yet, at this point I'm happy we can compile again.
2015-07-28 13:26:03 +02:00
Bram Matthys 5bfa5c701e Never understood why it's called get_sockhost() if it actually sets it. Renamed to set_sockhost() 2015-07-27 18:30:25 +02:00
Bram Matthys 85dceb0bae mark some stuff with __attribute__((warn_unused_result)) 2015-07-25 20:29:04 +02:00
Bram Matthys 2cb395216a First version of crash reporter. TODO: Windows, SSL (HTTPS), prettify code, .. 2015-07-24 21:21:35 +02:00
Bram Matthys 6be099d2b1 Actually wait for the ident response rather than just hope it to arrive in time (which it often won't). 2015-07-23 12:58:33 +02:00
Bram Matthys 1452a2821b sendto_server() w/multiple (combined) caps or nocaps was broken. It matched on ANY cap instead of ALL caps. 2015-07-20 16:39:47 +02:00
Bram Matthys 6379956521 strip 2 useless args from sendto_connect & sendto_fconnect (maybe useful in the past, not anymore) 2015-07-19 13:14:37 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys 50d1b194df Linking: for outgoing connects, only support SSL/TLS by default (either 'directly' on an ssl port or via STARTTLS 'upgrading'). Set link::outgoing::options::insecure to disable. 2015-07-15 12:42:47 +02:00