1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 07:56:38 +02:00
Commit Graph

2796 Commits

Author SHA1 Message Date
Bram Matthys 3de3087c95 Fix read-after-free when linking in a server (that is fully authenticated)
when there is already another established link with a server with the same name.
For example, when there is a network issue and the "old server" is still
waiting to be timed out and the "new server" is already linking in.
2022-10-01 08:48:44 +02:00
Bram Matthys 8b0b3d70ff Fix crash on REHASH with server linked (6.0.5-git only, due to websocket split) 2022-09-26 15:17:27 +02:00
Bram Matthys dc55c3ec9f Add CALL_CMD_FUNC(cmd_func_name) and use it.
This is only for calls within the same module, as otherwise you
should use do_cmd().

Benefit of this way is that it is short and you don't have to worry
about passing the right command parameters, which may change over time.
Example as used in src/modules/nick.c:
-               cmd_nick_remote(client, recv_mtags, parc, parv);
+               CALL_CMD_FUNC(cmd_nick_remote);
2022-08-28 09:04:12 +02:00
Bram Matthys 4e5598b6cf Create and use new CALL_NEXT_COMMAND_OVERRIDE() instead of CallCommandOverride().
This is an easier way to call the next command override handler from command
override functions. It passes the standard parameters so you don't have to
worry about which parameters a CMD_OVERRIDE_FUNC() contains.
This so it is easier to change command parameters in future UnrealIRCd versions,
should it be needed, then it may be possible without any source code changes
on the module developer side.

-       CallCommandOverride(ovr, client, recv_mtags, parc, parv);
+       CALL_NEXT_COMMAND_OVERRIDE();
2022-08-28 08:52:51 +02:00
Bram Matthys 3ca99ddd52 Fix JSON-RPC response, should be in "result" and not in "response".
This breaks all the current script(s) that depend on it, of course,
but makes us correctly conform to the JSON-RPC specification.
Reported by Valware.
2022-08-17 16:56:33 +02:00
Bram Matthys 0d139c6e7c Make /INVITE bypass (nearly) all channel mode restrictions, as it used to be
and as it should be IMO. Both for invites by channel ops and for OperOverride.

This also fixes a bug where an IRCOp with OperOverride could not bypass +l
and other restrictions. Only +b and +i could be bypassed.

Module coders: HOOKTYPE_OPER_INVITE_BAN is now gone and HOOKTYPE_INVITE_BYPASS
is now new. The HOOKTYPE_INVITE_BYPASS is called when the user is joining
a channel to which they were invited to. If you return HOOK_DENY there then
the join is still blocked, otherwise it is allowed.
Using this hook would be sortof unusual since usually you would want users
to be able to bypass restrictions when they were invited by another user
or when they invited themselves using OperOverride.
The only example where we use it in UnrealIRCd is for +O channels so an
IRCOp cannot use OperOverride to join +O channels when they would otherwise
not be allowed to do so. Actually even that is a corner case that you could
debate about, but.. whatever.
2022-08-06 15:52:16 +02:00
Bram Matthys 0e6fc07bd9 Update verify_link() to return rather than set the link block in a variable.
Hopefully this fixes a crash when linking (succesfully authenticated) servers,
something which only happens with GCC and only for some people in some cases.
2022-08-03 14:55:37 +02:00
Bram Matthys 7267d81278 RPC: add spamfilter.list and spamfilter.add calls. 2022-08-02 09:28:09 +02:00
Bram Matthys eb9aff4c1c RPC: user.get: use JSON_RPC_ERROR_NOT_FOUND if user is not found. 2022-08-02 08:31:46 +02:00
Bram Matthys b079aa3498 RPC: Fix "id" not showing up in error responses.
rpc_error() and rpc_error_fmt() were called with a NULL request.
This also fixes logging of RPC errors to show the name of the RPC call.
2022-08-02 08:30:03 +02:00
Bram Matthys 6749ab4e0c RPC: server_ban: add handling of "expire_at".
Was previously always setting expiry to 5 seconds as a placeholder/TODO.
2022-08-02 08:22:28 +02:00
Bram Matthys 970cd60698 Use timestamp_iso8601() from server-time module (less duplicate code). 2022-08-02 08:13:49 +02:00
Bram Matthys 7371498ffd Make auto-expansion work for IPv6 bans as well: +b A:B:C:IP -> *!*@A:B:C:IP.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=6147

This also adds a new function convert_regular_ban() which is now
used by both clean_ban_mask() and extban_conv_param_nuh().
2022-07-01 10:13:57 +02:00
Bram Matthys 8703d883dd Fix crash with ip change vs 'connect-flood' module. 2022-06-28 17:28:44 +02:00
Bram Matthys c85f666fed Fix server_ban_parse_mask() returning with variables set to local storage.
More precise, for extended server bans, usermask/hostmask was set to
a local variable that was not defined as static char[]. This would lead
to corrupt data and/or crashes.

Bug introduced a few days ago with 3d9b7e4b70
2022-06-27 10:49:46 +02:00
Bram Matthys 29dc2e1e47 Fix REMOTE_CLIENT_JOIN not showing up for remote joins.
There was log code for "JOIN" but not for "SJOIN". Added now.
Reported by ComputerTech in https://bugs.unrealircd.org/view.php?id=6141
2022-06-25 09:17:07 +02:00
Bram Matthys c60fdad7eb RPC: add server_ban.add
This also moves some of the adding code (sending notice, broadcasting to
other servers, etc) to a function tkl_added().

We should probably do the same for deletion and not use the tkllayer
anymore for that?
2022-06-24 19:49:32 +02:00
Bram Matthys 2c1457ae6b RPC: add server_ban.del 2022-06-24 19:18:39 +02:00
Bram Matthys 3d9b7e4b70 RPC: remove tkl, split this up.. starting with server_ban.
Currently available:
* server_ban.list
* server_ban.get with params: name="*@1.2.3.4", type="kline"

This also adds server_ban_parse_mask() which is now used by both GLINE/etc
and the RPC API to parse the same way and convey the same error messages.
2022-06-24 18:53:10 +02:00
Bram Matthys d3697b8684 RPC: add tkl.list 2022-06-24 13:33:20 +02:00
Bram Matthys 14215e1837 Fix two memory leaks in RPC:
* on REHASH rpc-user block name was not freed
* temporary construct was not freed (if params was missing)
2022-06-22 14:54:51 +02:00
Bram Matthys fdf0d545d7 Split rpc_client_handshake() into rpc_client_handshake_unix_socket()
and rpc_client_handshake_web().

Makes the code easier to follow / less chance of mistakes.
2022-06-22 13:53:56 +02:00
Bram Matthys 25d5ae93e6 Do some sanity checking in webserver (fixes crash) 2022-06-22 13:45:54 +02:00
Bram Matthys faffe7c9a8 Fix crash in webserver 2022-06-21 17:56:25 +02:00
Bram Matthys 7c8918e22d Update rpc_error() to use JsonRpcError (enum) and add more error values. 2022-06-20 19:02:52 +02:00
Bram Matthys 0a4c6e877d Fix crash if 'websocket' is loaded without 'websocket_common'.
Previously we did show a warning but we could crash a millisecond
later so that wasn't particularly helpful.
Now, is_module_loaded() can be used from HOOKTYPE_CONFIGPOSTTEST
to detect if a module is loaded or not, contrary to us having to
do it in MOD_LOAD when it is too late. So now the requirement is
really enforced and also works for hot-loading as well as
unloading of required modules is now prevented.
2022-06-20 08:54:53 +02:00
Bram Matthys a14609f493 Fix small memory leak in webserver. 2022-06-20 08:25:46 +02:00
Bram Matthys 26ab79132b Fix memory leak in webserver for HTTPS POST. 2022-06-19 20:47:48 +02:00
Bram Matthys 1fe6119026 Make tld::motd and tld::rules optional.
Suggested by Jellis in https://bugs.unrealircd.org/view.php?id=6072
2022-06-19 20:15:00 +02:00
Bram Matthys 55387a8aa4 RPC: Fix strchr() on non-nul-terminated string (leading to OOB read) 2022-06-19 17:59:05 +02:00
Bram Matthys 8b2caf5501 Make listen::options::rpc implicitly enable TLS, so nobody
accidentally allows JSON-RPC over insecure HTTP.
2022-06-19 16:17:15 +02:00
Bram Matthys 5301ab5be8 Add some TODO items 2022-06-19 13:13:33 +00:00
Bram Matthys 941439a710 Use RPC_CALL_FUNC() just like how we have CMD_FUNC() 2022-06-19 13:13:33 +00:00
Bram Matthys f99085fc03 RPC: add user.get() 2022-06-19 13:13:33 +00:00
Bram Matthys 0e60b8bbfb RPC: Add ?username=xyz&password=zzz authentication as well
FIXME: move URI parsing to 'webserver' and deal with unescaping %xx
2022-06-19 13:13:33 +00:00
Bram Matthys c611f18d56 RPC: Add rpc-user { } block and do authentication 2022-06-19 13:13:33 +00:00
Bram Matthys ab999659fc Remove some FIXME's and cleanup code a little bit. 2022-06-19 13:13:33 +00:00
Bram Matthys e718d2021f Make websocket work over RPC 2022-06-19 13:13:33 +00:00
Bram Matthys 853f0685ed Split off big chunk of websocket module into websocket_common module.
And load the websocket_common module by default (which is just an API).
2022-06-19 13:13:33 +00:00
Bram Matthys 7679ec7920 Get rid of cast, do things properly. 2022-06-19 13:13:33 +00:00
Bram Matthys 0eb42155dd Limit request body to 4k by default. 2022-06-19 13:13:33 +00:00
Bram Matthys 3e35b8e96a Small code cleanup 2022-06-19 13:13:33 +00:00
Bram Matthys 467e3d847a Handle chunked encoding in webserver (mostly meant for RPC). 2022-06-19 13:13:33 +00:00
Bram Matthys 4a68008b81 Rename some more:
* WEB() now has handle_request() and handle_body(), makes more sense.
* webserver_handle_body_data() -> webserver_handle_body()
* and similar cases
2022-06-19 13:13:33 +00:00
Bram Matthys 12f2cd8555 Rename webserver_handle_body_data() -> webserver_handle_request_body() 2022-06-19 13:13:33 +00:00
Bram Matthys 9afdcb7ff0 Add request body handler in webserver -- only a beginning, the
chunked encoding stuff is copied from the modulemanager and #if'd out.
The non-chunked is not OK yet either, as it must check the Content-Length,
while we currently assume a single packet == the complete request.
2022-06-19 13:13:33 +00:00
Bram Matthys cf60b22b31 Close RPC web connection immediately when all has been sent. 2022-06-19 13:13:33 +00:00
Bram Matthys f9794c7ed5 Make RPC API work over HTTP(S). Well, first steps, anyway.
* No ACL checking yet
* No chunked encoding support
* No multi-frame support
etc...
2022-06-19 13:13:33 +00:00
Bram Matthys 5e81a6ee67 Add listener->start_handshake function pointer.
This is start_of_normal_client_handshake() by default, but is
start_of_control_client_handshake() for the control channel
(for './unrealircd rehash' and such). Previously that was hardcoded.

It is also used by the RPC code now.
2022-06-19 13:13:33 +00:00
Bram Matthys 2bf41a47d2 Don't check for connect-flood on RPC connections.
Same for control channel, even though it was harmless to check,
still... can now skip it so why not?
2022-06-19 13:13:33 +00:00