1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-03 23:23:14 +02:00
Commit Graph

3175 Commits

Author SHA1 Message Date
Val Lorentz 2a3f5dc500 MODE: Reply with ERR_NOSUCHCHANNEL when the target is a channel (#287) 2024-07-05 07:28:12 +00:00
Bram Matthys 3bc1e0c932 Fix tkldb issue caused by making ban user::mask a mask item.
The build tests were failing for tkldb save & restore. Cause was this:

if (tkl->ptr.serverban->match)
^ this is wrong.. because it doesn't check if tkl is a server ban

So it could be tkl->ptr.spamfilter->whatever_is_at_that_memory_offset
which is non-NULL.

Could have updated the code to an if (IsServerBan... && tkl->..etc..)
but decided to ditch this needless code altogether.

As this wasn't needed at all since it already skips config-based.
And all mask items bans are config-based.

One of those rare cases where trying to be extra careful actually
causes a fuckup.
2024-07-01 18:56:29 +02:00
Bram Matthys c12864f81b Fix crash in server_ban.list JSON-RPC call as well.
Hmm... we should probably use json_expand_tkl() differently for match items
instead of returning "<match-item>" literally. Consider this a TODO item :D
This only happens for config-based bans that can't be removed anyway, so..
2024-06-30 19:59:41 +02:00
Bram Matthys 58d7a274f6 Fix crash in new ban user { } code, as predicted two commits ago. 2024-06-30 19:47:04 +02:00
Bram Matthys 53d97e020f Fix for last commit: except ban { } was not checked for ban user { } blocks 2024-06-30 19:26:02 +02:00
Bram Matthys bc7c69dd20 Make ban user::mask and require authentication::mask a Mask item. Finally.
As requested in
https://bugs.unrealircd.org/view.php?id=6159 by PeGaSuS
https://bugs.unrealircd.org/view.php?id=6319 by BlackBishop
https://bugs.unrealircd.org/view.php?id=6397 by Valware

The mask item https://www.unrealircd.org/docs/Mask_item
means you can use all the power of mask items and security groups and
multiple matching criteria.

This requires a bit more testing as username/hostname are NULL now
so some code paths may have to be adjusted. The function call to add
server bans has changed too. And, really need to check that soft bans
are not broken... because they might be ;D
2024-06-30 19:06:37 +02:00
Bram Matthys f6643f283c Support spamreport::url for type central-spamreport too.
This so you can get the same spamreport data to your own custom system.
It works similar to set::central-blocklist::url but then on a
spamreport { } basis which is better, since then you can still
submit to UnrealIRCd central spamreport too.

So you can have two blocks:
spamreport unrealircd { type central-spamreport; }
spamreport custom { type central-spamreport; url 'https://www.example.org/xyz'; }

And then a /SPAMREPORT or 'report;' action will report it to BOTH.

Requested by Chris
2024-06-26 14:01:13 +02:00
Valerie Liu 54a8fc140b restrict-commands: add option 'channel-create' (channel creation) (#285)
* restrict-commands: add option 'channel-create' for managing who may create new channels.
This has been a commonly requested feature with different requested options, I think it makes sense to do it properly from here
2024-06-14 13:05:34 +00:00
Bram Matthys 58646bafbb Reorder some if's and comment them to make sense.
[skip ci]
2024-06-14 14:36:34 +02:00
Bram Matthys 33c6eb0bcf Destroy channel if 0 users and can_join() rejects the user.
Reported by Valware. E.g. if HOOKTYPE_CAN_JOIN rejects the join
when it is a new channel.

( And yeah... +P channels are not destroyed... handled in
  sub1_from_channel() -> HOOKTYPE_CHANNEL_DESTROY already. )
2024-06-14 14:28:11 +02:00
Bram Matthys c37dc9334b Attempt to fix KICK OperOverride message if you are not +o but have +h/+a/+q.
There was an incorrect OperOverride message if you were had +h, +a or +q
and was kicking someone that you should normally be able to (without override).

This requires quite a bit of further testing, though, it's so easy to get
this wrong. The FIXME still stands to fix this for good some day.

Reported by Valware in https://bugs.unrealircd.org/view.php?id=6423
2024-06-14 10:45:41 +02:00
alice a77ff1f2c8 Fix OPEROVERRIDE_VERIFY option. (#278)
Reported by hnj in https://bugs.unrealircd.org/view.php?id=6418

Appears to have been introduced as part of the 6.x refactor of secret/private channel modes in 8066c13876

Also adjust message for ERR_OPERSPVERIFY to include channel name.
This is to correspond closer to other similar numerics around this area, as well as agreeing with the definition within modern.
2024-06-14 07:22:19 +00:00
Bram Matthys 9d91f61206 Crule: forgot a context && context->client check. Just in case the
crule is used outside security groups / spamfilter, like in
deny link { }.

Also update the match_realname() since via the extban code it would
use match_esc() which is rather confusing if you have double (or
perhaps even triple) escaping when using this in the conf.
2024-05-20 09:31:29 +02:00
Bram Matthys 899955b47d Crule: forgot match_realname('*xyz*'). Now we should be at 100% :) 2024-05-20 09:11:25 +02:00
Bram Matthys 0e9280e731 Crule: add match_account(), match_country(), match_certfp(). 2024-05-20 09:06:11 +02:00
Bram Matthys dbbcba10e3 Let's get rid of this !strlen(arg)
[skip ci]
2024-05-20 08:29:56 +02:00
Bram Matthys 9d166eed26 Some minor tweaks so these can be used in pre-connect-stage.
Otherwise in pre-connect-stage is_identified(), is_webirc()
and is_websocket() will always return false due to the
IsUser() check.

One should always be careful with accessing things in pre-
connect-stage, but in this case the IsLoggedIn() and
moddata_client_get() are safe to use. The former checks
client->user and the latter does not access anything within
client->user at all.
2024-05-20 07:56:07 +02:00
Valerie Liu 14dd3a9038 Crule: add is_identified(), is_websocket() and is_webirc() (#277)
* Update crule.c: add is_identified(), is_websocket() and is_webirc()
* Update RELEASE-NOTES.md
2024-05-20 05:50:07 +00:00
Bram Matthys b07f02fb11 Fix +b ~forward not taking into account +e (ban exemptions).
Reported by rafaelgrether in https://bugs.unrealircd.org/view.php?id=6410
2024-05-19 18:49:33 +02:00
Bram Matthys 229b3a7f1b Fix ~forward checking IsRegNick() instead of IsLoggedIn() 2024-05-19 18:31:38 +02:00
Bram Matthys e12559ad78 Allow modules to provide SASL locally, by hooking into AUTHENTICATE.
Note that this is still a dumb interface and not a real proper
authentication framework.

This adds HOOKTYPE_SASL_AUTHENTICATE and HOOKTYPE_SASL_MECHS and
also provides 3 functions: sasl_succeeded(), sasl_failed() and
a helper function decode_authenticate_plain() for AUTHENTICATE PLAIN.
2024-05-13 13:23:59 +02:00
Bram Matthys 01a441de84 Add crule functions: is_tls(), in_security_group(), match_mask(), match_ip()
* Add more [Crule](https://www.unrealircd.org/docs/Crule) functions:
  * `is_tls()` returns true if the client is using SSL/TLS
  * `in_security_group('known-users')` returns true if the user is in the
    specified [security group](https://www.unrealircd.org/docs/Security-group_block).
  * `match_mask('*@*.example.org')` or `match_mask('*.example.org')`
    returns true if client matches mask.
  * `match_ip('192.168.*')` or with CIDR like `match_ip('192.168.0.0/16')`
    returns true if IP address of client matches.
2024-05-06 10:06:07 +02:00
Bram Matthys a95825687c crule: has_umode->has_user_mode and add has_channel_mode as well.
And update release notes:

* Add more [Crule](https://www.unrealircd.org/docs/Crule) functions:
 * `is_away()` returns true if the client is currently away
 * `has_user_mode('x')` returns true if all the user modes are set on the
   client.
 * `has_channel_mode('x')` can be used for spamfilters with a destination
   channel, such as messages: it returns true if all specified channel modes
   are set on the channel.
2024-04-05 09:25:25 +02:00
Valerie Liu 4bbe55718a add two new crule functions: has_umode and is_away (#275)
This adds two new functions to Crule:
- `has_umode()` which expects a parameter of one or more mode chars, returns true (1) if all of them match, otherwise returns false (0)
- `is_away()` which expects no parameter which simply matches whether the user is set as away as a boolean
2024-04-05 06:55:41 +00:00
Bram Matthys 2b328374a5 Fix whowasdb module causing WHOWAS entries to vanish (way too soon) 2024-03-29 09:41:48 +01:00
Bram Matthys e098be6d28 Some more moving for previous commit aa9fdd352a 2024-02-11 10:34:14 +01:00
Valerie Liu aa9fdd352a Move giving of set::modes-on-connect to after SASL (#270)
This so account-based security groups work correctly with security-group based set xxxxx { modes-on-connect ....; } settings.
[skip ci]
2024-02-11 09:32:20 +00:00
Bram Matthys 037889d7ac Add safety rollback of spamfilter if it doesn't compile. Should not be needed
but we (I) tend to screw up in other areas :D
[skip ci]
2024-01-17 09:48:47 +01:00
Bram Matthys b8a8863c19 Get rid of [BUG] message due to no-implicit-names patch if using DEBUGMODE.
main.BUG_CLIENTCAPABILITYBIT_UNKNOWN_TOKEN [warn] [BUG] ClientCapabilityBit() check for unknown token: no-implicit-names
2024-01-10 18:03:43 +01:00
Bram Matthys ae0206a92a Add oper::auto-join. This setting overrides set::oper-auto-join.
Suggested by Chris_dc in https://bugs.unrealircd.org/view.php?id=6255
2024-01-10 17:06:35 +01:00
Bram Matthys 9f3f9522cf Make operclass available in security-group & mask/match.
security-group netadmin { operclass { netadmin; netadmin-with-override; } }

Untested.
2024-01-10 14:14:14 +01:00
Bram Matthys 079e7babef Fix "Central blocklist too slow to respond" message when using softban
or require authentication { } block.

And the connecting user would get a message every second, which was
a bit floody ;D.

Repoerted by GHF in https://bugs.unrealircd.org/view.php?id=6375
2023-12-28 13:30:49 +01:00
Bram Matthys 64ea1d09d6 Move 'reserved clients' stuff to runtime, since 'ulimit -n' could be lower.
This fixes a bug where if you run ./Config with 'auto' file descriptors,
and then have an unusually low 'ulimit -n' of like 150, you would end up
with a negative amount of file descriptors available for use.

This fix moves it from compile-time setting of reserved fd's to runtime
setting.

All this is wrong, by the way, but that is for another major overhaul,
at least this bug is fixed now :D
2023-12-28 09:00:09 +01:00
Bram Matthys 88c2083df9 Fix no-implicit-names to set official flag. As all buildbots failed. 2023-12-26 15:41:06 +01:00
Bram Matthys 600185deba Add support for CAP draft/no-implicit-names
https://github.com/unrealircd/unrealircd/pull/265 by Valware
"This is an IRCv3 extension which lets clients opt-out of receiving /names on join.
 This is useful for bots on large channels who do not need to know who is in the channel.
 Specification: https://ircv3.net/specs/extensions/no-implicit-names"

+ module rename from 'no-implicit-names-cap' to 'no-implicit-names'
  (simply because no other modules has that -cap suffix)
+ update to Makefile.windows
2023-12-26 14:46:54 +01:00
Bram Matthys 48d3673a02 Only do slow spamfilter detection for regexes, not for 'simple' */?
Since it is pointless and this saves some CPU :)
2023-12-22 15:43:11 +01:00
Bram Matthys c5ed4ef9bb Don't call spamfilter for TAGMSG. If you are filtering that, look at 'T'.
Calling spamfilter for TAGMSG makes no sense as the text is "" (empty) :D

If you want to filter message tags, have a look at spamfilter type 'T',
which filters individual message-tags (not just the ones in TAGMSG but
also for PRIVMSG and NOTICE).

[skip ci]
2023-12-22 15:38:14 +01:00
Bram Matthys 70a59b8b1e central-api: add format check for api-key so people don't use a request-key there.
Reported by DeviL.
2023-12-18 09:37:18 +01:00
Bram Matthys 49e84436b4 Fix +I ~operclass requiring an operclass block name of >3 characters.
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6372

Was an old leftover check from old style extban API
2023-12-17 09:53:36 +01:00
Bram Matthys b0e87dcafa Fix crash issue in websocket server (CVE-2023-50784) 2023-12-15 12:34:06 +01:00
Bram Matthys fa84174d22 Fix the fix for frame assembly in webserver. 2023-12-12 18:05:23 +01:00
Bram Matthys 7b8c9e8d72 Fix memory leak due to change from yesterday (duh..)
Caused by 4178cb3f81
[skip ci]
2023-12-08 07:44:45 +01:00
Bram Matthys 4178cb3f81 Fix frame reassembly in webserver_handle_request_header()
Previously the same code caused no problem, but then
2fcb5b4669 changed the read buffer
size to 16384.
Since then (6.1.2.x) the webserver_handle_request_header() function
was sometimes cutting 1 byte off the packet due to sizeof(netbuf)-1
which was 16383 bytes. We now no longer use a fixed value and
allocate memory dynamically on the heap.

This fixes the bug that I was seeing but this change still needs
serious extra testing as it may affect websockets and RPC!
2023-12-06 18:19:17 +01:00
Bram Matthys 49614fc891 Thanks to Koragg for reporting previous issue :D
54ad2d1586
[skip ci]
2023-12-05 18:31:56 +01:00
Bram Matthys 54ad2d1586 Fix crash with 'crule', because it was being checked against Services bots 2023-12-05 18:22:25 +01:00
Bram Matthys 99fcf9adf6 Add unrealircd_version in CBL request, mostly for the future.
[skip ci]
2023-12-01 08:03:43 +01:00
Bram Matthys 96b18946ca Include oper name on /SPAMREPORT (for central spamreport) 2023-12-01 07:58:01 +01:00
Bram Matthys 53f0f0cb94 Fix unitialized variable access caused by earlier commit of today
(only if you use a proxy block)
2023-11-27 17:59:37 +01:00
Bram Matthys 5f767a8fe8 Proxy block: rework and add support for X-Forwarded-For, Cloudflare, etc. 2023-11-27 12:10:17 +01:00
Bram Matthys 026d5522a8 Remove WSU() items forwarded & secure, since these are in webserver nowadays. 2023-11-27 10:07:34 +01:00