1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-07 05:13:11 +02:00
Commit Graph

6668 Commits

Author SHA1 Message Date
Bram Matthys 1ca0b76bb5 Validate value of rpc-user THISNAME { } 2023-03-31 11:54:36 +02:00
Bram Matthys 8c6c9b6206 Fix SAMODE showing tags for the person who executed the SAMODE
instead of the server executing the MODE. Eg unrealircd.org/userhost
was set. This occured because the client = &me; was done after
the message tag preparation, now moved up so it's done before.
2023-03-31 11:22:07 +02:00
Bram Matthys 9ab876133d Add wildcard support to blacklist-module.
This also removes the following warning as a side-effect:
"blacklist-module for '%s' but module does not exist anyway".
2023-03-30 17:42:39 +02:00
Bram Matthys bfee61d52d Fix dereferencing the wrong variable in a config_error() 2023-03-30 16:58:44 +02:00
Bram Matthys b51c8315fd Add and use set::modef-split-delay which makes +f ignore join-flood
for this amount of seconds (default: 75) when a server splits.
This helps in case a server dies and the clients reconnect to the
other servers, causing a join-flood to be triggered needlessly.
Of course, OTOH disabling a flood protection temporarily is not
ideal, but after seeing it being triggered too often and requiring
manual intervention in many +f/+F channels, this is the best option
I think, if we want +f/+F to work as painless as possible.

If you have a large network (eg: >5 servers) with equal user
spreading then you could disable this by setting it to 0, since then
1 server dieing may not have enough impact on +f join floods
for this to be needed.

TODO: Documentation and release notes
2023-03-30 16:57:27 +02:00
Bram Matthys aae8306ef6 Do some sanity checking on extban names: max 32 characters and
a-z, 0-9, _, -
2023-03-29 16:39:16 +02:00
Bram Matthys f4755fe587 Do some sanity checks on flood profile names
max length 24, and every character is a-z, 0-9, -, _
2023-03-29 16:38:20 +02:00
Bram Matthys a5b6365ef0 Assume +f profile "normal" always exists, since that is the case.
Also fix some "NULL check but dereferenced before" warnings.
2023-03-29 16:25:33 +02:00
Bram Matthys 8ff5fb62fb Get rid of some shadow (bug in +f config profile handling) 2023-03-29 16:23:47 +02:00
Bram Matthys 55350fe3a3 Fix due to recent +f rewrite: add check for [ at start, fixes OOB read. 2023-03-29 09:50:10 +02:00
Bram Matthys abb6fcfcb5 RPC: user.list and user.get now have optional object_detail_level.
This is an integer which decides the amount of details in the response object.

See https://www.unrealircd.org/docs/JSON-RPC:User#Structure_of_a_client_object

Especially for user.list it can be a good idea to ask for less detail if
you don't need all the information. It's up to you...

When 'object_detail_level' is not specified in the request, then:
* For user.list it defaults to 2, which is a "breaking change" in the sense
  that it leaves out the "channels" field. To see the "channels" field you
  would have to use level 4.
* For user.get it defaults to 4, which results in the same output as 6.0.7.
* This makes sense so user.list is shorter than user.get, just like we
  already did in channel.list and channel.get.

By the way, this is all documented in the API calls at
https://www.unrealircd.org/docs/JSON-RPC:User
and for channels at https://www.unrealircd.org/docs/JSON-RPC:Channel
2023-03-27 13:12:27 +02:00
Bram Matthys f9af852c43 Again a fix for JSON logging, so object_detail_level has same result as 6.0.6.
This also changes the Detail level (object_detail_level) for the channel.* calls.
See https://www.unrealircd.org/docs/JSON-RPC:Channel_Object for latest info.

In short: at level 5, we now still hide the members.user.channels because
in general that object is not useful. When you do a channel.* API call
you want a list of users in the channel, and don't really care about
what other channels the user is in, other than the channel you already know.
2023-03-27 12:34:55 +02:00
Bram Matthys 783bdfb741 Fix JSON logging using the correct object_detail_level (same result as 6.0.6) 2023-03-27 10:13:43 +02:00
Bram Matthys a18bb04f45 Bump rpc/channel module version to 1.0.5
[skip ci]
2023-03-27 09:57:07 +02:00
Bram Matthys 957af0909b RPC: channel.get and channel.list now have optional object_detail_level.
This is an integer which decides the amount of details in the response object.

For the channel.* calls the object_detail_level is one of:
0: only return the channel name, nothing else
1: basic channel information only
2: this adds bans, ban_exemptions, invite_exceptions
3: also show members, but only level/name/id
4: also show members, level/name/id/hostname/ip/details/geoip
5: also show members, level and full user details like user.get

When no object_detail_level is specified, the following defaults are used:
For channel.list the default is 1 (matches current 6.0.6 behavior)
For channel.get the default is 3 (matches current 6.0.6 behavior)

Using channel.list with object_detail_level=5 is forbidden because
it would cause way too much output (and processing time).
2023-03-27 09:56:03 +02:00
Bram Matthys 8e6c38f09a Potentially fix +f 'r' 2023-03-26 18:55:40 +02:00
Bram Matthys ccd9fc4b25 Make MODE #channel +F show the combined effective view of +f and +F.
Actually it accepts the following variations for this query:
MODE #test f
MODE #test +f
MODE #test F
MODE #test +F
As long as it is like that (with no parameter) we will show details.
Details are shown for all of the four possible combinations of having
or not having +f and +F.

For example "+F normal" and "+f [1k,20t]:10" result in this output:

Channel '#test' uses flood profile 'normal', without action(s) 'k' as they are overridden by +f.
Effective flood setting via +F: '[7c#C15,30j#R10,40m#M10,10n#N15]:15'
Plus flood setting via +f: '[1k,20t]:10'
-
List of available flood profiles for +F:
         none: []:0
 very-relaxed: [7c#C15,60j#R10,10k#K15,90m#M10,10n#N15]:15
      relaxed: [7c#C15,45j#R10,10k#K15,60m#M10,10n#N15]:15
       normal: [7c#C15,30j#R10,10k#K15,40m#M10,10n#N15]:15
       strict: [7c#C15,15j#R10,10k#K15,40m#M10,10n#N15]:15
  very-strict: [7c#C15,10j#R10,10k#K15,30m#M10,10n#N15]:15
See also https://www.unrealircd.org/docs/Channel_anti-flood_settings
2023-03-26 17:19:13 +02:00
Bram Matthys 67f61e7444 Retain sorting order when when set_channel_flood_profile() overwrites
an existing +F profile.
2023-03-26 16:43:45 +02:00
Bram Matthys 4ebdc7cd5b Don't allow subtype 't' and 'r' in +F profiles for now due to technical
reasons. If you want those, then use +f. (See source)
2023-03-26 16:03:35 +02:00
Bram Matthys 7f84bf7a39 floodprot minor code cleanup (chp -> fld) 2023-03-26 15:58:02 +02:00
Bram Matthys aa48b4d9d8 Make +F and +f work together (+f subtypes override +F settings) 2023-03-26 15:56:52 +02:00
Bram Matthys 1590628488 Drop the alt-actions +m and +M for the CTCP floodtype.
When a channel CTCP flood happens and there is an +f with the 'c' floodtype,
we set channel mode +C by default. Alternative action possiblities
were +m and +M. I don't think anyone really used those alt actions for CTCP
because makes little sense to set the channel +m/+M on a CTCP flood when
there is +C which has far less impact.

More important, the fact that +m/+M could be set both upon CTCP flood
and upon message flood, this 'dual timer' thing, makes it rather
complex when we now have both +f and +F, so easiest solution is just
to scratch this possibility :)
2023-03-26 15:42:09 +02:00
Bram Matthys 972046448a Channelmode +f code cleanups: make a single parse_channel_mode_flood()
function that handles all of is_ok(), conv_param() and put_param().

Hopefully I merged all the logic correctly :D
2023-03-26 13:42:18 +02:00
Bram Matthys b03b122348 Initial work on set::anti-flood::channel likely with bugs and no validation 2023-03-26 09:34:51 +02:00
Bram Matthys 5db1ce00b1 Handle the HOOKTYPE_CONFIGRUN and TEST for CONFIG_SET_ANTI_FLOOD first. 2023-03-26 09:00:35 +02:00
Bram Matthys c9fddc51f9 Add channel mode +F <flood-profile> 2023-03-25 19:00:48 +01:00
Bram Matthys b9be185f0a Make channel mode +f ban "unknown-users" first on a join flood,
if the join flood is caused by >75% of "unknown-users". This
to see if that will take care of the flood without harming
the "known-users" group. And naturally, do something similar
for message floods and nick floods.

If the flood persists, because they are caused by known-users,
then the +i/+m/etc actions are still taken.

This is work in progress, and some things are set to useful-
for-testing values, such as an unsettime of 1 minute.
2023-03-25 13:31:55 +01:00
Bram Matthys 04ce8f8ed7 Add helper functions 2023-03-25 12:19:44 +01:00
Bram Matthys 748f381d81 Use X509_check_host() in OpenSSL 1.1.0 and later and don't use it
for OpenSSL 1.0.2 anymore, 1.0.2 will use the fallback version.
This changes the include file.

(OpenSSL 1.0.2 is out of support since Jan 1 2020 so one may wonder
 why care at all, but i'm trying not to break that during minor
 UnrealIRCd releases)
2023-03-25 12:18:44 +01:00
Bram Matthys 78ce692357 Move ban_exists() to the core (was a helper function in channeldb) 2023-03-25 10:38:05 +01:00
Bram Matthys bfd9650abf Don't use X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS to fix compile problems.
I guess it's not that important so not doing #if defined() checks for it.
Compile problem reported by val.
2023-03-25 10:22:28 +01:00
Bram Matthys 24622144b1 Bump version to 6.0.8-git
[skip ci]
2023-03-25 09:19:41 +01:00
Bram Matthys 83d2498ec8 Add configure check for and use X509_check_host() instead of
always using our own implementation (that is not really ours,
by the way).
2023-03-25 08:31:25 +01:00
Bram Matthys d5aa0b61f1 Bump max length of log entries from 8k to 16k
(for example for logging a 8k+512 bytes line during debugging).
2023-03-25 07:39:44 +01:00
Bram Matthys b51a533ccf In WHOWAS show the normal host (vhost/cloakedhost) to IRCOps now that
the realhost/IP is communicated on a separate line. This so you now
can see both vhost/cloakedhost and realhost as an IRCOp in a single
WHOWAS request.
2023-03-25 07:32:43 +01:00
Bram Matthys 89611887cb Previous fix for big tags was insufficient. 4K+4K+512 rule should now be OK.
This also adds the MAXLINELENGTH define which is set to 4K+4K+512,
it can be used when you are dealing with complete lines (quite rare
in the code, mostly in socket code and labeled response).
And now also #define READBUFSIZE MAXLINELENGTH
but it is used beyond read buffers, als in write buffers of course.
2023-03-25 07:30:22 +01:00
Bram Matthys da3c1c6544 ** UnrealIRCd 6.0.7 ** 2023-03-24 13:26:29 +01:00
Bram Matthys 7194799f93 Fix valid_vhost() rejecting user@host.
Reported by Lord255.
2023-03-24 13:19:57 +01:00
Bram Matthys a743c5956d Buy a brain..
[skip ci]
2023-03-22 15:32:16 +01:00
Bram Matthys ed14d044e9 Fix crash in SVSO due to change from earlier today
[skip ci]
2023-03-22 15:31:21 +01:00
Bram Matthys e83c610b39 Add valid_vhost() and validate oper::vhost too just like vhost::vhost.
Actually make them both use this same function, even thought he original
vhost::vhost check was a bit more informational.

This also checks the vhost in other paths that lead to oper vhost setting.

Reported by ji in https://bugs.unrealircd.org/view.php?id=5910
2023-03-22 10:26:05 +01:00
Bram Matthys 3d8905dd1c Fix "unknown connection(s)" in LUSERS being rather high.
This was a counting bug in src/socket.c. The socket itself was actually
freed though, so it's purely counting that was wrong.

There could still be counting bugs elsewhere, it's always hard to get
this right, for 20 years already :D
2023-03-22 09:31:26 +01:00
Bram Matthys 4b4562516c Another attempt at UTF8-aware spamfilter.
This was previously tried at 19-apr-2020 in bc70882bd3
in UnrealIRCd 5.0.5. Sadly it had to be reverted immediately with a quick 5.0.5.1
release, all because of a PCRE2 100% CPU usage. Since then that bug has been fixed,
plus another bug. I'm now readding it "as an option" that is marked experimental.
Hopefully people test it out and can report back if it works well and then we can
make it the default someday.

This makes it a runtime setting so makes it much easier to switch back/forth if
there are any issues without recompiling anything. Had to use a bit more code now
though to handle the recompiling of spamfilters if the setting is changed.

Original issue was https://bugs.unrealircd.org/view.php?id=5187

* [Spamfilter](https://www.unrealircd.org/docs/Spamfilter) can be made UTF8-aware.
  * This is experimental, to enable: `set { spamfilter { utf8 yes; } }``
  * Case insensitive matches will then work better. For example, with extended
    Latin, a spamfilter on `ę` then also matches `Ę`.
  * Other PCRE2 features such as [\p](https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC5)
    can then be used. For example you can then set a spamfilter with the regex
    `\p{Arabic}` to block all Arabic script.
    Please do use these new tools with care. Blocking an entire language
    or script is quite a drastic measure.
  * As a consequence of this we require PCRE2 10.36 or newer. If your system
    PCRE2 is older than this will mean the UnrealIRCd-shipped-library version
    will be compiled and `./Config` may take a little longer than usual.
2023-03-22 09:00:31 +01:00
Bram Matthys 768a08f83b Fixes for remote REHASH of a server: fix both missing and duplicate lines.
Duplicate line reported by Lord255 in https://bugs.unrealircd.org/view.php?id=6082
Missing line(s) may have been mentioned by someone but never reported
on the bug tracker.
2023-03-20 11:45:41 +01:00
Bram Matthys 8a48cfb664 Fix not sending CAP DEL on module unload.
Reported by westor in https://bugs.unrealircd.org/view.php?id=6104
The code was there but the order of which the checks were done was
wrong, so first it was checking which CAP's were unloaded and after
that it was unloading the CAP, instead of the other way around.

Also renamed the function to clicap_check_for_changes()
to be consistent with other runtime change detection functions
like extcmodes_check_for_changes(), umodes_check_for_changes()
and charsys_check_for_changes().
2023-03-20 10:55:22 +01:00
Bram Matthys a7c9ecb4e7 Add deny link::reason (optional) and display it in oper warnings
and to the other side of the link.
2023-03-20 09:18:05 +01:00
Bram Matthys a1e7e9f882 Move deny link { } handling to server module. 2023-03-20 09:09:03 +01:00
Bram Matthys 56478f04aa When an IRCOp uses user mode +H (hide oper) then only hide swhois
entries that have the tag "oper", IOTW: the ones that are added
through the oper { } block, and not the ones added through
different means like a vhost { } block.
Really minor thingy but suggested by JanisB in
https://bugs.unrealircd.org/view.php?id=4233 and actually
possible nowadays when swhois items are tagged.

Hint: if you use SVSO to make someone oper, and then add swhois
entries, be sure to tag them with a setby of "oper" too, that
way they are hidden in +H and also automatically removed from
the user when the user does "MODE nick -o" to de-oper.
2023-03-19 12:29:30 +01:00
Bram Matthys fae628cbdf Fix "Missing snomask logging configuration" REHASH issue
if you do actually have 1 snomask configured (a single one).
Although this is rather rare and unusual, it should be possible.
Previously we required at least 2 snomasks and the counter
did not properly reset during rehashes. Not sure why we required
2 and not 1, and the counter reset was a bug.
Reported by westor in https://bugs.unrealircd.org/view.php?id=5994
2023-03-19 11:51:28 +01:00
Bram Matthys 5c108e0ec3 Don't fetch GeoIP.dat upon blacklist-module geoip_classic;
Reported in https://bugs.unrealircd.org/view.php?id=6100

Actually this only works if you have a:
blacklist-module geoip_classic;
in your conf and that conf is read before modules.default.conf
This is true if you have that blacklist-module line in your
unrealircd.conf, so should cover most cases.
2023-03-19 11:28:23 +01:00