1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 14:26:37 +02:00
Commit Graph

1791 Commits

Author SHA1 Message Date
Bram Matthys 08cb0fc05d Move crule to a module, so we can hot-patch if needed in the future.
This is a mandatory module to load, and included in modules.default.conf.

This also meant that the crule_test() etc efunctions are available
before running config test routines, so we now have a flag for
early efuncs. I guess we could consider doing that for all efuncs
though, so not sure if this flag is really needed.
2023-07-16 10:33:25 +02:00
Bram Matthys c6ae5b05c1 Update release notes a bit
[skip ci]
2023-07-16 09:07:57 +02:00
Bram Matthys cdc14569a9 Warn on plaintext oper::password in conf and even go as far as
generating the password hashes and suggesting using those.

This also starts the initial work on set::best-practices
https://www.unrealircd.org/docs/Set_block#set::best-practices
with hashed-passwords as the first setting there.
2023-07-15 19:02:31 +02:00
Bram Matthys b3995f48ff Mention password hashing in the example.conf itself.
Suggested by rafaelgrether in https://bugs.unrealircd.org/view.php?id=6303
2023-07-15 09:04:07 +02:00
Bram Matthys 4c3d2a6d6d Fix write bug in tkldb and add spamfilter::action stop.
The spamfilter::action stop ill prevent processing other spamfilters.
This would normally be a bit unusual, and potentially dangerous when you
do exclude things this way, but can be useful in some circumstances.

Stopping only affects the same type of spamfilters (general or central
spamfilters), so they don't interfere.

The tkldb write DB bug had to do with that it was processing
central spamfilters, which should be skipped just like config
based spamfilters were already skipped.
2023-07-11 14:32:11 +02:00
Bram Matthys f333aa0c09 New option set::spamfilter::show-message-content-on-hit:
you can now configure to hide the message content in spamfilter hit
messages. Generally it is very useful to see if a spamfilter hit is
correct or not, so the default is 'always', but it also has privacy
implications so there is now this option to disable it.

Suggested by alice, quite a while ago.

https://www.unrealircd.org/docs/Set_block#set::spamfilter::show-message-content-on-hit

Also as mentioned there:
UnrealIRCd has the following spying countermeasure (for many years) to help
that spamfilters are not abused for spying. When a spamfilter hit happens
that has an action like gline or blocking, it is visible to the user that an
action was taken. There is also the action 'warn', which means: take no
action and only warn IRCOps, that one would be easy to use as a spy tool, so
when this happens and message content was revealed, numeric 659
(RPL_SPAMCMDFWD) is sent to the client to indicate that the message is
allowed through but IRCOps were informed.
With this new set::spamfilter::show-message-content-on-hit feature, when
the message content was hidden due to this setting (eg due to 'never' or
'channel-only'), the warn message will not be sent as there is no need to
inform the user in such a case.
2023-07-11 12:11:26 +02:00
Bram Matthys 95902979dc Central spamfilter: now every 1hr and a default set::central-spamfilter::except
policy is added. This may be tweaked later.
2023-07-10 20:18:07 +02:00
Bram Matthys 15b9255b0e Add spamfilter::except as an alternative for spamfilter::rule and upd rls notes 2023-07-10 12:12:25 +02:00
Bram Matthys c18c79e88b Add spamfilter hits and hits for exempted users.
* This means we always run spamfilters, even if users are exempts
* This way we can gather hits for exempted users on individual
  spamfilter entries, and possibly detect false positives
  (which relies on the assumption that those users are innocent)
* The hit counters are shown in in RPL_STATSSPAMF and also
  exposed via the JSON-RCP API.
* This commit also adds set::central-spamfilter::except but more
  on that later since i still want to set a default for that in
  a future commit.
* This also changes take_action() to take flags and adds the
  option TAKE_ACTION_SIMULATE_USER_ACTION which i intended to
  use but didn't in the end... not sure if i should keep it :D
2023-07-10 11:30:51 +02:00
Bram Matthys 93ea44680f Oh yeah... typo reported by BlackBishop... :D
[skip ci]
2023-07-09 13:08:52 +02:00
Bram Matthys dec9aa0341 Reporting spam to DroneBL now works, see https://www.unrealircd.org/docs/Spamreport_block
This uses the RPC2 API. Tested with staging.

Note that there are likely some bugs here or there, like memory leaks,
but the functionality is there.

Also still need to implement various stuff, including spamreport::rate-limit
2023-07-09 13:07:29 +02:00
Bram Matthys def77c4d52 Initial work on spamreport { } block. Not really useful yet.
Early commit before i make it actually work and implement the rest
and hunting for memory leaks etc...
2023-07-08 15:35:08 +02:00
Bram Matthys a7ab8f7710 Update early release notes a bit (still work in progress)
[skip ci]
2023-07-07 20:28:46 +02:00
Bram Matthys c6e83be412 Release notes: fix "turn off" to be set { spamfilter { utf8 no; } }
Reported by BlackBishop
[skip ci]
2023-07-07 16:47:45 +02:00
Bram Matthys caf4708597 Update early release notes a bit
[skip ci]
2023-07-07 16:46:56 +02:00
Bram Matthys 5b04177ad7 Update early release notes a bit
[skip ci]
2023-07-06 07:59:16 +02:00
Bram Matthys 41fcdb3264 Set set::spamfilter::utf8 to 'yes' by default. 2023-07-06 07:57:49 +02:00
Bram Matthys 280a1ddb1d Update this file too :D
[skip ci]
2023-06-17 18:09:38 +02:00
Bram Matthys 407bd84c11 Bump version to 6.1.2-git 2023-06-17 18:08:51 +02:00
Bram Matthys 4c2bb2ff21 ** UnrealIRCd 6.1.1.1 ** 2023-06-16 18:06:44 +02:00
Bram Matthys 65da3d7ccd Mention ./unrealircd upgrade
[skip ci]
2023-06-14 09:14:21 +02:00
Bram Matthys 6e2569a9b7 ** UnrealIRCd 6.1.1 ** 2023-06-14 08:53:07 +02:00
Bram Matthys f1a5e30e8a ** UnrealIRCd 6.1.1-rc1 ** 2023-05-31 08:16:57 +02:00
Bram Matthys e3bd914ad8 Add a link in release notes
[skip ci]
2023-05-29 19:18:33 +02:00
Bram Matthys c32ff22a3e Change the meaning of CMD_BIGLINES of yesterday.
Without CMD_BIGLINES: parameters to commands can be 510 bytes max
(but eg. strlen(parv[1])+strlen(parv[2]) can be >510, like 510*2,
 when received from servers with BIGLINES support).
If someone does set CMD_BIGLINES in their CommandAdd() then the
parameter(s) size is not limited an can be up to 16k.

This is a bit more risky than previous but i think most command
handlers can handle parameters of max BUFSIZE/512 just fine
and care less about the grand total. Also, the risk is only
from server traffic and not from user traffic. Still, we will
keep going through the source to check for issues.
2023-05-29 15:16:18 +02:00
Bram Matthys bb419b95d1 Remove set::maxbanlength as it is not useful and only confusing.
https://www.unrealircd.org/docs/Set_block#set::maxbanlength
2023-05-28 20:25:02 +02:00
Bram Matthys e3262c6bd8 Change default for set::topic-setter and set::ban-setter to 'nick-user-host',
previously it was set to 'nick'

Also allow the full topic length for the nick-user-host case, now that
we have BIGLINES support. For non-BIGLINES-servers this could mean a
potential cutoff of the last 20 characters of the topic, which is why we
restricted it to 340 instead of 360 for nick-user-host previously, but
that is really only in the corner case / worst case, like with max NICKLEN,
max USERLEN, max HOSTLEN, max CHANNELLEN, etc... i think we can live
with that small "problem" until all servers upgrade.
2023-05-28 17:54:44 +02:00
Bram Matthys 2fcb5b4669 * Server to server lines can now be 16384 bytes in size when
`PROTOCTL BIGLINES` is set. This will allow us to do things more
  efficiently and possibly raise some other limits in the future.
  This 16k is the size of the complete line, including sender,
  message tags, content and \r\n. Also, in server-to-server traffic
  we now allow 30 parameters (MAXPARA*2).
  The original input size limits for non-servers remain the same: the
  complete line can be 4k+512, with the non-mtag portion limit set
  at 512 bytes (including \r\n), and MAXPARA is still 15 as well.
* I chose 16k because I don't want to first raise it to like 8k
  and then realize later that 16k would be better and raise it again.
* To receive BIGLINES in a command, you need to `CommandAdd()` with
  flags `CMD_BIGLINES`, without it you still get regular 512 max.
  This is so, because a lot of the code does not expect longer than
  512 bytes lines or in parameters, so we can gradually change that
  (where needed).
2023-05-28 15:06:32 +02:00
Bram Matthys b6179d87d0 Update release notes a bit
[skip ci]
2023-05-27 19:21:59 +02:00
Bram Matthys 8e2527741b Update shipped libraries: c-ares to 1.19.1 2023-05-27 16:03:59 +02:00
Bram Matthys a7cf24c45d Mention new https://www.unrealircd.org/docs/Proxy_block in release notes
and also for safety when redoing DNS and ident due to IP change,
we now:
ClearIdentLookupSent(client);
ClearIdentLookup(client);
ClearDNSLookup(client);
2023-05-26 14:26:26 +02:00
Bram Matthys 52472a9a88 Add support for set unknown-users { } and the like:
It is now possible to override some set settings per-security group by
having a set block with a name, like `set unknown-users { }`
* You could use this to set more limitations for unknown-users:
  ```
  set unknown-users {
          max-channels-per-user 5;
          static-quit "Quit";
          static-part yes;
  }
  ```
* Or to set higher values (higher than the normal set block)
  for trusted users:
  ```
  security-group trusted-bots {
          account { BotOne; BotTwo; }
  }
  set trusted-bots {
          max-channels-per-user 25;
  }
  ```
* Currently the following settings can be used in a set xxx { } block:
  set::auto-join, set::modes-on-connect, set::restrict-usermodes,
  set::max-channels-per-user, set::static-quit, set::static-part.
2023-05-22 12:07:43 +02:00
Bram Matthys e575d0ea05 Update modules.default.conf with more examples of what can go wrong
if you decide to go with your own modules.custom.conf, and why
blacklist-module is a safer approach.
[skip ci]
2023-05-22 08:02:30 +02:00
Bram Matthys 58228e28b3 Prevent people from using an old modules.default.conf.
That file has such a clear warning in it but still people
manage to load old ones. That being said, usually it is not
deliberate, like an cp ../unrealircd.old/conf/* conf/
2023-05-22 07:52:06 +02:00
Bram Matthys 9ea1e0e99c Update release notes a bit
[skip ci]
2023-05-18 13:23:22 +02:00
Bram Matthys 815c97c81e Update release notes on the new functionality of today.
[skip ci]
2023-05-18 13:21:44 +02:00
Bram Matthys 82dbc4a297 Add except ban { } for IRCCloud for maxperip & connect-flood.
In both the release notes to illustrate and in example*.conf
because this is generally a good idea.
2023-05-18 12:01:29 +02:00
Bram Matthys 2c73a37ac7 * New setting set::handshake-boot-delay
https://www.unrealircd.org/docs/Set_block#set%3A%3Ahandshake-boot-delay
  which allows server linking autoconnects to kick in (and incoming
  servers on serversonly ports), before allowing clients in. This
  potentially avoids part of the mess when initially linking on-boot.
  This option is not turned on by default, you have to set it explicitly.
  * This is not a useful feature on hubs, as they don't have clients.
  * It can be useful on client servers, if you `autoconnect` to your hub.
  * If you connect services to a server with clients this can be useful
    as well, especially in single-server setups. You would have to set
    a low `retrywait` in your anope conf (or similar services package)
    of like `5s` instead of the default `60s`.
    Then after an IRCd restart, your services link in before your clients
    and your IRC users have SASL available straight from the start.
2023-05-07 11:21:22 +02:00
Bram Matthys be7d1cbed9 Minor update of early release notes
[skip ci]
2023-05-07 10:09:39 +02:00
Bram Matthys a2324268da Update early release notes for 6.1.1-git
[skip ci]
2023-05-07 09:54:54 +02:00
Bram Matthys 2a70a35f13 Propagate blacklist hit message globally. For snomask 'B',
but also for remote logging and JSON-RPC logging purposes.
[skip ci]
2023-05-05 16:25:29 +02:00
Bram Matthys 45342c2d33 Don't log join/part/kick by default if memory log is on via
conf/rpc.modules.default.conf. This because:
1) It matches the default in example.conf for ircd.log
2) It is a more privacy-friendly setting
3) The log entries are spammy / fill the memory log buffer quickly
2023-05-05 14:53:29 +02:00
Bram Matthys 4f632125fb JSON-RPC: add log.list call to fetch old(er) log entries from memory. 2023-05-05 12:18:13 +02:00
Bram Matthys d48ccb1ec8 When rpc.modules.default.conf is loaded, remember last 1000 lines of log
entries for a maximum of 7 days, in memory.
[skip ci]
2023-05-05 12:16:54 +02:00
Bram Matthys 95074410a5 Set version to 6.1.1-git
[skip ci]
2023-05-05 09:50:48 +02:00
Bram Matthys 1317784de1 ** UnrealIRCd 6.1.0 ** 2023-05-05 07:32:22 +02:00
Bram Matthys f467c031c1 Fix memory leak when an outgoing TLS_connect() fails.
Reported by immibis in https://bugs.unrealircd.org/view.php?id=6263
2023-04-22 14:41:10 +02:00
Bram Matthys 2922a8ae5a Fix crash if there is a parse error in an included file and there are
other remote included files still being downloaded.
This issue exists both with and without cURL, so in both url interfaces.

Was finally able to reproduce this on my own machine. This bug exists
since at least 6.0.0 and perhaps even before that. Just doesn't get
triggered that often due to needing an error and a certain timing
condition (well, and ASan catches it, but on some systems it may
go unnoticed).
2023-04-22 14:08:29 +02:00
Bram Matthys 50e5cb7cbe Bleh, fix a warning... 2023-04-15 14:52:06 +02:00
Bram Matthys 2b1fad89be ** UnrealIRCd 6.1.0-rc2 ** 2023-04-15 14:08:47 +02:00