pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-26 06:16:37 +02:00
Code Activity
6,223 Commits 21 Branches 0 Tags
1f856745e500620a55065a77d2bd39e876246708
Commit Graph

460 Commits

Author SHA1 Message Date
Bram Matthys a21222a672 Bump MODDATA_MAX_CLIENT from 8 to 12 and move MODDATA_MAX_* to include/config.h 2017-09-06 16:29:48 +02:00
Bram Matthys aa829bce12 New option link::verify-certificate [yes|no]. This will cause UnrealIRCd 
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
 2017-09-01 17:10:29 +02:00
Bram Matthys 5ff4fb3f87 Remove old code.. this is already set in link->ssl_ctx by init_ctx(). 
(tested)
 2017-09-01 09:32:51 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections, 
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
 2017-08-16 19:39:28 +02:00
Bram Matthys 455420afc1 SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec) 2017-08-09 15:39:52 +02:00
Bram Matthys 84776eeeb2 Add support for draft/sts http://ircv3.net/specs/core/sts-3.3.html 
Docs: https://www.unrealircd.org/docs/Set_block#set::ssl::sts-policy::port
Example:
set {
    ssl {
        certificate "ssl/server.cert.pem";
        key "ssl/server.key.pem";
        sts-policy {
            port 6697;
            duration 180d;
        };
    };
};
IMPORTANT: Only use this if you know what STS is and what the
implications are. The most important things being A) set a correct
port and B) you need a 'real' SSL certificate and not a self-signed
certificate.

More documentation may follow at another place.
 2017-08-09 14:16:03 +02:00
Bram Matthys b2129205f9 Added support for the "Server Name Indication" (SNI) SSL/TLS extension. 
See https://www.unrealircd.org/docs/Sni_block
Requested in #4380 by Eman.
 2017-08-09 12:00:04 +02:00
Bram Matthys 176566962a Add support for 'mask' in allow channel { } and deny channel { }. 
This so you can easily add allow/deny channel blocks for IP ranges.
Possibly not so useful for services-networks (ban/akick is very similar)
but has some use on serviceless networks.
 2017-03-08 17:28:15 +01:00
Bram Matthys 6067202cdf Rewrite SJOIN to fix a bug where modes were sometimes cut-off resulting 
in incorrect bans being added.
 2017-01-06 11:11:19 +01:00
Bram Matthys d003f8bfe9 Merge pull request #64 from Adam-/unreal40+remove_unknown 
remove_unknown: don't send squits for unknown uids and don't leak server ip in quit message
 2016-12-29 21:44:51 +01:00
Bram Matthys 9da4c7e5d0 Added DNSBL check exemption: except blacklist { mask 1.2.3.4; }; 2016-12-29 11:38:49 +01:00
Bram Matthys aae0971cf4 Add the ability to set specific ssl options in listen blocks and link blocks. 
This allows you to for example specify a specific certificate/key on an
serversonly port and in link block (a self-signed 10 year valid certificate)
and use a short-lived (XX day) Let's Encrypt certificate on the other ports.
And several other uses, of course.
 2016-12-29 08:37:15 +01:00
Bram Matthys 9a8645973c Added set::ssl::options::no-client-certificate 
This is really NOT a recommended setting but may be necessary to work around
some browser issues for wss://.
 2016-12-16 17:20:27 +01:00
Adam 10c038ffc0 remove_unknown: don't send squits for unknown uids, don't leak server ips in quit msg 2016-12-07 08:19:16 -05:00
Bram Matthys b444116c12 Use exact struct type & remove unnecessary casts. 2016-06-26 15:08:55 +02:00
Bram Matthys 8ddf0a8762 Remove (now) confusing comment regarding local/remote struct members in aClient 2016-05-22 20:11:50 +02:00
Bram Matthys caa5eba30f Move blacklist hits to snomask +b (new) rather than notifying all ircops. 
This snomask is set by default but this can be overridden via
set::snomask-on-oper or oper::snomask. Suggested by hayek (#4566).
 2016-03-04 13:50:55 +01:00
Bram Matthys 4c2323e1a3 Now at the right place.. 2015-12-16 11:22:58 +01:00
Bram Matthys f04e95376b /LIST never finished if more than 50-100 channels (#4473). Oh neno... does it ever stop? 2015-12-09 19:42:50 +01:00
Bram Matthys 2de3fbf9d0 Remove MODE_NOCOLOR and MODE_STRIP leftovers. 2015-10-17 19:51:39 +02:00
Bram Matthys ad23afc81f Improve (error) messages shown on console while booting. Fatal boot errors are now shown on the console, no need to check ircd.log. 2015-08-10 21:50:23 +02:00
Bram Matthys b072a80638 get rid of local->ip stuff in throttle 2015-07-28 17:47:40 +02:00
Bram Matthys 46ee510da6 ipv4/ipv6 split. interim commit (does not compile) 2015-07-28 17:42:24 +02:00
Bram Matthys 3577583eaf ipv4/ipv6 split - phase 1 (unstable!!) 2015-07-28 16:20:00 +02:00
Bram Matthys d15701bced Make ident code more ipv4/ipv6 neutral. This will break things until we do the socket split. 2015-07-28 14:44:42 +02:00
Bram Matthys 80147b2914 Make throttling code work on aClient * structs. Other code may change later (makes it easier). 2015-07-28 14:05:41 +02:00
Bram Matthys 58b864edd5 Re-do CIDR and at the same time all the user matching stuff. Introducing match_user(mask, acptr, options): this should be used everywhere rather than the many DIY routines everywhere that create a nick!user@host and then run a match() on it. 
The match_user() function is not been fully tested yet, at this point I'm happy we can compile again.
 2015-07-28 13:26:03 +02:00
Bram Matthys 6f6b713fce sendto_server() w/multiple (combined) caps or nocaps was broken. It matched on ANY cap instead of ALL caps. 2015-07-20 16:42:01 +02:00
Bram Matthys 390a4c2494 Remove "PROTOCTL HCN" as we now include the IP in HCN-alike connecting messages. 2015-07-19 18:20:40 +02:00
Bram Matthys 209a5a3762 Start with moving ip_str stuff 2015-07-19 13:09:51 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs. 
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
 2015-07-19 12:48:18 +02:00
Bram Matthys 19ad342a73 Start with client/localclient split 2015-07-19 11:50:32 +02:00
Bram Matthys c06dc9a142 Get rid of #ifdef CLEAN_COMPILE, along with some other shit 2015-07-16 17:22:51 +02:00
Bram Matthys dcb4e382a3 Apparently on newer OpenSSL versions (unreleased) you can't access the read buffer. So use this method instead. Ohh.. we are so helpful to our users.. 2015-07-15 15:48:00 +02:00
Bram Matthys 50d1b194df Linking: for outgoing connects, only support SSL/TLS by default (either 'directly' on an ssl port or via STARTTLS 'upgrading'). Set link::outgoing::options::insecure to disable. 2015-07-15 12:42:47 +02:00
Bram Matthys 1ba5f95ecb For ougoing server links, attempt to upgrade the connection via STARTTLS if not using SSL/TLS already. 2015-07-15 12:09:11 +02:00
Bram Matthys ef341b1f6d Link to servers faster after boot. Check links for re-linking more often. Allow connfreq of 5 seconds. Set default to 15. Get rid of HANGONGOODLINK/HANGONRETRYDELAY stuff. 2015-07-14 15:23:28 +02:00
Bram Matthys f1a95ffd0b Remove IPList - unused 2015-07-13 14:35:36 +02:00
Bram Matthys 6c0ebb5bd3 Protection against linking race conditions is back again (IOTW: allow very rapid re-linking), but only if your network is fully 3.4.x (actually: current git unreal34 or later) 
Re-implemented PROTOCTL SERVERS= which nenolod ripped out (#4355).
Add 2nd argument to PROTOCTL EAUTH=servername,unrealprotocol
Change UnrealProtocol from 2350 to 2351
 2015-07-10 21:57:13 +02:00
Bram Matthys 71d3e8dbfa New function AddListItemPrio, since we now use priorities in two places already (swhois, hooks). 2015-07-10 11:10:10 +02:00
Bram Matthys a9fc2243aa support multiple vhost::swhois items for consistency 2015-07-10 10:44:40 +02:00
Bram Matthys c2f4e0fb2a Support multiple oper::swhois items. 2015-07-10 10:15:36 +02:00
Bram Matthys 2f8cb55e47 Add extended SWHOIS support. Allows multiple swhoises and tracking of who/what set the swhois. 
Added swhois_add / swhois_delete functions which also take care of broadcasting
New remove_oper_privileges() function, will move the rest to use this (svsnoop svsmode etc)
Not finished yet...
 2015-07-09 16:26:52 +02:00
Bram Matthys 15977e011d remove umode 'g' (failops), we have snomasks and oper umode for this. 2015-07-09 14:09:02 +02:00
Travis McArthur 752a34011d Remove IsAnOper 2015-07-06 18:09:37 -07:00
Bram Matthys b52b7afabe Remove local irc operator (locop) 2015-07-06 20:14:02 +02:00
Bram Matthys 422b339be1 In 2003 I added PROTOCTL CHANMODES= so other servers (and services) could 
easily deal with "parameter eating" of unknown channel modes.
Now, 12 years later, finally added the code to do this.
This prevents some (serious) desynching if you have a parameter-eating
channel mode on one server and not on the other.
Obviously, you should always try to have the same featureset on all
servers, but sometimes this is not possible, like when upgrading..
 2015-07-04 19:25:27 +02:00
Travis McArthur 58b61ab336 Remove old oper macros not used now 2015-06-27 14:14:01 -07:00
Travis McArthur a1e7fefe94 Remove IsPrivileged 2015-06-27 14:13:26 -07:00
Travis McArthur 81cba1b12d Remove remaining OPCan* 
Updates to default operclasses as well
 2015-06-26 11:08:00 -07:00