1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-03 18:03:13 +02:00
Commit Graph

1503 Commits

Author SHA1 Message Date
Bram Matthys 25ede84a04 This makes more sense. Also testing announcement bot :D 2019-01-21 10:10:51 +01:00
Bram Matthys 4681603c52 Fix bug where "link-security" was downgraded to level 1 if using 'spkifp'. 2019-01-18 13:10:51 +01:00
Bram Matthys 67d691fce9 * New set::outdated-tls-policy which describes what to do with clients
that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
  The default settings are to warn in all cases: users connecting,
  opers /OPER'ing up and servers linking in. The user will see a message
  telling them to upgrade their IRC client.
  This should help with migrating such users since in the future, say one
  or two years from now, we would want to change the default to only allow
  TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting
  clients without any error message, this provides a way to warn them and
  give them some time to upgrade their outdated IRC client.
  https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
2019-01-12 11:08:18 +01:00
Bram Matthys 5fd673d059 Rename PLAINTEXT_POLICY_* to POLICY_ (and similarly, the struct, etc) 2019-01-11 13:27:29 +01:00
Bram Matthys 54c17aa65d Indicate 's' in WHO reply flags if the user is secure (SSL/TLS). 2018-12-21 14:21:19 +01:00
Bram Matthys 7755d10829 [authprompt] Suggest /QUOTE AUTH .. instead of /AUTH .. 2018-12-21 07:58:38 +01:00
Bram Matthys 267c2f3e56 Make authprompt work for soft KLINE/GLINE and soft-xx ban actions
(in registration phase anyway), as promised earlier in the documentation.
2018-12-19 17:42:13 +01:00
Bram Matthys 7f8172faef Bump fakelag on failed authentication attempt (SASL, real or emulated) 2018-12-19 17:41:28 +01:00
Bram Matthys 56a964bba1 Hide remote includes auth information in error messages. Reported by Jellis
in https://bugs.unrealircd.org/view.php?id=5172
2018-12-19 13:02:36 +01:00
Bram Matthys 6b089dfcd6 The new module is now called authprompt. Also wrote an article:
https://www.unrealircd.org/docs/Authentication
And "require sasl" is now "require authentication"
(the old name will only raise a warning, not cause an error)

Note that authprompt currently only does the "require authentication"
stuff and not yet the soft-xx actions. That will be something for
later this week, but I've already documented it as such (here and
there anyway).
2018-12-17 17:32:43 +01:00
Bram Matthys 0254894368 Authentication prompt for non-SASL users:
We previously introduced the "require sasl" block which allows you to
force users from certain IP addresses to authenticate with their nickname
and password via SASL. We now offer a new experimental module called
'saslemulation' which will help non-SASL users by showing a notice and
asking them to authenticate to their account via /AUTH <user>:<pass>.
See https://www.unrealircd.org/docs/Set_block#set::sasl-emulation

Note that this is work in progress, although the functionality of
already works. Still need to do some cleaning and expand the scope.
And more testing...
2018-12-16 13:51:22 +01:00
k4bek4be c124f65027 fix IPv6 DNS blacklist (#78)
Fix IPv6 blacklist checking (DNSBL). Patch from k4be.
2018-12-15 19:53:33 +01:00
Bram Matthys a0167c35c0 Major reorganization of operclass privileges:
* The operclass privileges have been redone. Since there were 50+ changes
  to the 100+ privileges it makes little sense to list the changes here.
  If, like 99% of the users, you use default operclasses such as "globop"
  and "admin-with-override" then you don't need to do anything.
  However, if you have custom operclass { } blocks then the privileges
  will have to be redone. For more information on the conversion process,
  see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
  For the new list of permissions, with much better naming and grouping:
  https://www.unrealircd.org/docs/Operclass_permissions
The inconsistency in the privileges was initially reported by webczat in
https://bugs.unrealircd.org/view.php?id=4771
The subsequent reorganization took two full days, so.. hopefully the
people who are using - or plan to use - custom operclasses will like the
new layout... except that they need to redo their work of course ;)
2018-12-14 17:05:32 +01:00
Bram Matthys 7dcb5a5bb1 The authentication types 'md5', 'sha1' and 'ripemd160' have been
deprecated because they can be cracked at high speeds. They still
work, but a warning will be shown on boot and on rehash.
Please use 'bcrypt' or (even better) the new 'argon2' type instead:
"./unrealircd mkpasswd argon2" or "/mkpasswd argon2 passwd" on IRC.

Also, not in release notes because it would take up too much text:
Unix crypt is a bit more complicated: most types are outright 'bad',
while other types have reasonable security similar to 'bcrypt'.
To be honest these people should probably use 'argon2' since it's
a lot better. Then again, warning about this when it's still such
a common hashing method (now, in 2018) may be a bit overzealous.
So: not warning about crypt types $5/$6 which use SHA256/SHA512
with normally at least 5000 rounds (unless deliberately weakened
by the user), but we do warn about other crypt() usage.

Also, mkpasswd support for those deprecated types has been removed since
there's no good reason to generate new password hashes with these.
2018-12-10 15:46:11 +01:00
Bram Matthys a852b480d5 Add support for Argon2 password hashes (argon2id).
Also, make this the default for './unrealircd mkpasswd'.
The Windows version also works.. I just need to create a new library
package, will be done later today or tomorrow.
https://bugs.unrealircd.org/view.php?id=5116
2018-12-09 17:22:12 +01:00
Bram Matthys 7cd0bbbcb9 On second thought, for m_whox the priority is not important,
so set it to zero (0).
2018-12-08 15:29:02 +01:00
Bram Matthys 4bef3a5238 Nothing important. Update comments of place_host_ban() and add an explicit
'case BAN_ACT_SOFT_KILL', even though it is already handled by 'case default'.
2018-11-21 14:26:35 +01:00
Bram Matthys 4a0dcc5f13 Load antimixedutf8 from modules.optional.conf 2018-11-21 12:35:25 +01:00
Bram Matthys 9d5e46c43c Set default score to 10. Prevents innocent Russians from getting caught :D 2018-11-18 20:07:09 +01:00
Bram Matthys 9f7b8997f2 Fix stupid bug for <4.2.0, reported by PeGaSuS 2018-11-18 19:52:54 +01:00
Bram Matthys 112c5d922e Fixes for Cyrillic (false positives when speaking Russian, etc...) 2018-11-18 19:39:39 +01:00
Bram Matthys b89bd719a7 Compatibility... 2018-11-18 18:50:45 +01:00
Bram Matthys d0799a0f04 Build antimixedutf8 2018-11-18 18:28:28 +01:00
Vitor 4b5e950ffd Update antimixedutf8.c (#77)
Fix credits in antimixedutf8.
2018-11-18 17:00:55 +01:00
Bram Matthys 793e827218 Add "anti mixed utf8" module (antimixedutf8):
This module will detect and stop spam containing of characters of
mixed "scripts", where some characters are in Latin script and other
characters are in Cyrillic.
This unusual behavior can be detected easily and action can be taken.

loadmodule "antimixedutf8"; /* or third/antimixedutf8 */
set {
        antimixedutf8 {
                score 5;
                ban-action block;
                ban-reason "Possible mixed character spam";
                ban-time 4h; // For other types
        };
};
2018-11-18 15:19:11 +01:00
Bram Matthys 02d69e7d83 Update release notes / version 2018-09-28 15:32:31 +02:00
Bram Matthys 2509482e02 Update UnrealIRCd version 2018-09-28 09:31:35 +02:00
Bram Matthys 02c5c8567a Fix rare crash if deleting spamfilter by id that isn't a spamfilter. 2018-09-23 18:41:47 +02:00
Bram Matthys b4b6ebbca3 Similarly, use sptr/acptr to conform to current style. 2018-09-22 12:44:03 +02:00
Bram Matthys 75e2ed38e2 Some re-indenting / codestyle changes, nothing fancy, mostly whitespace
and brackets.
2018-09-22 12:42:14 +02:00
Bram Matthys 1feeb86cd3 Fix crash bug in m_whox. 2018-09-22 11:38:08 +02:00
Bram Matthys d56eddd69a 'timedban' and 'nocodes' were (still) marked 3rd party, even though
they are official modules.
2018-09-21 08:58:44 +02:00
Bram Matthys 7d38909126 m_whox: fix -Wparentheses warning 2018-09-21 08:50:04 +02:00
Bram Matthys c4eac1df0e Add initial version of m_whox from 'i'. This is to get it tested
by the buildfarm / autotesters. More commits will follow.
2018-09-20 20:04:29 +02:00
Shane Synan dba2081641 m_message: Also strip monospace/strikethrough
Add the ASCII character codes for strikethrough (0x1E, 30) and
monospace (0x11, 17) to the _StripControlCodes function.  This
addresses those formatting characters not being filtered when the
"nocodes" module is loaded.

See https://modern.ircdocs.horse/formatting.html#characters
2018-09-15 16:25:05 -05:00
Bram Matthys 3f7ec605dd The away-notify CAP did not send AWAY status upon join, which is required.
Reported by digitalcircuit in https://bugs.unrealircd.org/view.php?id=5144
2018-09-15 08:46:18 +02:00
Bram Matthys d610dfbe9f Duplicate error messages when trying to set channel modes +O/+P.
Reported by FwdInTime in https://bugs.unrealircd.org/view.php?id=4840
2018-09-09 18:03:54 +02:00
Bram Matthys 5445a009a3 Fix bug preventing (insecure) IRCops from overriding +z.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=5134
2018-09-09 17:49:32 +02:00
Bram Matthys f876983cb3 Fix bug where halfops don't see users JOIN if chmode +D is set.
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=5123
2018-09-09 17:15:49 +02:00
Bram Matthys 681640024a Fix permission issues with minimal IRCOps.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=5130
2018-09-09 17:01:35 +02:00
Bram Matthys 2935385bf2 allow::options::sasl has been removed. Use the new and more flexible
require sasl { } block instead.
2018-09-09 09:49:03 +02:00
Bram Matthys 73f69ccb11 Fix clang warning 2018-09-07 18:14:14 +02:00
Bram Matthys bd19e9c87a Log linking attempts and errors. Also report them to IRCOps in an uniform way.
Reported by Mr_Smoke in https://bugs.unrealircd.org/view.php?id=3973
2018-09-07 11:59:12 +02:00
Bram Matthys 858aaa774a 'SVSMODE Nick -t' does not remove vhost (while MODE 'MODE Nick -t' does)
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=5111
2018-09-07 10:50:00 +02:00
Bram Matthys aa3e66bb5b We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.

It's likely I made some mistakes somewhere => testing required!!
2018-09-05 16:24:08 +02:00
Bram Matthys 107d8ccf6a * A new require sasl { } block which allows you to force users on the
specified hostmask to use SASL. Any unauthenticated users matching
  the specified hostmask are are rejected.
  See https://www.unrealircd.org/docs/Require_sasl_block
Feature suggestion: https://bugs.unrealircd.org/view.php?id=5107
2018-09-05 11:34:48 +02:00
Bram Matthys c4760cc83c Add more soft actions. The full list is available on
https://www.unrealircd.org/docs/Actions
Also, some minor cleanups / simplifications.
2018-09-05 09:39:44 +02:00
Bram Matthys c8c0199095 Fix potential bug if there are both soft and hard tkl's matching the user.
Add soft-shun. Use IsLoggedIn() to detect logged in to services status
rather than repeating the more elaborate if ... isdigit...svid.. etc.. stuff.
2018-09-04 21:08:48 +02:00
Bram Matthys aa45ce11cc ..and the necessary stuff for softbans in the blacklist module. 2018-09-03 20:18:23 +02:00
Bram Matthys b2be1009a0 Second parameter to find_tkline_match() can now be used to skip
soft ban checking. Necessary for blacklist module.
2018-09-03 19:55:48 +02:00