1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 01:26:38 +02:00
Commit Graph

9585 Commits

Author SHA1 Message Date
Bram Matthys 275cb97cfc For JSON-RPC with UNIX Domain sockets, split on \n (newline).
This so multiple parallel requests can be handled properly.

JSON-RPC over websockets is unchanged, as every JSON-RPC
requests goes into its own websocket frame there (easy).
2023-04-01 12:25:16 +02:00
Bram Matthys 89f75bd6e7 Fix some warnings: change an int to time_t and vice-versa 2023-04-01 09:52:19 +02:00
Bram Matthys a6820b4a8d Fix weird +F values when two channels merge.
This was a forgotten TODO item for cmodef_dup_struct(),
more netsync tests are still to follow.
Bug reported by Lord255.
2023-04-01 09:06:37 +02:00
Bram Matthys 4e49323e88 Fix crash on rpc-user { } block without a name. 2023-04-01 08:58:17 +02:00
Bram Matthys 7a50f963f8 Make channel.set_topic use the issuer internally. No logging or
other changes yet, just unrealircd.org/issued-by testing.

Tag shows up correctly when setting topic from webpanel now :)
2023-03-31 14:29:14 +02:00
Bram Matthys a3c151a16a RPC: add rpc.set_issuer, eg set to logged in user on the admin panel.
This so UnrealIRCd knows who is issuing the commands.
This information is then passed on to unrealircd.org/issued-by and
is planned to be used by the logging system too.

https://www.unrealircd.org/docs/JSON-RPC:Rpc#rpc.set_issuer
2023-03-31 12:55:31 +02:00
Bram Matthys 5871bd9463 Initial work on unrealircd.org/issued-by message tag.
This will communicate the original issuer of a command.
For example an "SAMODE #test +s" results in a SAMODE coming from
:maintest.test.net MODE ....etc....
And with this feature, we will communicate the IRCOp who did it:
@unrealircd.org/issued-by=OPER:Syzop..etc....
This tag is only sent to servers and to IRCOps, not to ordinary users.

The plan is to support the following variants:
Services: unrealircd.org/issued-by=SERVICES:NickServ@services.test.net
IRCOp:    unrealircd.org/issued-by=OPER:Syzop@maintest.test.net:Operblock_name
JSON-RPC: unrealircd.org/issued-by=RPC:adminpanel@irc1.test.net:Adminpanel_Actual_User

This first commit only adds SERVICES and OPER in the handlers of the
SVSNICK and SAMODE commands. The JSON-RPC variant and all of the other
commands have not been done yet.
2023-03-31 12:17:54 +02:00
Bram Matthys 1ca0b76bb5 Validate value of rpc-user THISNAME { } 2023-03-31 11:54:36 +02:00
Bram Matthys 8c6c9b6206 Fix SAMODE showing tags for the person who executed the SAMODE
instead of the server executing the MODE. Eg unrealircd.org/userhost
was set. This occured because the client = &me; was done after
the message tag preparation, now moved up so it's done before.
2023-03-31 11:22:07 +02:00
Bram Matthys 9ab876133d Add wildcard support to blacklist-module.
This also removes the following warning as a side-effect:
"blacklist-module for '%s' but module does not exist anyway".
2023-03-30 17:42:39 +02:00
Bram Matthys b099033c1b Load RPC modules by default but don't enable webserver or RPC sockets.
See release notes:
+* The RPC modules are enabled by default now. This so remote RPC works
+  from other IRC servers for calls like `modules.list`. The default
+  configuration does not enable the webserver nor does it cause
+  listening on any socket for RPC, for that you need to follow the
+  [JSON-RPC](https://www.unrealircd.org/docs/JSON-RPC) instructions.

[skip ci]
2023-03-30 17:35:11 +02:00
Bram Matthys 553d826ab3 Update release notes
[skip ci]
2023-03-30 17:23:55 +02:00
Bram Matthys bfee61d52d Fix dereferencing the wrong variable in a config_error() 2023-03-30 16:58:44 +02:00
Bram Matthys b51c8315fd Add and use set::modef-split-delay which makes +f ignore join-flood
for this amount of seconds (default: 75) when a server splits.
This helps in case a server dies and the clients reconnect to the
other servers, causing a join-flood to be triggered needlessly.
Of course, OTOH disabling a flood protection temporarily is not
ideal, but after seeing it being triggered too often and requiring
manual intervention in many +f/+F channels, this is the best option
I think, if we want +f/+F to work as painless as possible.

If you have a large network (eg: >5 servers) with equal user
spreading then you could disable this by setting it to 0, since then
1 server dieing may not have enough impact on +f join floods
for this to be needed.

TODO: Documentation and release notes
2023-03-30 16:57:27 +02:00
Bram Matthys aae8306ef6 Do some sanity checking on extban names: max 32 characters and
a-z, 0-9, _, -
2023-03-29 16:39:16 +02:00
Bram Matthys f4755fe587 Do some sanity checks on flood profile names
max length 24, and every character is a-z, 0-9, -, _
2023-03-29 16:38:20 +02:00
Bram Matthys a5b6365ef0 Assume +f profile "normal" always exists, since that is the case.
Also fix some "NULL check but dereferenced before" warnings.
2023-03-29 16:25:33 +02:00
Bram Matthys 8ff5fb62fb Get rid of some shadow (bug in +f config profile handling) 2023-03-29 16:23:47 +02:00
Bram Matthys 55350fe3a3 Fix due to recent +f rewrite: add check for [ at start, fixes OOB read. 2023-03-29 09:50:10 +02:00
Bram Matthys 53aedf2b3f Update release notes
[skip ci]
2023-03-27 13:23:23 +02:00
Bram Matthys abb6fcfcb5 RPC: user.list and user.get now have optional object_detail_level.
This is an integer which decides the amount of details in the response object.

See https://www.unrealircd.org/docs/JSON-RPC:User#Structure_of_a_client_object

Especially for user.list it can be a good idea to ask for less detail if
you don't need all the information. It's up to you...

When 'object_detail_level' is not specified in the request, then:
* For user.list it defaults to 2, which is a "breaking change" in the sense
  that it leaves out the "channels" field. To see the "channels" field you
  would have to use level 4.
* For user.get it defaults to 4, which results in the same output as 6.0.7.
* This makes sense so user.list is shorter than user.get, just like we
  already did in channel.list and channel.get.

By the way, this is all documented in the API calls at
https://www.unrealircd.org/docs/JSON-RPC:User
and for channels at https://www.unrealircd.org/docs/JSON-RPC:Channel
2023-03-27 13:12:27 +02:00
Bram Matthys f9af852c43 Again a fix for JSON logging, so object_detail_level has same result as 6.0.6.
This also changes the Detail level (object_detail_level) for the channel.* calls.
See https://www.unrealircd.org/docs/JSON-RPC:Channel_Object for latest info.

In short: at level 5, we now still hide the members.user.channels because
in general that object is not useful. When you do a channel.* API call
you want a list of users in the channel, and don't really care about
what other channels the user is in, other than the channel you already know.
2023-03-27 12:34:55 +02:00
Bram Matthys 783bdfb741 Fix JSON logging using the correct object_detail_level (same result as 6.0.6) 2023-03-27 10:13:43 +02:00
Bram Matthys a18bb04f45 Bump rpc/channel module version to 1.0.5
[skip ci]
2023-03-27 09:57:07 +02:00
Bram Matthys 957af0909b RPC: channel.get and channel.list now have optional object_detail_level.
This is an integer which decides the amount of details in the response object.

For the channel.* calls the object_detail_level is one of:
0: only return the channel name, nothing else
1: basic channel information only
2: this adds bans, ban_exemptions, invite_exceptions
3: also show members, but only level/name/id
4: also show members, level/name/id/hostname/ip/details/geoip
5: also show members, level and full user details like user.get

When no object_detail_level is specified, the following defaults are used:
For channel.list the default is 1 (matches current 6.0.6 behavior)
For channel.get the default is 3 (matches current 6.0.6 behavior)

Using channel.list with object_detail_level=5 is forbidden because
it would cause way too much output (and processing time).
2023-03-27 09:56:03 +02:00
Bram Matthys 98868dbbe9 Some leftover changes for release notes
[skip ci]
2023-03-27 09:15:00 +02:00
Bram Matthys 5d25888c71 Update release notes
[skip ci]
2023-03-26 19:49:49 +02:00
Bram Matthys 5c84728a32 Update release notes
[skip ci]
2023-03-26 19:44:46 +02:00
Bram Matthys 8e6c38f09a Potentially fix +f 'r' 2023-03-26 18:55:40 +02:00
Bram Matthys ccd9fc4b25 Make MODE #channel +F show the combined effective view of +f and +F.
Actually it accepts the following variations for this query:
MODE #test f
MODE #test +f
MODE #test F
MODE #test +F
As long as it is like that (with no parameter) we will show details.
Details are shown for all of the four possible combinations of having
or not having +f and +F.

For example "+F normal" and "+f [1k,20t]:10" result in this output:

Channel '#test' uses flood profile 'normal', without action(s) 'k' as they are overridden by +f.
Effective flood setting via +F: '[7c#C15,30j#R10,40m#M10,10n#N15]:15'
Plus flood setting via +f: '[1k,20t]:10'
-
List of available flood profiles for +F:
         none: []:0
 very-relaxed: [7c#C15,60j#R10,10k#K15,90m#M10,10n#N15]:15
      relaxed: [7c#C15,45j#R10,10k#K15,60m#M10,10n#N15]:15
       normal: [7c#C15,30j#R10,10k#K15,40m#M10,10n#N15]:15
       strict: [7c#C15,15j#R10,10k#K15,40m#M10,10n#N15]:15
  very-strict: [7c#C15,10j#R10,10k#K15,30m#M10,10n#N15]:15
See also https://www.unrealircd.org/docs/Channel_anti-flood_settings
2023-03-26 17:19:13 +02:00
Bram Matthys 67f61e7444 Retain sorting order when when set_channel_flood_profile() overwrites
an existing +F profile.
2023-03-26 16:43:45 +02:00
Bram Matthys 4ebdc7cd5b Don't allow subtype 't' and 'r' in +F profiles for now due to technical
reasons. If you want those, then use +f. (See source)
2023-03-26 16:03:35 +02:00
Bram Matthys 7f84bf7a39 floodprot minor code cleanup (chp -> fld) 2023-03-26 15:58:02 +02:00
Bram Matthys aa48b4d9d8 Make +F and +f work together (+f subtypes override +F settings) 2023-03-26 15:56:52 +02:00
Bram Matthys 1590628488 Drop the alt-actions +m and +M for the CTCP floodtype.
When a channel CTCP flood happens and there is an +f with the 'c' floodtype,
we set channel mode +C by default. Alternative action possiblities
were +m and +M. I don't think anyone really used those alt actions for CTCP
because makes little sense to set the channel +m/+M on a CTCP flood when
there is +C which has far less impact.

More important, the fact that +m/+M could be set both upon CTCP flood
and upon message flood, this 'dual timer' thing, makes it rather
complex when we now have both +f and +F, so easiest solution is just
to scratch this possibility :)
2023-03-26 15:42:09 +02:00
Bram Matthys 972046448a Channelmode +f code cleanups: make a single parse_channel_mode_flood()
function that handles all of is_ok(), conv_param() and put_param().

Hopefully I merged all the logic correctly :D
2023-03-26 13:42:18 +02:00
Bram Matthys b03b122348 Initial work on set::anti-flood::channel likely with bugs and no validation 2023-03-26 09:34:51 +02:00
Bram Matthys 5db1ce00b1 Handle the HOOKTYPE_CONFIGRUN and TEST for CONFIG_SET_ANTI_FLOOD first. 2023-03-26 09:00:35 +02:00
Bram Matthys c9fddc51f9 Add channel mode +F <flood-profile> 2023-03-25 19:00:48 +01:00
Bram Matthys b9be185f0a Make channel mode +f ban "unknown-users" first on a join flood,
if the join flood is caused by >75% of "unknown-users". This
to see if that will take care of the flood without harming
the "known-users" group. And naturally, do something similar
for message floods and nick floods.

If the flood persists, because they are caused by known-users,
then the +i/+m/etc actions are still taken.

This is work in progress, and some things are set to useful-
for-testing values, such as an unsettime of 1 minute.
2023-03-25 13:31:55 +01:00
Bram Matthys 04ce8f8ed7 Add helper functions 2023-03-25 12:19:44 +01:00
Bram Matthys 748f381d81 Use X509_check_host() in OpenSSL 1.1.0 and later and don't use it
for OpenSSL 1.0.2 anymore, 1.0.2 will use the fallback version.
This changes the include file.

(OpenSSL 1.0.2 is out of support since Jan 1 2020 so one may wonder
 why care at all, but i'm trying not to break that during minor
 UnrealIRCd releases)
2023-03-25 12:18:44 +01:00
Bram Matthys 78ce692357 Move ban_exists() to the core (was a helper function in channeldb) 2023-03-25 10:38:05 +01:00
Bram Matthys 5f36221869 Add OpenSSL include to fix compile warning.
X509_check_host() requires openssl/x509.h -- well except on
newer OpenSSL's apparently :D
2023-03-25 10:32:12 +01:00
Bram Matthys bfd9650abf Don't use X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS to fix compile problems.
I guess it's not that important so not doing #if defined() checks for it.
Compile problem reported by val.
2023-03-25 10:22:28 +01:00
Bram Matthys 24622144b1 Bump version to 6.0.8-git
[skip ci]
2023-03-25 09:19:41 +01:00
Bram Matthys 83d2498ec8 Add configure check for and use X509_check_host() instead of
always using our own implementation (that is not really ours,
by the way).
2023-03-25 08:31:25 +01:00
Bram Matthys d5aa0b61f1 Bump max length of log entries from 8k to 16k
(for example for logging a 8k+512 bytes line during debugging).
2023-03-25 07:39:44 +01:00
Bram Matthys b51a533ccf In WHOWAS show the normal host (vhost/cloakedhost) to IRCOps now that
the realhost/IP is communicated on a separate line. This so you now
can see both vhost/cloakedhost and realhost as an IRCOp in a single
WHOWAS request.
2023-03-25 07:32:43 +01:00
Bram Matthys 89611887cb Previous fix for big tags was insufficient. 4K+4K+512 rule should now be OK.
This also adds the MAXLINELENGTH define which is set to 4K+4K+512,
it can be used when you are dealing with complete lines (quite rare
in the code, mostly in socket code and labeled response).
And now also #define READBUFSIZE MAXLINELENGTH
but it is used beyond read buffers, als in write buffers of course.
2023-03-25 07:30:22 +01:00